11241100x80000000000000003843858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:11.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6110d054f8b57e32021-12-22 11:44:11.442root 11241100x80000000000000003843859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c437f3984b093b0c2021-12-22 11:44:11.443root 11241100x80000000000000003843860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8a4e87a30e7d772021-12-22 11:44:11.443root 11241100x80000000000000003843861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:11.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ddaec4115f1db832021-12-22 11:44:11.942root 11241100x80000000000000003843862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd41cca079d2cd1c2021-12-22 11:44:11.943root 11241100x80000000000000003843863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05756f35b447e912021-12-22 11:44:11.943root 354300x80000000000000003843864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:12.035{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55380-false10.0.1.12-8000- 11241100x80000000000000003843865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:12.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9207f818b6fad2882021-12-22 11:44:12.442root 11241100x80000000000000003843866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7d0d054d7295ce2021-12-22 11:44:12.443root 11241100x80000000000000003843867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554a92c709e904822021-12-22 11:44:12.443root 11241100x80000000000000003843868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9dd869226f0d5172021-12-22 11:44:12.443root 11241100x80000000000000003843869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:12.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafd71e60f6d9c3b2021-12-22 11:44:12.942root 11241100x80000000000000003843870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb53d7d284d6e8c2021-12-22 11:44:12.943root 11241100x80000000000000003843871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce3fef7b75dc1312021-12-22 11:44:12.943root 11241100x80000000000000003843872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f165647bad4a6c2021-12-22 11:44:12.943root 11241100x80000000000000003843873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:13.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5695e2b2ab7fbfe62021-12-22 11:44:13.442root 11241100x80000000000000003843874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd15f593f8dece532021-12-22 11:44:13.443root 11241100x80000000000000003843875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf3e548e62e85292021-12-22 11:44:13.443root 11241100x80000000000000003843876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069455e8731396e52021-12-22 11:44:13.443root 11241100x80000000000000003843877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:13.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc17ae20cfa971b72021-12-22 11:44:13.942root 11241100x80000000000000003843878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e87317290264452021-12-22 11:44:13.943root 11241100x80000000000000003843879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e42a6315f368c22021-12-22 11:44:13.943root 11241100x80000000000000003843880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1084707e993029d2021-12-22 11:44:13.943root 11241100x80000000000000003843881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:14.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca20c99f8de6adb52021-12-22 11:44:14.442root 11241100x80000000000000003843882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ce9134a2f39f162021-12-22 11:44:14.443root 11241100x80000000000000003843883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93ee3774a6e130f2021-12-22 11:44:14.443root 11241100x80000000000000003843884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faadad2d66d1a5cb2021-12-22 11:44:14.443root 11241100x80000000000000003843885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:14.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2fb2edcbfd909c2021-12-22 11:44:14.942root 11241100x80000000000000003843886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed984c3879d7534b2021-12-22 11:44:14.943root 11241100x80000000000000003843887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9940e11ebaa19552021-12-22 11:44:14.943root 11241100x80000000000000003843888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d18d97043dd889e2021-12-22 11:44:14.943root 11241100x80000000000000003843889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f189146c3fce4b0a2021-12-22 11:44:15.443root 11241100x80000000000000003843890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3559f02cfd034e0c2021-12-22 11:44:15.443root 11241100x80000000000000003843891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e6037795a2b2112021-12-22 11:44:15.443root 11241100x80000000000000003843892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f7a974559e5c172021-12-22 11:44:15.443root 11241100x80000000000000003843893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2502dec95911fe522021-12-22 11:44:15.943root 11241100x80000000000000003843894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfc90d94bd77c902021-12-22 11:44:15.943root 11241100x80000000000000003843895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc79828c4c06b972021-12-22 11:44:15.944root 11241100x80000000000000003843896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87626b563a74d6452021-12-22 11:44:15.944root 534500x80000000000000003843897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:16.427{00000000-0000-0000-0000-000000000000}18927<unknown process>root 11241100x80000000000000003843898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:16.428{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf95f894b0a769352021-12-22 11:44:16.428root 11241100x80000000000000003843899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:16.428{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c53f195f4179032021-12-22 11:44:16.428root 11241100x80000000000000003843900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:16.428{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1565cc4fc17bab62021-12-22 11:44:16.428root 11241100x80000000000000003843901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:16.428{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1dda25eb3ee880f2021-12-22 11:44:16.428root 11241100x80000000000000003843902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:16.428{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55a1919cb6f89aa2021-12-22 11:44:16.428root 11241100x80000000000000003843903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70defbc4df6cfff22021-12-22 11:44:16.693root 11241100x80000000000000003843904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825c41a0756ad9282021-12-22 11:44:16.693root 11241100x80000000000000003843905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883f1cedf771d8cc2021-12-22 11:44:16.693root 11241100x80000000000000003843906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1ddf05b6f44e2f2021-12-22 11:44:16.693root 11241100x80000000000000003843907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f32918f957bb132021-12-22 11:44:16.693root 11241100x80000000000000003843908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:17.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7954caa4d2f6ecb42021-12-22 11:44:17.192root 11241100x80000000000000003843909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d749fa7167b7d2132021-12-22 11:44:17.193root 11241100x80000000000000003843910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b49d8572549ef8a2021-12-22 11:44:17.193root 11241100x80000000000000003843911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd41d65ca90f4f32021-12-22 11:44:17.193root 11241100x80000000000000003843912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3765867a015bf66a2021-12-22 11:44:17.193root 354300x80000000000000003843913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:17.200{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55382-false10.0.1.12-8000- 11241100x80000000000000003843914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f46c144edec59f22021-12-22 11:44:17.693root 11241100x80000000000000003843915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9a49629f83a9fd2021-12-22 11:44:17.693root 11241100x80000000000000003843916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b102394c8847b7152021-12-22 11:44:17.693root 11241100x80000000000000003843917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67809387a355c3f82021-12-22 11:44:17.693root 11241100x80000000000000003843918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae7f4a86902904b2021-12-22 11:44:17.693root 11241100x80000000000000003843919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2a0edb856bbb202021-12-22 11:44:17.693root 11241100x80000000000000003843920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0908d3bfbb04eb252021-12-22 11:44:18.193root 11241100x80000000000000003843921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a7cdc6baaa8bf52021-12-22 11:44:18.193root 11241100x80000000000000003843922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea31b27b5f8621242021-12-22 11:44:18.193root 11241100x80000000000000003843923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56191bfcf96c6c042021-12-22 11:44:18.193root 11241100x80000000000000003843924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c6b575a07e3a7e2021-12-22 11:44:18.193root 11241100x80000000000000003843925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d80d47e88060f0a2021-12-22 11:44:18.193root 11241100x80000000000000003843926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb51c3d5a09db61b2021-12-22 11:44:18.693root 11241100x80000000000000003843927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c433414685f6a33e2021-12-22 11:44:18.693root 11241100x80000000000000003843928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f6329f310b4be82021-12-22 11:44:18.693root 11241100x80000000000000003843929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c78243882d160b42021-12-22 11:44:18.693root 11241100x80000000000000003843930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae170832af8e14652021-12-22 11:44:18.693root 11241100x80000000000000003843931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd5a00200ebc5212021-12-22 11:44:18.693root 11241100x80000000000000003843932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b900a2f5e0cd59e2021-12-22 11:44:19.193root 11241100x80000000000000003843933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a56c2055d6a64c162021-12-22 11:44:19.193root 11241100x80000000000000003843934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e302e5b984c1ad2021-12-22 11:44:19.193root 11241100x80000000000000003843935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628c19810739bb682021-12-22 11:44:19.193root 11241100x80000000000000003843936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d4a1545516f6532021-12-22 11:44:19.193root 11241100x80000000000000003843937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a923a6b1d84e3ff2021-12-22 11:44:19.193root 11241100x80000000000000003843938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275af0e8422d6c942021-12-22 11:44:19.693root 11241100x80000000000000003843939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5481e8687d1ab32021-12-22 11:44:19.693root 11241100x80000000000000003843940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753cd4cd6be5ec382021-12-22 11:44:19.693root 11241100x80000000000000003843941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d88abf763c114972021-12-22 11:44:19.693root 11241100x80000000000000003843942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91023541cecb8ae52021-12-22 11:44:19.693root 11241100x80000000000000003843943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9442648b62d8593c2021-12-22 11:44:19.693root 11241100x80000000000000003843944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51eb76a097216672021-12-22 11:44:20.193root 11241100x80000000000000003843945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c1f6167f6b571b2021-12-22 11:44:20.193root 11241100x80000000000000003843946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2760ebd64c90ceaa2021-12-22 11:44:20.193root 11241100x80000000000000003843947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644200bd11c50b2d2021-12-22 11:44:20.193root 11241100x80000000000000003843948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621248cabb75b1572021-12-22 11:44:20.193root 11241100x80000000000000003843949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c0bd9362a35d952021-12-22 11:44:20.193root 11241100x80000000000000003843950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1be721697d220f2021-12-22 11:44:20.693root 11241100x80000000000000003843951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3a04e33c17b0d72021-12-22 11:44:20.693root 11241100x80000000000000003843952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb41ebadd25022532021-12-22 11:44:20.693root 11241100x80000000000000003843953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39a8e5008a17edd2021-12-22 11:44:20.693root 11241100x80000000000000003843954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be17e2098bdda7ef2021-12-22 11:44:20.693root 11241100x80000000000000003843955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55104dbc36c410522021-12-22 11:44:20.693root 11241100x80000000000000003843956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9b1c1d36f70bee2021-12-22 11:44:21.193root 11241100x80000000000000003843957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a496c58aaff0c79b2021-12-22 11:44:21.193root 11241100x80000000000000003843958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41212437176e0d042021-12-22 11:44:21.193root 11241100x80000000000000003843959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f6adf7c89f9bde2021-12-22 11:44:21.193root 11241100x80000000000000003843960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e8ad108813bcac2021-12-22 11:44:21.193root 11241100x80000000000000003843961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad49df3b1333872c2021-12-22 11:44:21.193root 11241100x80000000000000003843962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09c2980ce16a3892021-12-22 11:44:21.693root 11241100x80000000000000003843963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d4b42ced8bcefe2021-12-22 11:44:21.693root 11241100x80000000000000003843964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb921099162b968c2021-12-22 11:44:21.693root 11241100x80000000000000003843965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb20532f1ee2381c2021-12-22 11:44:21.693root 11241100x80000000000000003843966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7769a9949cacb572021-12-22 11:44:21.693root 11241100x80000000000000003843967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1566235341e7bfb42021-12-22 11:44:21.693root 11241100x80000000000000003843968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f204ffa0e0e1ddb2021-12-22 11:44:22.193root 11241100x80000000000000003843969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adfd1f5f63132fc12021-12-22 11:44:22.193root 11241100x80000000000000003843970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ac66b5671d3f822021-12-22 11:44:22.193root 11241100x80000000000000003843971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08143758ba384e562021-12-22 11:44:22.193root 11241100x80000000000000003843972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a089b48011b9be92021-12-22 11:44:22.193root 11241100x80000000000000003843973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22616879c12887b92021-12-22 11:44:22.193root 11241100x80000000000000003843974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497c72a2bbe4b8cf2021-12-22 11:44:22.693root 11241100x80000000000000003843975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3068e4d9806724d2021-12-22 11:44:22.693root 11241100x80000000000000003843976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5661b11a5ef981b82021-12-22 11:44:22.693root 11241100x80000000000000003843977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc9cfb5ea23f2c12021-12-22 11:44:22.693root 11241100x80000000000000003843978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29368c9d4320a3512021-12-22 11:44:22.693root 11241100x80000000000000003843979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9cb7109f789dc22021-12-22 11:44:22.693root 354300x80000000000000003843980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.162{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55384-false10.0.1.12-8000- 11241100x80000000000000003843981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df6cfb2ed2ac6f22021-12-22 11:44:23.163root 11241100x80000000000000003843982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc892a1fd69728af2021-12-22 11:44:23.163root 11241100x80000000000000003843983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.164{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20251bb6a716b6af2021-12-22 11:44:23.164root 11241100x80000000000000003843984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.164{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4500a3d51d39d80a2021-12-22 11:44:23.164root 11241100x80000000000000003843985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.164{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463ec48a1010c18e2021-12-22 11:44:23.164root 11241100x80000000000000003843986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.164{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f2903b87948c882021-12-22 11:44:23.164root 11241100x80000000000000003843987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.164{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645e486a1c5290972021-12-22 11:44:23.164root 11241100x80000000000000003843988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9501e17dc272b62021-12-22 11:44:23.443root 11241100x80000000000000003843989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35bffc6d6d8068832021-12-22 11:44:23.443root 11241100x80000000000000003843990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c305f5c24de8cbb2021-12-22 11:44:23.443root 11241100x80000000000000003843991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ebc058e4e81ad5f2021-12-22 11:44:23.443root 11241100x80000000000000003843992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10efc78c2b001a8c2021-12-22 11:44:23.443root 11241100x80000000000000003843993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7626cc484ba4a1102021-12-22 11:44:23.443root 11241100x80000000000000003843994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3d8569aca611b42021-12-22 11:44:23.443root 11241100x80000000000000003843995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40913b6ee56acc432021-12-22 11:44:23.942root 11241100x80000000000000003843996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1928c775c65bc1e2021-12-22 11:44:23.943root 11241100x80000000000000003843997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4e3c955ccde40c2021-12-22 11:44:23.943root 11241100x80000000000000003843998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc7ba5f0259a6072021-12-22 11:44:23.943root 11241100x80000000000000003843999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c3a42b781ca7b82021-12-22 11:44:23.943root 11241100x80000000000000003844000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56dfae3336a894d92021-12-22 11:44:23.943root 11241100x80000000000000003844001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efabf0405c6f927f2021-12-22 11:44:23.943root 11241100x80000000000000003844002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcb9eee2389eed82021-12-22 11:44:24.443root 11241100x80000000000000003844003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3a5a2bc0f69d962021-12-22 11:44:24.443root 11241100x80000000000000003844004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c82a2c780a6f8f22021-12-22 11:44:24.443root 11241100x80000000000000003844005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595572309a9da76a2021-12-22 11:44:24.443root 11241100x80000000000000003844006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ff6d93a431092a2021-12-22 11:44:24.443root 11241100x80000000000000003844007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e09a5ba5aef4a02021-12-22 11:44:24.443root 11241100x80000000000000003844008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba665f1f73394f362021-12-22 11:44:24.443root 11241100x80000000000000003844009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52baa89d1e4349862021-12-22 11:44:24.943root 11241100x80000000000000003844010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ceb6989d1aaafa2021-12-22 11:44:24.943root 11241100x80000000000000003844011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e10880c0181e0b82021-12-22 11:44:24.943root 11241100x80000000000000003844012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f5be265820b2142021-12-22 11:44:24.943root 11241100x80000000000000003844013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b821bc3e5e31e38b2021-12-22 11:44:24.943root 11241100x80000000000000003844014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86fb38ca9895e7a92021-12-22 11:44:24.943root 11241100x80000000000000003844015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc11365e62aa27df2021-12-22 11:44:24.943root 11241100x80000000000000003844016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1cddc72f6d58b82021-12-22 11:44:25.443root 11241100x80000000000000003844017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa241cc71b54b372021-12-22 11:44:25.443root 11241100x80000000000000003844018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256d8ffbc666852c2021-12-22 11:44:25.443root 11241100x80000000000000003844019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461b448b46d4dbe12021-12-22 11:44:25.443root 11241100x80000000000000003844020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0654e5a53451cc942021-12-22 11:44:25.443root 11241100x80000000000000003844021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e752a64c322a8a52021-12-22 11:44:25.443root 11241100x80000000000000003844022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e2d4f9f2de785b2021-12-22 11:44:25.443root 11241100x80000000000000003844023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c8b192e4ec816a2021-12-22 11:44:25.943root 11241100x80000000000000003844024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289828bd76a5afab2021-12-22 11:44:25.943root 11241100x80000000000000003844025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612adf4d173161c62021-12-22 11:44:25.943root 11241100x80000000000000003844026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1fcf53744094672021-12-22 11:44:25.943root 11241100x80000000000000003844027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01d2e0af4e505252021-12-22 11:44:25.943root 11241100x80000000000000003844028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5dd6811aeaae7e2021-12-22 11:44:25.943root 11241100x80000000000000003844029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377c48a5d0f6d2c12021-12-22 11:44:25.943root 11241100x80000000000000003844030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67392a6323b912392021-12-22 11:44:26.443root 11241100x80000000000000003844031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885ee4a9482ea0362021-12-22 11:44:26.443root 11241100x80000000000000003844032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae62cd567ff7c872021-12-22 11:44:26.443root 11241100x80000000000000003844033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb4c3acb8eb8f672021-12-22 11:44:26.443root 11241100x80000000000000003844034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2e6a2ab23b65132021-12-22 11:44:26.443root 11241100x80000000000000003844035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fec4f37bd448ff92021-12-22 11:44:26.443root 11241100x80000000000000003844036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d22d3f61dc86562021-12-22 11:44:26.443root 11241100x80000000000000003844037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8bc58e3ab427432021-12-22 11:44:26.943root 11241100x80000000000000003844038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7220a96ad296ab8d2021-12-22 11:44:26.943root 11241100x80000000000000003844039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ad94c23734c0d82021-12-22 11:44:26.943root 11241100x80000000000000003844040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b70e2de99d1c71f2021-12-22 11:44:26.943root 11241100x80000000000000003844041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbc4720524c827c2021-12-22 11:44:26.943root 11241100x80000000000000003844042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbf31a3d9622c872021-12-22 11:44:26.943root 11241100x80000000000000003844043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440ed68f1dba692f2021-12-22 11:44:26.943root 11241100x80000000000000003844044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148cb611eba0f66b2021-12-22 11:44:27.443root 11241100x80000000000000003844045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0503b8fdef8088c02021-12-22 11:44:27.443root 11241100x80000000000000003844046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c876e80c57e3d72021-12-22 11:44:27.443root 11241100x80000000000000003844047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca55926d40c3d47c2021-12-22 11:44:27.443root 11241100x80000000000000003844048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3091e29bc1b8edc12021-12-22 11:44:27.443root 11241100x80000000000000003844049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761f03b236a5c0242021-12-22 11:44:27.443root 11241100x80000000000000003844050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e9bcf19c22cfec2021-12-22 11:44:27.443root 11241100x80000000000000003844051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5507b48d2cfcda2021-12-22 11:44:27.943root 11241100x80000000000000003844052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a0440d5ef393662021-12-22 11:44:27.943root 11241100x80000000000000003844053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db9af83902c6ae62021-12-22 11:44:27.943root 11241100x80000000000000003844054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888736ca5521288d2021-12-22 11:44:27.943root 11241100x80000000000000003844055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710c729ebbfc6fcb2021-12-22 11:44:27.944root 11241100x80000000000000003844056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0234338b0a302282021-12-22 11:44:27.944root 11241100x80000000000000003844057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1db06d89cf88fe2021-12-22 11:44:27.944root 11241100x80000000000000003844058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18afc11b6b75c9392021-12-22 11:44:28.443root 11241100x80000000000000003844059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b7c3f9f0a3259d2021-12-22 11:44:28.443root 11241100x80000000000000003844060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bff035b8537ea7c2021-12-22 11:44:28.443root 11241100x80000000000000003844061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0da33f87b706872021-12-22 11:44:28.443root 11241100x80000000000000003844062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee20387dbc90877f2021-12-22 11:44:28.443root 11241100x80000000000000003844063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946faaaef98b92cf2021-12-22 11:44:28.443root 11241100x80000000000000003844064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d991cf8438099cc2021-12-22 11:44:28.443root 154100x80000000000000003844065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.575{ec2b6afe-0f9c-61c3-6864-dd3501560000}19052/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x80000000000000003844066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.585{ec2b6afe-0f9c-61c3-6864-dd3501560000}19052/bin/psroot 11241100x80000000000000003844067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8a775c71fe905f2021-12-22 11:44:28.943root 11241100x80000000000000003844068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92adae8788097ff42021-12-22 11:44:28.943root 11241100x80000000000000003844069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad3c9921d0e65a32021-12-22 11:44:28.943root 11241100x80000000000000003844070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef7cee2035ffc712021-12-22 11:44:28.943root 11241100x80000000000000003844071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd76a1f54689c90b2021-12-22 11:44:28.943root 11241100x80000000000000003844072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f6ed1cb4dbba9e2021-12-22 11:44:28.943root 11241100x80000000000000003844073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1624c7df81f14b992021-12-22 11:44:28.943root 11241100x80000000000000003844074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49681bcf796754932021-12-22 11:44:28.943root 11241100x80000000000000003844075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3587c49c8bbfc7c2021-12-22 11:44:28.944root 354300x80000000000000003844076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.031{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55386-false10.0.1.12-8000- 11241100x80000000000000003844077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34375a6f439798322021-12-22 11:44:29.443root 11241100x80000000000000003844078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6aa44ebe8eefc422021-12-22 11:44:29.443root 11241100x80000000000000003844079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5294d861b9498fb2021-12-22 11:44:29.443root 11241100x80000000000000003844080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89cf043fc000397a2021-12-22 11:44:29.443root 11241100x80000000000000003844081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9134413454621a312021-12-22 11:44:29.443root 11241100x80000000000000003844082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060b203f5633d8cb2021-12-22 11:44:29.443root 11241100x80000000000000003844083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca804a7f35266d12021-12-22 11:44:29.443root 11241100x80000000000000003844084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0395d289c62710bf2021-12-22 11:44:29.444root 11241100x80000000000000003844085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6c302cb8208be32021-12-22 11:44:29.444root 11241100x80000000000000003844086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6426e52e1b4c372021-12-22 11:44:29.444root 11241100x80000000000000003844087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1112d70f0378b32021-12-22 11:44:29.943root 11241100x80000000000000003844088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b74a7818cf395d92021-12-22 11:44:29.943root 11241100x80000000000000003844089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da93f4a379bd8fde2021-12-22 11:44:29.943root 11241100x80000000000000003844090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4cd73999131c2702021-12-22 11:44:29.943root 11241100x80000000000000003844091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebdf933bf6b77b72021-12-22 11:44:29.944root 11241100x80000000000000003844092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ccbe88c33a40492021-12-22 11:44:29.944root 11241100x80000000000000003844093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43c4241ba12e5ba2021-12-22 11:44:29.944root 11241100x80000000000000003844094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f6640309c9131f2021-12-22 11:44:29.944root 11241100x80000000000000003844095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3521b47d6303102021-12-22 11:44:29.944root 11241100x80000000000000003844096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f798d7ceba9d5c72021-12-22 11:44:29.944root 11241100x80000000000000003844097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe061f65e62c24a2021-12-22 11:44:30.443root 11241100x80000000000000003844098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a80d16bf7a325b92021-12-22 11:44:30.443root 11241100x80000000000000003844099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac8fc6bf253def42021-12-22 11:44:30.443root 11241100x80000000000000003844100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e85f85377a2e3dd2021-12-22 11:44:30.443root 11241100x80000000000000003844101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d60f0c632372bae2021-12-22 11:44:30.443root 11241100x80000000000000003844102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877a0a5b0772ce232021-12-22 11:44:30.443root 11241100x80000000000000003844103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709fa032a9d5256f2021-12-22 11:44:30.443root 11241100x80000000000000003844104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08aceba5f27391732021-12-22 11:44:30.443root 11241100x80000000000000003844105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab570cd665639442021-12-22 11:44:30.444root 11241100x80000000000000003844106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9bb980ebaa4078b2021-12-22 11:44:30.444root 11241100x80000000000000003844107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888d5069d34bbf842021-12-22 11:44:30.943root 11241100x80000000000000003844108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d856391c5057d932021-12-22 11:44:30.943root 11241100x80000000000000003844109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3baa40bf3565795e2021-12-22 11:44:30.943root 11241100x80000000000000003844110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f444502b38f8fc422021-12-22 11:44:30.943root 11241100x80000000000000003844111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5aec1c734e614e2021-12-22 11:44:30.943root 11241100x80000000000000003844112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cacb4a5acc2d9b32021-12-22 11:44:30.944root 11241100x80000000000000003844113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb3066991f201ef2021-12-22 11:44:30.944root 11241100x80000000000000003844114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fba1bdca499dbb2021-12-22 11:44:30.944root 11241100x80000000000000003844115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cad70667cec00962021-12-22 11:44:30.944root 11241100x80000000000000003844116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0841938984f9276b2021-12-22 11:44:30.944root 11241100x80000000000000003844117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a405135dba09f3452021-12-22 11:44:31.443root 11241100x80000000000000003844118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e72571e6363eea2021-12-22 11:44:31.443root 11241100x80000000000000003844119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf21385fc4fda7d2021-12-22 11:44:31.443root 11241100x80000000000000003844120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0a09c88c0d9bca2021-12-22 11:44:31.443root 11241100x80000000000000003844121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d5134714dc263a2021-12-22 11:44:31.443root 11241100x80000000000000003844122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d222165695ec40e22021-12-22 11:44:31.443root 11241100x80000000000000003844123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed4c5346ea499552021-12-22 11:44:31.443root 11241100x80000000000000003844124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c184c8056df3442021-12-22 11:44:31.444root 11241100x80000000000000003844125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637d64a0268051c82021-12-22 11:44:31.444root 11241100x80000000000000003844126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d04a329290eefe22021-12-22 11:44:31.444root 11241100x80000000000000003844127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc79569ab617e7c2021-12-22 11:44:31.943root 11241100x80000000000000003844128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7703466cb991ec572021-12-22 11:44:31.943root 11241100x80000000000000003844129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12be97d1e7525542021-12-22 11:44:31.943root 11241100x80000000000000003844130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d8fce8ef790e4b2021-12-22 11:44:31.943root 11241100x80000000000000003844131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93cc41ce5ed6b83b2021-12-22 11:44:31.944root 11241100x80000000000000003844132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef4cd90494c171b2021-12-22 11:44:31.944root 11241100x80000000000000003844133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29776bc7816a66db2021-12-22 11:44:31.944root 11241100x80000000000000003844134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da9eddc4256971c2021-12-22 11:44:31.944root 11241100x80000000000000003844135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19d7f951857b3ac2021-12-22 11:44:31.944root 11241100x80000000000000003844136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596ac699fe361ad22021-12-22 11:44:31.944root 11241100x80000000000000003844137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd5a253fa7f9ad52021-12-22 11:44:32.443root 11241100x80000000000000003844138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcecbaf824a26c272021-12-22 11:44:32.443root 11241100x80000000000000003844139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fa300a1fdffe5a2021-12-22 11:44:32.443root 11241100x80000000000000003844140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f41377483f084b2021-12-22 11:44:32.443root 11241100x80000000000000003844141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477ce24f8b484cb52021-12-22 11:44:32.443root 11241100x80000000000000003844142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff445ed2b13c17772021-12-22 11:44:32.443root 11241100x80000000000000003844143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c8abc7247997702021-12-22 11:44:32.443root 11241100x80000000000000003844144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d32b6a96cc42482021-12-22 11:44:32.444root 11241100x80000000000000003844145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17321e6ce13b8a482021-12-22 11:44:32.444root 11241100x80000000000000003844146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702df003bf078af62021-12-22 11:44:32.444root 11241100x80000000000000003844147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160911f8ddc1dd1c2021-12-22 11:44:32.943root 11241100x80000000000000003844148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15c03a9b85614c82021-12-22 11:44:32.943root 11241100x80000000000000003844149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892cb5837de326432021-12-22 11:44:32.943root 11241100x80000000000000003844150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f0ecdfed33b2732021-12-22 11:44:32.943root 11241100x80000000000000003844151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b432508854c1e32021-12-22 11:44:32.944root 11241100x80000000000000003844152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f31da0356083082021-12-22 11:44:32.944root 11241100x80000000000000003844153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5874a4e0ecf942a2021-12-22 11:44:32.944root 11241100x80000000000000003844154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22af040c8081ee42021-12-22 11:44:32.944root 11241100x80000000000000003844155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d9dd900eb843002021-12-22 11:44:32.944root 11241100x80000000000000003844156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a575be0b395b2fcd2021-12-22 11:44:32.944root 11241100x80000000000000003844157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.145{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-22 11:44:33.145root 11241100x80000000000000003844158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cef051687c94b52021-12-22 11:44:33.443root 11241100x80000000000000003844159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c14b3e0952d9512021-12-22 11:44:33.443root 11241100x80000000000000003844160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1764f0c45924b3992021-12-22 11:44:33.443root 11241100x80000000000000003844161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86f4b0e1604a4502021-12-22 11:44:33.443root 11241100x80000000000000003844162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861895b5ca7801412021-12-22 11:44:33.443root 11241100x80000000000000003844163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aacc7a1e258069ad2021-12-22 11:44:33.443root 11241100x80000000000000003844164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edc83dbab6338502021-12-22 11:44:33.444root 11241100x80000000000000003844165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97eef5d2c849db62021-12-22 11:44:33.444root 11241100x80000000000000003844166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491bf07aa4f860052021-12-22 11:44:33.444root 11241100x80000000000000003844167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8e0895837b075e2021-12-22 11:44:33.444root 11241100x80000000000000003844168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5367c0d1856b76ae2021-12-22 11:44:33.444root 11241100x80000000000000003844169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310c0975d1e55c222021-12-22 11:44:33.943root 11241100x80000000000000003844170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42801286f97014b82021-12-22 11:44:33.943root 11241100x80000000000000003844171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a36aa07ccd50f842021-12-22 11:44:33.943root 11241100x80000000000000003844172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9598c4048bff522021-12-22 11:44:33.943root 11241100x80000000000000003844173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a88046c580eaea2021-12-22 11:44:33.943root 11241100x80000000000000003844174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93163f27cda772ba2021-12-22 11:44:33.943root 11241100x80000000000000003844175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8428dabaff8feb2021-12-22 11:44:33.943root 11241100x80000000000000003844176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5134399a871e022021-12-22 11:44:33.943root 11241100x80000000000000003844177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0511dc81df0ffdcf2021-12-22 11:44:33.943root 11241100x80000000000000003844178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571ecd498a1336af2021-12-22 11:44:33.943root 11241100x80000000000000003844179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3a530be28e26a92021-12-22 11:44:33.943root 354300x80000000000000003844180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.944{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-42452-false10.0.1.12-8089- 354300x80000000000000003844181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.101{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55390-false10.0.1.12-8000- 11241100x80000000000000003844182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f4611c56e0d6612021-12-22 11:44:34.443root 11241100x80000000000000003844183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25b29bfdfc3c19c2021-12-22 11:44:34.443root 11241100x80000000000000003844184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa07fd45269d2ec02021-12-22 11:44:34.443root 11241100x80000000000000003844185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3137a990a4340a12021-12-22 11:44:34.443root 11241100x80000000000000003844186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a418fbe76c81fb2021-12-22 11:44:34.444root 11241100x80000000000000003844187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db8a98de2ddc4e8b2021-12-22 11:44:34.444root 11241100x80000000000000003844188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bae19d4d89d96102021-12-22 11:44:34.444root 11241100x80000000000000003844189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2debc789b9d5222021-12-22 11:44:34.444root 11241100x80000000000000003844190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4951b44dc10efb2021-12-22 11:44:34.444root 11241100x80000000000000003844191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d7abad6a2c033d2021-12-22 11:44:34.444root 11241100x80000000000000003844192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a6e8e4d031bdc32021-12-22 11:44:34.444root 11241100x80000000000000003844193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8aae230b02e1d8c2021-12-22 11:44:34.444root 11241100x80000000000000003844194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73872bf4b3eac6182021-12-22 11:44:34.445root 11241100x80000000000000003844195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae0f4b9b95294852021-12-22 11:44:34.943root 11241100x80000000000000003844196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f839fdbf43fdb92021-12-22 11:44:34.943root 11241100x80000000000000003844197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb7d80e26a765442021-12-22 11:44:34.943root 11241100x80000000000000003844198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf985ec825ee51442021-12-22 11:44:34.943root 11241100x80000000000000003844199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a72c8a534f90822021-12-22 11:44:34.943root 11241100x80000000000000003844200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a818ccd02dc4922021-12-22 11:44:34.943root 11241100x80000000000000003844201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed15289a005de46f2021-12-22 11:44:34.943root 11241100x80000000000000003844202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2b4c5eaf2fd2502021-12-22 11:44:34.943root 11241100x80000000000000003844203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea2097aeecc58612021-12-22 11:44:34.943root 11241100x80000000000000003844204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09e3ead9ee51f4e2021-12-22 11:44:34.944root 11241100x80000000000000003844205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da017db65b17ed3b2021-12-22 11:44:34.944root 11241100x80000000000000003844206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44af7d2d0366a1272021-12-22 11:44:34.944root 11241100x80000000000000003844207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960328a0d6ca20322021-12-22 11:44:34.944root 11241100x80000000000000003844208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba883f935fb06d692021-12-22 11:44:35.443root 11241100x80000000000000003844209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0399b6721fc5332021-12-22 11:44:35.443root 11241100x80000000000000003844210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07348c4b6e209b462021-12-22 11:44:35.443root 11241100x80000000000000003844211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942c3a0dca9d1eab2021-12-22 11:44:35.443root 11241100x80000000000000003844212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09727d911b18bc4e2021-12-22 11:44:35.443root 11241100x80000000000000003844213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03e23a821c25d502021-12-22 11:44:35.443root 11241100x80000000000000003844214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833a15d051a7ff102021-12-22 11:44:35.444root 11241100x80000000000000003844215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b424ee39fce130b72021-12-22 11:44:35.444root 11241100x80000000000000003844216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5365e6fab7ecb62021-12-22 11:44:35.444root 11241100x80000000000000003844217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70380f88bd161c4b2021-12-22 11:44:35.444root 11241100x80000000000000003844218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60abc8ff19f414d2021-12-22 11:44:35.444root 11241100x80000000000000003844219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95faebcb778475d22021-12-22 11:44:35.444root 11241100x80000000000000003844220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8671217b18c083972021-12-22 11:44:35.444root 11241100x80000000000000003844221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c29d45932eeef52021-12-22 11:44:35.943root 11241100x80000000000000003844222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500e4eed2b4d2bff2021-12-22 11:44:35.943root 11241100x80000000000000003844223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5f22e9a866eef22021-12-22 11:44:35.943root 11241100x80000000000000003844224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c2064a965ba71f2021-12-22 11:44:35.943root 11241100x80000000000000003844225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1fa01981194ec02021-12-22 11:44:35.943root 11241100x80000000000000003844226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562a9bad727ea4702021-12-22 11:44:35.943root 11241100x80000000000000003844227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78062520a589a95b2021-12-22 11:44:35.944root 11241100x80000000000000003844228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd630e18ce01edb92021-12-22 11:44:35.944root 11241100x80000000000000003844229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae163576570ee812021-12-22 11:44:35.944root 11241100x80000000000000003844230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7800d649fae0d2ab2021-12-22 11:44:35.944root 11241100x80000000000000003844231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8690aed50d9f852021-12-22 11:44:35.944root 11241100x80000000000000003844232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb4e13ea03887c02021-12-22 11:44:35.944root 11241100x80000000000000003844233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04895ac4478490072021-12-22 11:44:35.944root 23542300x80000000000000003844234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.147{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000003844235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3624e17cf30d473e2021-12-22 11:44:36.443root 11241100x80000000000000003844236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed14cfa601c0e81a2021-12-22 11:44:36.443root 11241100x80000000000000003844237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5f0fea753416ea2021-12-22 11:44:36.443root 11241100x80000000000000003844238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b48d1a4744a00182021-12-22 11:44:36.443root 11241100x80000000000000003844239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ede14ce2cc1f3ea2021-12-22 11:44:36.443root 11241100x80000000000000003844240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f12b012e4c4b5fa2021-12-22 11:44:36.443root 11241100x80000000000000003844241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16640e81d693dcc82021-12-22 11:44:36.443root 11241100x80000000000000003844242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a495c2683b95a722021-12-22 11:44:36.444root 11241100x80000000000000003844243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ea910ac0e308c12021-12-22 11:44:36.444root 11241100x80000000000000003844244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f66879ee8a19c002021-12-22 11:44:36.444root 11241100x80000000000000003844245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc3860949f7f5c72021-12-22 11:44:36.444root 11241100x80000000000000003844246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb5aa22de8537672021-12-22 11:44:36.444root 11241100x80000000000000003844247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888e433587864ceb2021-12-22 11:44:36.444root 11241100x80000000000000003844248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf5aa39aea6343d2021-12-22 11:44:36.444root 11241100x80000000000000003844249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d7e9e85c1c122b2021-12-22 11:44:36.943root 11241100x80000000000000003844250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1366b41eeb4598182021-12-22 11:44:36.944root 11241100x80000000000000003844251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b667d3b125f403d62021-12-22 11:44:36.944root 11241100x80000000000000003844252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84420fade70085f72021-12-22 11:44:36.944root 11241100x80000000000000003844253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9a61ac4831ac8f2021-12-22 11:44:36.945root 11241100x80000000000000003844254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278fff62cb4903232021-12-22 11:44:36.945root 11241100x80000000000000003844255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e85275ae8460602021-12-22 11:44:36.945root 11241100x80000000000000003844256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd479b6c1c4495b2021-12-22 11:44:36.945root 11241100x80000000000000003844257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8504e4fae4a4c72021-12-22 11:44:36.945root 11241100x80000000000000003844258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa85f20608cce3b2021-12-22 11:44:36.945root 11241100x80000000000000003844259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf5cb87b5cda5982021-12-22 11:44:36.945root 11241100x80000000000000003844260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09115fd10fca63cc2021-12-22 11:44:36.945root 11241100x80000000000000003844261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c4e13668f072082021-12-22 11:44:36.945root 11241100x80000000000000003844262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ee3ea2b3f4127a2021-12-22 11:44:36.945root 11241100x80000000000000003844263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20471b33eabf012a2021-12-22 11:44:37.443root 11241100x80000000000000003844264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0acd34beb08eb5e92021-12-22 11:44:37.443root 11241100x80000000000000003844265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38082ed13ac504912021-12-22 11:44:37.443root 11241100x80000000000000003844266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5456d63323bb78c2021-12-22 11:44:37.443root 11241100x80000000000000003844267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65eb9ac8560d66bf2021-12-22 11:44:37.443root 11241100x80000000000000003844268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3d48ce04a41fc62021-12-22 11:44:37.443root 11241100x80000000000000003844269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4ec390ac59939c2021-12-22 11:44:37.443root 11241100x80000000000000003844270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031967d31a0afcb72021-12-22 11:44:37.444root 11241100x80000000000000003844271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4265a71aac3ce8812021-12-22 11:44:37.444root 11241100x80000000000000003844272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14e7758c12112782021-12-22 11:44:37.444root 11241100x80000000000000003844273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a149ac038d127e2021-12-22 11:44:37.444root 11241100x80000000000000003844274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9216672287d75712021-12-22 11:44:37.444root 11241100x80000000000000003844275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4befb903b8ca60672021-12-22 11:44:37.444root 11241100x80000000000000003844276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6edec9f238f74e2021-12-22 11:44:37.444root 11241100x80000000000000003844277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608c407c6a123e052021-12-22 11:44:37.943root 11241100x80000000000000003844278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67719403bac679032021-12-22 11:44:37.943root 11241100x80000000000000003844279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6b58b0f0240fab2021-12-22 11:44:37.943root 11241100x80000000000000003844280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0fbedf770f374b22021-12-22 11:44:37.943root 11241100x80000000000000003844281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c487f5a0227f83df2021-12-22 11:44:37.943root 11241100x80000000000000003844282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546cc0eed492e3012021-12-22 11:44:37.943root 11241100x80000000000000003844283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3798234a5273cae92021-12-22 11:44:37.944root 11241100x80000000000000003844284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59721bb2933060ff2021-12-22 11:44:37.944root 11241100x80000000000000003844285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d4ecb00d9da6df2021-12-22 11:44:37.944root 11241100x80000000000000003844286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e684c66eeb5b97d2021-12-22 11:44:37.944root 11241100x80000000000000003844287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4580fafa60c9a232021-12-22 11:44:37.944root 11241100x80000000000000003844288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380e3fa7df3fccf92021-12-22 11:44:37.944root 11241100x80000000000000003844289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbddd12df500bac72021-12-22 11:44:37.944root 11241100x80000000000000003844290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5aa9aa6635c5b7e2021-12-22 11:44:37.944root 11241100x80000000000000003844291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1e9e2a2af1c3352021-12-22 11:44:38.443root 11241100x80000000000000003844292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bedd3ad14e9860542021-12-22 11:44:38.443root 11241100x80000000000000003844293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115ca8e5e78965bb2021-12-22 11:44:38.443root 11241100x80000000000000003844294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8598731c5c0149fb2021-12-22 11:44:38.443root 11241100x80000000000000003844295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371bfc0e00716c742021-12-22 11:44:38.444root 11241100x80000000000000003844296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b90615f825091a2021-12-22 11:44:38.444root 11241100x80000000000000003844297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abeee11de9e168b52021-12-22 11:44:38.444root 11241100x80000000000000003844298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43de92461c474dc62021-12-22 11:44:38.444root 11241100x80000000000000003844299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7632288c1647ac0d2021-12-22 11:44:38.444root 11241100x80000000000000003844300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb674df9d991a982021-12-22 11:44:38.444root 11241100x80000000000000003844301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3c2dd9a35d9fee2021-12-22 11:44:38.444root 11241100x80000000000000003844302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2480c0dcc95fa6072021-12-22 11:44:38.444root 11241100x80000000000000003844303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2892abb4234f3982021-12-22 11:44:38.444root 11241100x80000000000000003844304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f392e03311676f2021-12-22 11:44:38.444root 11241100x80000000000000003844305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a5c9efe0f5fc752021-12-22 11:44:38.943root 11241100x80000000000000003844306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651a5f26846be96e2021-12-22 11:44:38.943root 11241100x80000000000000003844307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b50daffcedac152021-12-22 11:44:38.943root 11241100x80000000000000003844308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b91949312f312bc2021-12-22 11:44:38.943root 11241100x80000000000000003844309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ed21cf1efad4c02021-12-22 11:44:38.943root 11241100x80000000000000003844310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86285d5ca148d96a2021-12-22 11:44:38.943root 11241100x80000000000000003844311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0518bba004eef2e82021-12-22 11:44:38.944root 11241100x80000000000000003844312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3ba348fff6e0f02021-12-22 11:44:38.944root 11241100x80000000000000003844313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83a6f5f5e88b3c72021-12-22 11:44:38.944root 11241100x80000000000000003844314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d079ee1a8fc3e5f2021-12-22 11:44:38.944root 11241100x80000000000000003844315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d56addc0abf1062021-12-22 11:44:38.944root 11241100x80000000000000003844316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3a64b7f0d0dc302021-12-22 11:44:38.944root 11241100x80000000000000003844317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1eab9d592b3b6aa2021-12-22 11:44:38.944root 11241100x80000000000000003844318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b28673ad9cb366b2021-12-22 11:44:38.944root 354300x80000000000000003844319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.249{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55392-false10.0.1.12-8000- 11241100x80000000000000003844320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812b19779d75001f2021-12-22 11:44:39.250root 11241100x80000000000000003844321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9402acaa9aebe2712021-12-22 11:44:39.250root 11241100x80000000000000003844322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046f690e258b6e992021-12-22 11:44:39.250root 11241100x80000000000000003844323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9888cc3b90531482021-12-22 11:44:39.250root 11241100x80000000000000003844324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e449f46588189082021-12-22 11:44:39.251root 11241100x80000000000000003844325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ad752992ae3ba72021-12-22 11:44:39.251root 11241100x80000000000000003844326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9673f5aeeb1246f2021-12-22 11:44:39.251root 11241100x80000000000000003844327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74f06c69800ad262021-12-22 11:44:39.251root 11241100x80000000000000003844328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efaaded725b5fdff2021-12-22 11:44:39.251root 11241100x80000000000000003844329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406569a0cc12d9eb2021-12-22 11:44:39.251root 11241100x80000000000000003844330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c1a6db9a13ef312021-12-22 11:44:39.252root 11241100x80000000000000003844331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e40b46692c2f0b2021-12-22 11:44:39.252root 11241100x80000000000000003844332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c486420b19668ab2021-12-22 11:44:39.252root 11241100x80000000000000003844333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20741988ab29ca42021-12-22 11:44:39.252root 11241100x80000000000000003844334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd78afdf1d955b822021-12-22 11:44:39.252root 11241100x80000000000000003844335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836f2807f0bed7f52021-12-22 11:44:39.252root 11241100x80000000000000003844336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7135c87393eff4892021-12-22 11:44:39.252root 11241100x80000000000000003844337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43ad2416b7e1cb52021-12-22 11:44:39.693root 11241100x80000000000000003844338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084d2140555e10d12021-12-22 11:44:39.693root 11241100x80000000000000003844339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089d6083008ba9892021-12-22 11:44:39.693root 11241100x80000000000000003844340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a41c2c97b551da2021-12-22 11:44:39.693root 11241100x80000000000000003844341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9017017835a3868c2021-12-22 11:44:39.693root 11241100x80000000000000003844342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7155ec176a64052021-12-22 11:44:39.693root 11241100x80000000000000003844343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666563ea1609f5eb2021-12-22 11:44:39.694root 11241100x80000000000000003844344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c885ca3c1858d7fb2021-12-22 11:44:39.694root 11241100x80000000000000003844345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37514353e9951dd32021-12-22 11:44:39.694root 11241100x80000000000000003844346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8f6067e839655e2021-12-22 11:44:39.694root 11241100x80000000000000003844347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30fd2b2a4d6e9b3a2021-12-22 11:44:39.694root 11241100x80000000000000003844348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b82ca508eecbd332021-12-22 11:44:39.694root 11241100x80000000000000003844349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c02ec1cd5cb5682021-12-22 11:44:39.694root 11241100x80000000000000003844350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54f6c6573db97342021-12-22 11:44:39.694root 11241100x80000000000000003844351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99db28a830d03f42021-12-22 11:44:39.694root 11241100x80000000000000003844352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7723785b7c1f13582021-12-22 11:44:40.193root 11241100x80000000000000003844353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b807f06b0abcc8a2021-12-22 11:44:40.193root 11241100x80000000000000003844354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71fa4fc2d002eafc2021-12-22 11:44:40.193root 11241100x80000000000000003844355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c32891eef7b6822021-12-22 11:44:40.193root 11241100x80000000000000003844356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6949e9e07748f98a2021-12-22 11:44:40.193root 11241100x80000000000000003844357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b30528d336047e92021-12-22 11:44:40.193root 11241100x80000000000000003844358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc96b95151e295d2021-12-22 11:44:40.194root 11241100x80000000000000003844359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aaa2a8b1028f33f2021-12-22 11:44:40.194root 11241100x80000000000000003844360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713b0edc5b0cdb872021-12-22 11:44:40.194root 11241100x80000000000000003844361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ed588c1916cb912021-12-22 11:44:40.194root 11241100x80000000000000003844362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2b4ea0cbcabe712021-12-22 11:44:40.194root 11241100x80000000000000003844363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae84197ee61100ed2021-12-22 11:44:40.194root 11241100x80000000000000003844364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f620278ead1325d2021-12-22 11:44:40.194root 11241100x80000000000000003844365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc941b9c724340932021-12-22 11:44:40.194root 11241100x80000000000000003844366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb83fd16613cf1f72021-12-22 11:44:40.194root 11241100x80000000000000003844367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e150181f233529202021-12-22 11:44:40.693root 11241100x80000000000000003844368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44b8ef2c37508d22021-12-22 11:44:40.693root 11241100x80000000000000003844369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f80894236f56582021-12-22 11:44:40.693root 11241100x80000000000000003844370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c1f0476b971ad52021-12-22 11:44:40.693root 11241100x80000000000000003844371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad60609fda86dfe2021-12-22 11:44:40.693root 11241100x80000000000000003844372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f367bfdb092acd12021-12-22 11:44:40.693root 11241100x80000000000000003844373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0102e48916d9b8702021-12-22 11:44:40.693root 11241100x80000000000000003844374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81bcad18498858b32021-12-22 11:44:40.694root 11241100x80000000000000003844375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd840a51c76826b2021-12-22 11:44:40.694root 11241100x80000000000000003844376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2416b436210ee5552021-12-22 11:44:40.694root 11241100x80000000000000003844377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d846da93b7cd3b2021-12-22 11:44:40.694root 11241100x80000000000000003844378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce55d6af3d00d562021-12-22 11:44:40.694root 11241100x80000000000000003844379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6f49781b75c3c32021-12-22 11:44:40.694root 11241100x80000000000000003844380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d616823a1e811f302021-12-22 11:44:40.694root 11241100x80000000000000003844381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c67ad995ab204812021-12-22 11:44:40.694root 11241100x80000000000000003844382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9016b49a0351c3582021-12-22 11:44:41.193root 11241100x80000000000000003844383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5761bb7a99cd594e2021-12-22 11:44:41.193root 11241100x80000000000000003844384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef6d55d51ef9b3f2021-12-22 11:44:41.193root 11241100x80000000000000003844385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3f4d2943d8deae2021-12-22 11:44:41.193root 11241100x80000000000000003844386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e31b7e7b290bc542021-12-22 11:44:41.193root 11241100x80000000000000003844387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0418df94b4266a2021-12-22 11:44:41.193root 11241100x80000000000000003844388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae75e2af6e8bc3e02021-12-22 11:44:41.194root 11241100x80000000000000003844389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ecd41348c45d95d2021-12-22 11:44:41.194root 11241100x80000000000000003844390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48860f4533c522402021-12-22 11:44:41.194root 11241100x80000000000000003844391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5e64d5ecce78892021-12-22 11:44:41.194root 11241100x80000000000000003844392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1620006e29fea47e2021-12-22 11:44:41.194root 11241100x80000000000000003844393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ed08da115c3e462021-12-22 11:44:41.194root 11241100x80000000000000003844394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32871d38eb97925c2021-12-22 11:44:41.194root 11241100x80000000000000003844395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6703eddd2533dd62021-12-22 11:44:41.194root 11241100x80000000000000003844396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c2185c9827f8092021-12-22 11:44:41.194root 11241100x80000000000000003844397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7849890a3ccf232021-12-22 11:44:41.693root 11241100x80000000000000003844398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0098d25826d7405b2021-12-22 11:44:41.693root 11241100x80000000000000003844399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54154db56f5ae04c2021-12-22 11:44:41.693root 11241100x80000000000000003844400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83036821084533d2021-12-22 11:44:41.693root 11241100x80000000000000003844401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd19517c728f79b2021-12-22 11:44:41.693root 11241100x80000000000000003844402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57367a3975109ff2021-12-22 11:44:41.693root 11241100x80000000000000003844403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4260385b82760f462021-12-22 11:44:41.693root 11241100x80000000000000003844404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccfabc4fe70e3a372021-12-22 11:44:41.694root 11241100x80000000000000003844405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2de1e27a6a3d0a2021-12-22 11:44:41.694root 11241100x80000000000000003844406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b3dcc1519038682021-12-22 11:44:41.694root 11241100x80000000000000003844407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d675a205cf18172021-12-22 11:44:41.694root 11241100x80000000000000003844408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eea470475512cb12021-12-22 11:44:41.694root 11241100x80000000000000003844409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a0cba1214d09712021-12-22 11:44:41.694root 11241100x80000000000000003844410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4e318ab94dbce22021-12-22 11:44:41.694root 11241100x80000000000000003844411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396fe7da808807c02021-12-22 11:44:41.694root 11241100x80000000000000003844412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d418ea9d5e4c682021-12-22 11:44:42.193root 11241100x80000000000000003844413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8446a5cc595b0b5f2021-12-22 11:44:42.193root 11241100x80000000000000003844414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c3542308e80e1f2021-12-22 11:44:42.193root 11241100x80000000000000003844415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26701450dfc92202021-12-22 11:44:42.193root 11241100x80000000000000003844416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67052515b20b35a2021-12-22 11:44:42.193root 11241100x80000000000000003844417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42970fc161c9974b2021-12-22 11:44:42.193root 11241100x80000000000000003844418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701dc609075c6c862021-12-22 11:44:42.194root 11241100x80000000000000003844419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a1e7477246f30a2021-12-22 11:44:42.194root 11241100x80000000000000003844420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16a64b5360b6b6a2021-12-22 11:44:42.194root 11241100x80000000000000003844421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9729dc7585141a2c2021-12-22 11:44:42.194root 11241100x80000000000000003844422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d397de97817cee812021-12-22 11:44:42.194root 11241100x80000000000000003844423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50200177963f18842021-12-22 11:44:42.194root 11241100x80000000000000003844424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a769e69ff4a89a712021-12-22 11:44:42.194root 11241100x80000000000000003844425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b9873f75e1e8832021-12-22 11:44:42.194root 11241100x80000000000000003844426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40cdb81ac98e5122021-12-22 11:44:42.194root 11241100x80000000000000003844427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a910f42cb092a32021-12-22 11:44:42.693root 11241100x80000000000000003844428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afc1b56759f98e72021-12-22 11:44:42.693root 11241100x80000000000000003844429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b8928fe37e9c162021-12-22 11:44:42.693root 11241100x80000000000000003844430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f336b6cd70ba97e42021-12-22 11:44:42.693root 11241100x80000000000000003844431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3350d149b77080152021-12-22 11:44:42.693root 11241100x80000000000000003844432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.201bf5a4a34a63d42021-12-22 11:44:42.693root 11241100x80000000000000003844433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52012a94ca2e7f9a2021-12-22 11:44:42.693root 11241100x80000000000000003844434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae9b59dc9ddecf12021-12-22 11:44:42.694root 11241100x80000000000000003844435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ce23e587b91a082021-12-22 11:44:42.694root 11241100x80000000000000003844436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a342bebf29fc3c2021-12-22 11:44:42.694root 11241100x80000000000000003844437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9bcd6c70b13e332021-12-22 11:44:42.694root 11241100x80000000000000003844438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cbedcb47a03cd922021-12-22 11:44:42.694root 11241100x80000000000000003844439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947328fb02d6829a2021-12-22 11:44:42.694root 11241100x80000000000000003844440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128df4d879e065962021-12-22 11:44:42.694root 11241100x80000000000000003844441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310d1d14ecac77682021-12-22 11:44:42.694root 11241100x80000000000000003844442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05435c6fcd8640de2021-12-22 11:44:43.193root 11241100x80000000000000003844443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54dab75740eb39d22021-12-22 11:44:43.193root 11241100x80000000000000003844444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7bfa03e141a351f2021-12-22 11:44:43.193root 11241100x80000000000000003844445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d448b75fcf2d76062021-12-22 11:44:43.193root 11241100x80000000000000003844446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4efa0474c2e31c2f2021-12-22 11:44:43.193root 11241100x80000000000000003844447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39794d857906de52021-12-22 11:44:43.193root 11241100x80000000000000003844448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87798dda7842633a2021-12-22 11:44:43.194root 11241100x80000000000000003844449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cea435442c5c3de2021-12-22 11:44:43.194root 11241100x80000000000000003844450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca6868094d65d5e2021-12-22 11:44:43.194root 11241100x80000000000000003844451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c549ca162007cb642021-12-22 11:44:43.194root 11241100x80000000000000003844452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0000fadf854202d82021-12-22 11:44:43.194root 11241100x80000000000000003844453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3235402ed6d8cdc22021-12-22 11:44:43.194root 11241100x80000000000000003844454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb11d3a89e8ac502021-12-22 11:44:43.194root 11241100x80000000000000003844455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c04b4f09a577b472021-12-22 11:44:43.194root 11241100x80000000000000003844456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48403501f0906c5e2021-12-22 11:44:43.194root 11241100x80000000000000003844457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c54e64032356272021-12-22 11:44:43.693root 11241100x80000000000000003844458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59adc77cd64456c2021-12-22 11:44:43.693root 11241100x80000000000000003844459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f969f9e9e002f24b2021-12-22 11:44:43.693root 11241100x80000000000000003844460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f0ff84baad8a022021-12-22 11:44:43.693root 11241100x80000000000000003844461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d1bcde592e476d2021-12-22 11:44:43.694root 11241100x80000000000000003844462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bb7a7ba82857582021-12-22 11:44:43.694root 11241100x80000000000000003844463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01093c0274d7c8372021-12-22 11:44:43.694root 11241100x80000000000000003844464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a54086827295642021-12-22 11:44:43.694root 11241100x80000000000000003844465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d140422ec81cf812021-12-22 11:44:43.694root 11241100x80000000000000003844466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9177cb1eeb9a5d62021-12-22 11:44:43.695root 11241100x80000000000000003844467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae55362818bb88a82021-12-22 11:44:43.695root 11241100x80000000000000003844468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565f1a07888c5a362021-12-22 11:44:43.695root 11241100x80000000000000003844469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b55a68c71401f2f2021-12-22 11:44:43.695root 11241100x80000000000000003844470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9d1cc1f949d91d2021-12-22 11:44:43.695root 11241100x80000000000000003844471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e5be30935b434a2021-12-22 11:44:43.695root 11241100x80000000000000003844472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8450f047eed7c9ac2021-12-22 11:44:44.193root 11241100x80000000000000003844473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60edb4b720e5ac922021-12-22 11:44:44.193root 11241100x80000000000000003844474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13e71ce12e751b12021-12-22 11:44:44.193root 11241100x80000000000000003844475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235385244288c8302021-12-22 11:44:44.193root 11241100x80000000000000003844476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b1a2b827bcaf992021-12-22 11:44:44.193root 11241100x80000000000000003844477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4277e86f6be0eca02021-12-22 11:44:44.193root 11241100x80000000000000003844478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd2a238a0cca2952021-12-22 11:44:44.193root 11241100x80000000000000003844479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e97788015f22b4e2021-12-22 11:44:44.193root 11241100x80000000000000003844480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2270780bb2484d52021-12-22 11:44:44.194root 11241100x80000000000000003844481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f24fbef885e5c32021-12-22 11:44:44.194root 11241100x80000000000000003844482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeccea4f4f3ca5842021-12-22 11:44:44.194root 11241100x80000000000000003844483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6913857eb57a19632021-12-22 11:44:44.194root 11241100x80000000000000003844484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a586acc60d061a2021-12-22 11:44:44.194root 11241100x80000000000000003844485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4783f8f94a9fbe1e2021-12-22 11:44:44.194root 11241100x80000000000000003844486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa39b3d59a7896632021-12-22 11:44:44.194root 11241100x80000000000000003844487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da777962f9cb2952021-12-22 11:44:44.693root 11241100x80000000000000003844488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8571b865c3a6d9f42021-12-22 11:44:44.693root 11241100x80000000000000003844489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71085761b4ab60e2021-12-22 11:44:44.693root 11241100x80000000000000003844490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbccab9b22c429a92021-12-22 11:44:44.693root 11241100x80000000000000003844491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7437093ec12087762021-12-22 11:44:44.693root 11241100x80000000000000003844492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2dd4dc4ad0ec742021-12-22 11:44:44.693root 11241100x80000000000000003844493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200bafc151ea6d062021-12-22 11:44:44.693root 11241100x80000000000000003844494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06585be677a428222021-12-22 11:44:44.694root 11241100x80000000000000003844495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd29a169406d26c2021-12-22 11:44:44.694root 11241100x80000000000000003844496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080414c403db43022021-12-22 11:44:44.694root 11241100x80000000000000003844497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bba44bfb30176942021-12-22 11:44:44.694root 11241100x80000000000000003844498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b20f0ffd9ee3b1a2021-12-22 11:44:44.694root 11241100x80000000000000003844499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef91f3ff4874cd362021-12-22 11:44:44.694root 11241100x80000000000000003844500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68de27411b01588a2021-12-22 11:44:44.694root 11241100x80000000000000003844501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4286c2211f8774df2021-12-22 11:44:44.694root 354300x80000000000000003844502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.138{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55394-false10.0.1.12-8000- 11241100x80000000000000003844503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb1505dfbaf3b1d2021-12-22 11:44:45.139root 11241100x80000000000000003844504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90b27c91fcc7efd2021-12-22 11:44:45.139root 11241100x80000000000000003844505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03941ed37f6a041d2021-12-22 11:44:45.139root 11241100x80000000000000003844506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6cd5c3ca458f562021-12-22 11:44:45.140root 11241100x80000000000000003844507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87233ed1b1b169b62021-12-22 11:44:45.140root 11241100x80000000000000003844508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003b79f869dcd27f2021-12-22 11:44:45.140root 11241100x80000000000000003844509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14089feffeecc72b2021-12-22 11:44:45.140root 11241100x80000000000000003844510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d63d2b73ffffe332021-12-22 11:44:45.140root 11241100x80000000000000003844511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37baf532729f70152021-12-22 11:44:45.140root 11241100x80000000000000003844512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872c40defcfe3dc82021-12-22 11:44:45.140root 11241100x80000000000000003844513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad9b4b0f349b81e2021-12-22 11:44:45.140root 11241100x80000000000000003844514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430e0e5d70eea25c2021-12-22 11:44:45.140root 11241100x80000000000000003844515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec69107b4552628a2021-12-22 11:44:45.140root 11241100x80000000000000003844516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13f23795e7e04522021-12-22 11:44:45.141root 11241100x80000000000000003844517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e736a233d376a42021-12-22 11:44:45.141root 11241100x80000000000000003844518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f9556aff5870b12021-12-22 11:44:45.141root 11241100x80000000000000003844519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32cc5e7671c4d7e2021-12-22 11:44:45.141root 11241100x80000000000000003844520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738234981715d5062021-12-22 11:44:45.141root 11241100x80000000000000003844521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f429706d8082eb72021-12-22 11:44:45.141root 11241100x80000000000000003844522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50fb318cdb040d252021-12-22 11:44:45.141root 11241100x80000000000000003844523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a1b92fbbed17cf2021-12-22 11:44:45.141root 11241100x80000000000000003844524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5b67ac0b9a2bf32021-12-22 11:44:45.141root 11241100x80000000000000003844525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8dd8ee7d5063c32021-12-22 11:44:45.443root 11241100x80000000000000003844526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6c2491f8efadb12021-12-22 11:44:45.443root 11241100x80000000000000003844527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69095f0d9dc6f6b52021-12-22 11:44:45.443root 11241100x80000000000000003844528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ea2f58acaba7cb2021-12-22 11:44:45.443root 11241100x80000000000000003844529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32e5719a857c7f12021-12-22 11:44:45.443root 11241100x80000000000000003844530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e45b7ce057b65b2021-12-22 11:44:45.444root 11241100x80000000000000003844531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ced1bd8ef31dcf2021-12-22 11:44:45.444root 11241100x80000000000000003844532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f6ee942c81c4532021-12-22 11:44:45.444root 11241100x80000000000000003844533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e0dc506cbcb6dd2021-12-22 11:44:45.444root 11241100x80000000000000003844534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6739a64d4e584be32021-12-22 11:44:45.444root 11241100x80000000000000003844535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4985ecd67780c0072021-12-22 11:44:45.444root 11241100x80000000000000003844536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1b8362c2287b722021-12-22 11:44:45.444root 11241100x80000000000000003844537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7f9872129760402021-12-22 11:44:45.444root 11241100x80000000000000003844538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ca4bfa5643e69d2021-12-22 11:44:45.444root 11241100x80000000000000003844539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78aeb5501cbf33322021-12-22 11:44:45.444root 11241100x80000000000000003844540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98520ad8e7f280c52021-12-22 11:44:45.444root 11241100x80000000000000003844541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9509b80767e4ddba2021-12-22 11:44:45.943root 11241100x80000000000000003844542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c51b62ba514da52021-12-22 11:44:45.943root 11241100x80000000000000003844543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7b971e9df98b5d2021-12-22 11:44:45.943root 11241100x80000000000000003844544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09788cce7c3770d92021-12-22 11:44:45.943root 11241100x80000000000000003844545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122358cb6977a1c92021-12-22 11:44:45.943root 11241100x80000000000000003844546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2888126503f57b462021-12-22 11:44:45.943root 11241100x80000000000000003844547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7695033fc5901672021-12-22 11:44:45.944root 11241100x80000000000000003844548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96682758226354032021-12-22 11:44:45.944root 11241100x80000000000000003844549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99458c866370bd92021-12-22 11:44:45.944root 11241100x80000000000000003844550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44fdb4e280e242f2021-12-22 11:44:45.944root 11241100x80000000000000003844551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1675ed29b4fa066a2021-12-22 11:44:45.944root 11241100x80000000000000003844552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566e6c981ec6019d2021-12-22 11:44:45.944root 11241100x80000000000000003844553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e55d6b9299673c12021-12-22 11:44:45.944root 11241100x80000000000000003844554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f400702d6804e332021-12-22 11:44:45.944root 11241100x80000000000000003844555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc15b0f012e4f9f02021-12-22 11:44:45.944root 11241100x80000000000000003844556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33edbfdefb1026d2021-12-22 11:44:45.945root 11241100x80000000000000003844557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee11bc42ebc3bc3c2021-12-22 11:44:46.443root 11241100x80000000000000003844558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2add79dc87b1ef4a2021-12-22 11:44:46.443root 11241100x80000000000000003844559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131e886a285f78732021-12-22 11:44:46.443root 11241100x80000000000000003844560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95704e5716c027ab2021-12-22 11:44:46.443root 11241100x80000000000000003844561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa1aeb7678debb62021-12-22 11:44:46.443root 11241100x80000000000000003844562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7f2e0f326968aa2021-12-22 11:44:46.443root 11241100x80000000000000003844563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249f8284125ae0b42021-12-22 11:44:46.444root 11241100x80000000000000003844564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30e817afcc4f87c2021-12-22 11:44:46.444root 11241100x80000000000000003844565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08bd12c6b5be98652021-12-22 11:44:46.444root 11241100x80000000000000003844566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f7f01badc494182021-12-22 11:44:46.444root 11241100x80000000000000003844567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc4023a98af808a2021-12-22 11:44:46.445root 11241100x80000000000000003844568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51783adfd0c9afb2021-12-22 11:44:46.445root 11241100x80000000000000003844569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3a0521f4d9f50c2021-12-22 11:44:46.445root 11241100x80000000000000003844570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29451dd1fa5c61612021-12-22 11:44:46.445root 11241100x80000000000000003844571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f975332b309c10292021-12-22 11:44:46.446root 11241100x80000000000000003844572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1c4a9f0b0169192021-12-22 11:44:46.446root 11241100x80000000000000003844573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e98f42296af80122021-12-22 11:44:46.943root 11241100x80000000000000003844574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd807392ff788242021-12-22 11:44:46.943root 11241100x80000000000000003844575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e934cf424a37e02021-12-22 11:44:46.943root 11241100x80000000000000003844576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0071c3449992822021-12-22 11:44:46.943root 11241100x80000000000000003844577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed24722eb82e6952021-12-22 11:44:46.944root 11241100x80000000000000003844578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2c62b57c9c9b7a2021-12-22 11:44:46.944root 11241100x80000000000000003844579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740af8504207d8dc2021-12-22 11:44:46.944root 11241100x80000000000000003844580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b78abdda3a276c22021-12-22 11:44:46.944root 11241100x80000000000000003844581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c9f6dd0bf8e8f22021-12-22 11:44:46.944root 11241100x80000000000000003844582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59f5befb2ec6a552021-12-22 11:44:46.945root 11241100x80000000000000003844583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e62dbd735b6b5062021-12-22 11:44:46.945root 11241100x80000000000000003844584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228579a9a3e34d7b2021-12-22 11:44:46.945root 11241100x80000000000000003844585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8028818d855f8abb2021-12-22 11:44:46.945root 11241100x80000000000000003844586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501a620cc31532df2021-12-22 11:44:46.945root 11241100x80000000000000003844587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db19a0bb582daf462021-12-22 11:44:46.945root 11241100x80000000000000003844588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1f25cb4270a9a02021-12-22 11:44:46.945root 11241100x80000000000000003844589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bfca097af6103c02021-12-22 11:44:47.443root 11241100x80000000000000003844590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be1a54c6542a0912021-12-22 11:44:47.443root 11241100x80000000000000003844591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0793d8cef82afca2021-12-22 11:44:47.443root 11241100x80000000000000003844592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f04040eeb55c5702021-12-22 11:44:47.443root 11241100x80000000000000003844593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ba6bc52a0c13f62021-12-22 11:44:47.443root 11241100x80000000000000003844594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5247ebf379d555c82021-12-22 11:44:47.444root 11241100x80000000000000003844595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7caa67b67d3263852021-12-22 11:44:47.444root 11241100x80000000000000003844596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101616a0a2fdc1bf2021-12-22 11:44:47.444root 11241100x80000000000000003844597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7848598d34714ad2021-12-22 11:44:47.444root 11241100x80000000000000003844598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e02e9f505070b012021-12-22 11:44:47.444root 11241100x80000000000000003844599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3593a63dd4e32ceb2021-12-22 11:44:47.444root 11241100x80000000000000003844600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d215d0e2d8d8d22021-12-22 11:44:47.444root 11241100x80000000000000003844601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ab8580f974a5432021-12-22 11:44:47.444root 11241100x80000000000000003844602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598813c4f776bcae2021-12-22 11:44:47.444root 11241100x80000000000000003844603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc15ebe04a7cfee42021-12-22 11:44:47.444root 11241100x80000000000000003844604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50142809da40d6e02021-12-22 11:44:47.444root 11241100x80000000000000003844605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f07f30d74ac8302021-12-22 11:44:47.943root 11241100x80000000000000003844606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a940bf4031436d312021-12-22 11:44:47.943root 11241100x80000000000000003844607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fbaccb3337cf91c2021-12-22 11:44:47.943root 11241100x80000000000000003844608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492710c17df8c7d12021-12-22 11:44:47.943root 11241100x80000000000000003844609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08bc65177b1e3472021-12-22 11:44:47.943root 11241100x80000000000000003844610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44966f429a896e72021-12-22 11:44:47.943root 11241100x80000000000000003844611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29abb9f418a84a92021-12-22 11:44:47.944root 11241100x80000000000000003844612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0c830c0d267bc82021-12-22 11:44:47.944root 11241100x80000000000000003844613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e84074f8fcd6682021-12-22 11:44:47.944root 11241100x80000000000000003844614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7026e058772603c2021-12-22 11:44:47.944root 11241100x80000000000000003844615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8570b563acde58b2021-12-22 11:44:47.944root 11241100x80000000000000003844616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9162c9708f94402021-12-22 11:44:47.944root 11241100x80000000000000003844617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72db25fbd7bfcbd2021-12-22 11:44:47.944root 11241100x80000000000000003844618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e238b546bd83c1d2021-12-22 11:44:47.944root 11241100x80000000000000003844619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02800d9914450fc72021-12-22 11:44:47.944root 11241100x80000000000000003844620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6835bb597696e90a2021-12-22 11:44:47.944root 11241100x80000000000000003844621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9cf4b50046d0c982021-12-22 11:44:48.443root 11241100x80000000000000003844622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa92814f7aeef852021-12-22 11:44:48.444root 11241100x80000000000000003844623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4423ae0618864702021-12-22 11:44:48.444root 11241100x80000000000000003844624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa33b8aaca71caa2021-12-22 11:44:48.444root 11241100x80000000000000003844625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa620ea2cd439a042021-12-22 11:44:48.444root 11241100x80000000000000003844626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6232fe92ecafde902021-12-22 11:44:48.444root 11241100x80000000000000003844627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f7ff767d9014492021-12-22 11:44:48.444root 11241100x80000000000000003844628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f308a55d78e409912021-12-22 11:44:48.445root 11241100x80000000000000003844629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18d26af74c7a6582021-12-22 11:44:48.445root 11241100x80000000000000003844630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37c24ecb15605e92021-12-22 11:44:48.445root 11241100x80000000000000003844631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47027ee322d2852c2021-12-22 11:44:48.445root 11241100x80000000000000003844632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99c3a98bcbf575a2021-12-22 11:44:48.445root 11241100x80000000000000003844633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e395dd0e54fc7112021-12-22 11:44:48.445root 11241100x80000000000000003844634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b5be1ce320b6fe2021-12-22 11:44:48.445root 11241100x80000000000000003844635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53728f5d2c1a31b2021-12-22 11:44:48.445root 11241100x80000000000000003844636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a68d2c7d48c81f02021-12-22 11:44:48.446root 11241100x80000000000000003844637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9594200b7d5ca8292021-12-22 11:44:48.943root 11241100x80000000000000003844638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe60b69145f4e2c32021-12-22 11:44:48.943root 11241100x80000000000000003844639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a1b4de0e81bd8f2021-12-22 11:44:48.943root 11241100x80000000000000003844640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd40a84da6cc3a92021-12-22 11:44:48.943root 11241100x80000000000000003844641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b7da70dfcd27712021-12-22 11:44:48.943root 11241100x80000000000000003844642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f60726559d544e92021-12-22 11:44:48.944root 11241100x80000000000000003844643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0d9696a277ae472021-12-22 11:44:48.944root 11241100x80000000000000003844644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664a6248b25dab202021-12-22 11:44:48.944root 11241100x80000000000000003844645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e9c1bd6262d1532021-12-22 11:44:48.944root 11241100x80000000000000003844646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5733171e2d567ef62021-12-22 11:44:48.944root 11241100x80000000000000003844647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6835cb5f922159ab2021-12-22 11:44:48.944root 11241100x80000000000000003844648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17c786d2c36c8902021-12-22 11:44:48.944root 11241100x80000000000000003844649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbe3c9ffa49b6a32021-12-22 11:44:48.944root 11241100x80000000000000003844650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a74a5b8ed5db1e2021-12-22 11:44:48.945root 11241100x80000000000000003844651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98dead0ba4aaae562021-12-22 11:44:48.945root 11241100x80000000000000003844652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a3d441dc232b8f2021-12-22 11:44:48.945root 11241100x80000000000000003844653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c59d8766aeb6c62021-12-22 11:44:49.443root 11241100x80000000000000003844654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304cc5a80ac0d3712021-12-22 11:44:49.443root 11241100x80000000000000003844655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7fd072c71fffa5b2021-12-22 11:44:49.443root 11241100x80000000000000003844656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42b83a5fa64a1922021-12-22 11:44:49.443root 11241100x80000000000000003844657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf46f4b680676632021-12-22 11:44:49.444root 11241100x80000000000000003844658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ab93161fda79012021-12-22 11:44:49.444root 11241100x80000000000000003844659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249b7811ab1bf9602021-12-22 11:44:49.444root 11241100x80000000000000003844660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4690da4cc99e0d752021-12-22 11:44:49.444root 11241100x80000000000000003844661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4535f0897f1c0c1b2021-12-22 11:44:49.444root 11241100x80000000000000003844662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d9e8036a19c39f2021-12-22 11:44:49.444root 11241100x80000000000000003844663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e87f0a858cab5632021-12-22 11:44:49.444root 11241100x80000000000000003844664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66e7d7cc18d004a2021-12-22 11:44:49.444root 11241100x80000000000000003844665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2661ac4e8c6103c12021-12-22 11:44:49.444root 11241100x80000000000000003844666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5faa20ae35a48a562021-12-22 11:44:49.444root 11241100x80000000000000003844667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fb06225d3e78422021-12-22 11:44:49.445root 11241100x80000000000000003844668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f89b5c721b1a6b2021-12-22 11:44:49.445root 11241100x80000000000000003844669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efdb36d179f71eb2021-12-22 11:44:49.943root 11241100x80000000000000003844670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29984e3e8973b8392021-12-22 11:44:49.943root 11241100x80000000000000003844671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a51ae7dbe8c20b2021-12-22 11:44:49.943root 11241100x80000000000000003844672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd313fbd374f06c2021-12-22 11:44:49.943root 11241100x80000000000000003844673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4407c2f7b2a926d2021-12-22 11:44:49.943root 11241100x80000000000000003844674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17ad1056b8df4892021-12-22 11:44:49.943root 11241100x80000000000000003844675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d397d2d20b2c474d2021-12-22 11:44:49.943root 11241100x80000000000000003844676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd4f9d6130fedc22021-12-22 11:44:49.944root 11241100x80000000000000003844677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e75f58265beba862021-12-22 11:44:49.944root 11241100x80000000000000003844678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712b64ee64070c1f2021-12-22 11:44:49.944root 11241100x80000000000000003844679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232887076f14f4c52021-12-22 11:44:49.944root 11241100x80000000000000003844680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b63898cea7d0c7c2021-12-22 11:44:49.944root 11241100x80000000000000003844681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3acf8a9f993daa9a2021-12-22 11:44:49.944root 11241100x80000000000000003844682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f3f12988d7cf102021-12-22 11:44:49.944root 11241100x80000000000000003844683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95605d693678b1052021-12-22 11:44:49.944root 11241100x80000000000000003844684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25f9f281f4c181c2021-12-22 11:44:49.944root 11241100x80000000000000003844685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa37353e82c95e8d2021-12-22 11:44:50.443root 11241100x80000000000000003844686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db29621e02a0dd02021-12-22 11:44:50.443root 11241100x80000000000000003844687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c45757b1ee84c82021-12-22 11:44:50.443root 11241100x80000000000000003844688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c615d4a6029dfedf2021-12-22 11:44:50.443root 11241100x80000000000000003844689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4364157a9a5c54c42021-12-22 11:44:50.443root 11241100x80000000000000003844690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52376982bd207bc92021-12-22 11:44:50.443root 11241100x80000000000000003844691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7886101bc38da36f2021-12-22 11:44:50.443root 11241100x80000000000000003844692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1847b13d9ed5142021-12-22 11:44:50.444root 11241100x80000000000000003844693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0a8d27c72419c22021-12-22 11:44:50.444root 11241100x80000000000000003844694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0a5bf5ef8076582021-12-22 11:44:50.444root 11241100x80000000000000003844695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4bbbbeea487a0c22021-12-22 11:44:50.444root 11241100x80000000000000003844696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb97b4cd6b33b162021-12-22 11:44:50.444root 11241100x80000000000000003844697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a601e82c1436ee2021-12-22 11:44:50.444root 11241100x80000000000000003844698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6e67a17797a9ec2021-12-22 11:44:50.444root 11241100x80000000000000003844699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd0fbdb3b6657b42021-12-22 11:44:50.444root 11241100x80000000000000003844700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99253b804827dc862021-12-22 11:44:50.444root 11241100x80000000000000003844701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603f078f3ffdff7e2021-12-22 11:44:50.944root 11241100x80000000000000003844702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70df1052ac159bf22021-12-22 11:44:50.945root 11241100x80000000000000003844703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f07b52e9c2656272021-12-22 11:44:50.945root 11241100x80000000000000003844704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9115aaa8f3722ae02021-12-22 11:44:50.945root 11241100x80000000000000003844705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02061a3648391582021-12-22 11:44:50.945root 11241100x80000000000000003844706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34e206b61fb9c772021-12-22 11:44:50.945root 11241100x80000000000000003844707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef40fbce40da59b2021-12-22 11:44:50.945root 11241100x80000000000000003844708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e17ab93e564e8ef2021-12-22 11:44:50.945root 11241100x80000000000000003844709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6133e19dad86fbf42021-12-22 11:44:50.945root 11241100x80000000000000003844710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ebe7bc67a2f7c92021-12-22 11:44:50.945root 11241100x80000000000000003844711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918167d46a55e3d12021-12-22 11:44:50.945root 11241100x80000000000000003844712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad1d34254dca3e22021-12-22 11:44:50.945root 11241100x80000000000000003844713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4cb4f540f7438c32021-12-22 11:44:50.945root 11241100x80000000000000003844714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e94882caed5f622021-12-22 11:44:50.945root 11241100x80000000000000003844715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6291d0391154366c2021-12-22 11:44:50.946root 11241100x80000000000000003844716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7575a8f2b580bd872021-12-22 11:44:50.946root 354300x80000000000000003844717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.114{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55396-false10.0.1.12-8000- 11241100x80000000000000003844718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921bf433e2a9ac442021-12-22 11:44:51.443root 11241100x80000000000000003844719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ac36302cb139222021-12-22 11:44:51.443root 11241100x80000000000000003844720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b3167b30a6dc932021-12-22 11:44:51.443root 11241100x80000000000000003844721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9a7c4a4891230a2021-12-22 11:44:51.443root 11241100x80000000000000003844722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108f14c188ca91ac2021-12-22 11:44:51.443root 11241100x80000000000000003844723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781968594d8453dd2021-12-22 11:44:51.443root 11241100x80000000000000003844724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d880b63cb9866fa02021-12-22 11:44:51.444root 11241100x80000000000000003844725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082dafe52353e2452021-12-22 11:44:51.444root 11241100x80000000000000003844726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9dea97c97d2e952021-12-22 11:44:51.444root 11241100x80000000000000003844727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917942a26a064b7b2021-12-22 11:44:51.444root 11241100x80000000000000003844728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d00998423cf4a12021-12-22 11:44:51.444root 11241100x80000000000000003844729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935889b090ff8cba2021-12-22 11:44:51.444root 11241100x80000000000000003844730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdfcf146fc2b26c2021-12-22 11:44:51.444root 11241100x80000000000000003844731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1147fb87d29f67802021-12-22 11:44:51.444root 11241100x80000000000000003844732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d4d84e91baf9062021-12-22 11:44:51.444root 11241100x80000000000000003844733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775ca34731038a5e2021-12-22 11:44:51.445root 11241100x80000000000000003844734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef497965878406c92021-12-22 11:44:51.445root 11241100x80000000000000003844735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf902656a6566ba42021-12-22 11:44:51.943root 11241100x80000000000000003844736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac51796883e0b402021-12-22 11:44:51.943root 11241100x80000000000000003844737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.405ca2c4a6c2becb2021-12-22 11:44:51.943root 11241100x80000000000000003844738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1148f0140aca017c2021-12-22 11:44:51.943root 11241100x80000000000000003844739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b37a62ed8e2429a2021-12-22 11:44:51.944root 11241100x80000000000000003844740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376f2680957b505c2021-12-22 11:44:51.944root 11241100x80000000000000003844741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d3fe9245d8e0072021-12-22 11:44:51.944root 11241100x80000000000000003844742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c43120194baba42021-12-22 11:44:51.944root 11241100x80000000000000003844743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ef84ddb659c81f2021-12-22 11:44:51.944root 11241100x80000000000000003844744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9693f45c81b7f552021-12-22 11:44:51.944root 11241100x80000000000000003844745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4a7203962628972021-12-22 11:44:51.944root 11241100x80000000000000003844746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb9a157658e83052021-12-22 11:44:51.944root 11241100x80000000000000003844747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c302b8acd748f222021-12-22 11:44:51.944root 11241100x80000000000000003844748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716cd2b8d5bd68aa2021-12-22 11:44:51.944root 11241100x80000000000000003844749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c32f924df44d472021-12-22 11:44:51.944root 11241100x80000000000000003844750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7ef20207896efe2021-12-22 11:44:51.945root 11241100x80000000000000003844751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b33c3b5944769e2021-12-22 11:44:51.945root 11241100x80000000000000003844752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8b1d1148b16cf52021-12-22 11:44:52.443root 11241100x80000000000000003844753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa911305565a76a92021-12-22 11:44:52.443root 11241100x80000000000000003844754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d53a15a4efe44f2021-12-22 11:44:52.443root 11241100x80000000000000003844755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ec43b42e3a0dc12021-12-22 11:44:52.444root 11241100x80000000000000003844756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db909ce72dd92692021-12-22 11:44:52.444root 11241100x80000000000000003844757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df18c36dc18b63bd2021-12-22 11:44:52.444root 11241100x80000000000000003844758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6812fba8eb03772021-12-22 11:44:52.444root 11241100x80000000000000003844759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38dd1469f1d5ac262021-12-22 11:44:52.444root 11241100x80000000000000003844760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77147869c3683a872021-12-22 11:44:52.444root 11241100x80000000000000003844761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07bd8f37e0ea19362021-12-22 11:44:52.444root 11241100x80000000000000003844762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b6fbc050df57b02021-12-22 11:44:52.444root 11241100x80000000000000003844763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c945a44ac22ef80c2021-12-22 11:44:52.444root 11241100x80000000000000003844764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b93b92613e96a92021-12-22 11:44:52.444root 11241100x80000000000000003844765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880af09aec7cd74d2021-12-22 11:44:52.444root 11241100x80000000000000003844766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e01715167e05d22021-12-22 11:44:52.444root 11241100x80000000000000003844767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24fae676826d1ef2021-12-22 11:44:52.444root 11241100x80000000000000003844768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae8722f610b98492021-12-22 11:44:52.444root 11241100x80000000000000003844769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408c8db431fb50622021-12-22 11:44:52.943root 11241100x80000000000000003844770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca88760bfdbbe8dc2021-12-22 11:44:52.943root 11241100x80000000000000003844771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52be3f4a9747534a2021-12-22 11:44:52.943root 11241100x80000000000000003844772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f56b9a1cafb8962021-12-22 11:44:52.943root 11241100x80000000000000003844773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7861fa257b2dabd62021-12-22 11:44:52.943root 11241100x80000000000000003844774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7c911fd53b6d072021-12-22 11:44:52.944root 11241100x80000000000000003844775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e46b489e8d955e2021-12-22 11:44:52.944root 11241100x80000000000000003844776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2062bbb69220862021-12-22 11:44:52.944root 11241100x80000000000000003844777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea36ef848ac624792021-12-22 11:44:52.944root 11241100x80000000000000003844778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe625a963817f4d02021-12-22 11:44:52.944root 11241100x80000000000000003844779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88eff99744cfff8e2021-12-22 11:44:52.944root 11241100x80000000000000003844780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c095bcfd519f15dc2021-12-22 11:44:52.944root 11241100x80000000000000003844781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2553ad338f5d4b7a2021-12-22 11:44:52.944root 11241100x80000000000000003844782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da7d7c8cd4531912021-12-22 11:44:52.944root 11241100x80000000000000003844783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed05bb373913e9f2021-12-22 11:44:52.944root 11241100x80000000000000003844784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8988a8adee1aa242021-12-22 11:44:52.945root 11241100x80000000000000003844785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f236123158f8c1ca2021-12-22 11:44:52.945root 11241100x80000000000000003844786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec61a6d1068e41452021-12-22 11:44:53.443root 11241100x80000000000000003844787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e13f6aa6758970c92021-12-22 11:44:53.443root 11241100x80000000000000003844788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa569347e7be5cdb2021-12-22 11:44:53.443root 11241100x80000000000000003844789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9acb1709223054072021-12-22 11:44:53.443root 11241100x80000000000000003844790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7402ce91fa36a3992021-12-22 11:44:53.444root 11241100x80000000000000003844791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba24ead402f1c8b2021-12-22 11:44:53.444root 11241100x80000000000000003844792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3887c2ec1474b92021-12-22 11:44:53.444root 11241100x80000000000000003844793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9dfe0c6b41b5a792021-12-22 11:44:53.444root 11241100x80000000000000003844794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d17d8b547be5e32021-12-22 11:44:53.444root 11241100x80000000000000003844795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2953baa96bb915142021-12-22 11:44:53.444root 11241100x80000000000000003844796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d72ba09a79f00832021-12-22 11:44:53.444root 11241100x80000000000000003844797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3eba7319ada64f72021-12-22 11:44:53.444root 11241100x80000000000000003844798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03262633ed9ffd142021-12-22 11:44:53.444root 11241100x80000000000000003844799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1d8a9dc280dc792021-12-22 11:44:53.444root 11241100x80000000000000003844800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93468cd11d65b4d42021-12-22 11:44:53.445root 11241100x80000000000000003844801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9ef3f7c51fc21d2021-12-22 11:44:53.445root 11241100x80000000000000003844802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d97904788008472021-12-22 11:44:53.445root 11241100x80000000000000003844803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f94bdba559def02021-12-22 11:44:53.943root 11241100x80000000000000003844804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe5dd69ca59e9522021-12-22 11:44:53.943root 11241100x80000000000000003844805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b1e5d7a512acee2021-12-22 11:44:53.943root 11241100x80000000000000003844806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e5588312b573ff2021-12-22 11:44:53.943root 11241100x80000000000000003844807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09c1955441a50422021-12-22 11:44:53.943root 11241100x80000000000000003844808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74cecfbe44ce6ab42021-12-22 11:44:53.944root 11241100x80000000000000003844809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3736f09dc980f9bc2021-12-22 11:44:53.944root 11241100x80000000000000003844810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705efe45611bfd122021-12-22 11:44:53.944root 11241100x80000000000000003844811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cdaf7a793d662a2021-12-22 11:44:53.944root 11241100x80000000000000003844812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce741ef6a30579b2021-12-22 11:44:53.944root 11241100x80000000000000003844813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c855d1f18e8c492021-12-22 11:44:53.944root 11241100x80000000000000003844814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149291e0268372442021-12-22 11:44:53.944root 11241100x80000000000000003844815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127cf19c19966f312021-12-22 11:44:53.944root 11241100x80000000000000003844816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4205fb1cec9a382021-12-22 11:44:53.944root 11241100x80000000000000003844817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d59e588cc9a2b842021-12-22 11:44:53.944root 11241100x80000000000000003844818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b064586a488307d82021-12-22 11:44:53.945root 11241100x80000000000000003844819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2461825b4b9f95ba2021-12-22 11:44:53.945root 11241100x80000000000000003844820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d7c750519a06ea2021-12-22 11:44:54.443root 11241100x80000000000000003844821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891bdad776a3bba02021-12-22 11:44:54.443root 11241100x80000000000000003844822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483627e2021e09702021-12-22 11:44:54.443root 11241100x80000000000000003844823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcc2357f1ade9622021-12-22 11:44:54.443root 11241100x80000000000000003844824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5e7ff69c3599942021-12-22 11:44:54.444root 11241100x80000000000000003844825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e1868ebb42a3842021-12-22 11:44:54.444root 11241100x80000000000000003844826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64941f4d3081848f2021-12-22 11:44:54.444root 11241100x80000000000000003844827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ba36820f397a782021-12-22 11:44:54.444root 11241100x80000000000000003844828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59188449dc50a6a2021-12-22 11:44:54.444root 11241100x80000000000000003844829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037d43ff182b55e92021-12-22 11:44:54.444root 11241100x80000000000000003844830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73552ca7a134ec202021-12-22 11:44:54.444root 11241100x80000000000000003844831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1cbfda93f4ad902021-12-22 11:44:54.444root 11241100x80000000000000003844832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3544094f0a654c5b2021-12-22 11:44:54.444root 11241100x80000000000000003844833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e30e390eb1baae2021-12-22 11:44:54.444root 11241100x80000000000000003844834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e867b4bd62dcc4172021-12-22 11:44:54.444root 11241100x80000000000000003844835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8d2d7b0ac811c62021-12-22 11:44:54.444root 11241100x80000000000000003844836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e90777f09a185a2021-12-22 11:44:54.444root 11241100x80000000000000003844837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4fcc039e22516862021-12-22 11:44:54.943root 11241100x80000000000000003844838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253f5a84913cb4602021-12-22 11:44:54.943root 11241100x80000000000000003844839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b9b4aafa11723a2021-12-22 11:44:54.943root 11241100x80000000000000003844840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a971767e0eb72f2021-12-22 11:44:54.943root 11241100x80000000000000003844841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a431192b77c06d12021-12-22 11:44:54.944root 11241100x80000000000000003844842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642ce0a068b040da2021-12-22 11:44:54.944root 11241100x80000000000000003844843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba873ddb7403f032021-12-22 11:44:54.944root 11241100x80000000000000003844844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0249b8442ec7a9462021-12-22 11:44:54.944root 11241100x80000000000000003844845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b29ac79dfaf76a2021-12-22 11:44:54.944root 11241100x80000000000000003844846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f64418723349502021-12-22 11:44:54.944root 11241100x80000000000000003844847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a0d7c5581a2ced2021-12-22 11:44:54.944root 11241100x80000000000000003844848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdaf5a395374cea2021-12-22 11:44:54.944root 11241100x80000000000000003844849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9cf9d06b5a4db62021-12-22 11:44:54.945root 11241100x80000000000000003844850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fafe637f0856d252021-12-22 11:44:54.945root 11241100x80000000000000003844851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b3f2e3b151d2002021-12-22 11:44:54.945root 11241100x80000000000000003844852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a400816e0a0f45502021-12-22 11:44:54.945root 11241100x80000000000000003844853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c46d86a95eb1b7c2021-12-22 11:44:54.945root 11241100x80000000000000003844854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed5fe9949fc46122021-12-22 11:44:55.443root 11241100x80000000000000003844855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548e1a089e6ef4ce2021-12-22 11:44:55.443root 11241100x80000000000000003844856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbf73d58a094f142021-12-22 11:44:55.443root 11241100x80000000000000003844857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8324e98455f4b32021-12-22 11:44:55.443root 11241100x80000000000000003844858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26cd65f4b65875642021-12-22 11:44:55.444root 11241100x80000000000000003844859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe48a3c3a4f4b8d2021-12-22 11:44:55.444root 11241100x80000000000000003844860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0ed0d5c2d333572021-12-22 11:44:55.444root 11241100x80000000000000003844861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79ced31bc0b42912021-12-22 11:44:55.444root 11241100x80000000000000003844862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db65af9091377e962021-12-22 11:44:55.444root 11241100x80000000000000003844863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a201e0579cedef292021-12-22 11:44:55.444root 11241100x80000000000000003844864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1c4396e5e43d502021-12-22 11:44:55.444root 11241100x80000000000000003844865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a39978addce4d52021-12-22 11:44:55.444root 11241100x80000000000000003844866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fad812808b7c082021-12-22 11:44:55.444root 11241100x80000000000000003844867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5155c6d72a46e0b2021-12-22 11:44:55.444root 11241100x80000000000000003844868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12e38996e90cca52021-12-22 11:44:55.445root 11241100x80000000000000003844869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b813d24c08cd2c02021-12-22 11:44:55.445root 11241100x80000000000000003844870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04aa33bf7b2cefe2021-12-22 11:44:55.445root 11241100x80000000000000003844871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28f15a3c4932f942021-12-22 11:44:55.943root 11241100x80000000000000003844872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3763119b52139782021-12-22 11:44:55.943root 11241100x80000000000000003844873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203148e6dbb558292021-12-22 11:44:55.943root 11241100x80000000000000003844874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493bc72048e99b962021-12-22 11:44:55.943root 11241100x80000000000000003844875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e91e3ab5b73ef552021-12-22 11:44:55.944root 11241100x80000000000000003844876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3418adc3512ea92021-12-22 11:44:55.944root 11241100x80000000000000003844877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4744e600f06013132021-12-22 11:44:55.944root 11241100x80000000000000003844878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d713b0aa3e88744b2021-12-22 11:44:55.944root 11241100x80000000000000003844879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e132aaadd7ea2d2021-12-22 11:44:55.944root 11241100x80000000000000003844880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d231b04bac1d40b02021-12-22 11:44:55.944root 11241100x80000000000000003844881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9528ae1df1b1732021-12-22 11:44:55.944root 11241100x80000000000000003844882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b8a1a2a2ddf7952021-12-22 11:44:55.944root 11241100x80000000000000003844883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c061ee9425cfe5842021-12-22 11:44:55.944root 11241100x80000000000000003844884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97ccc5a67d344c42021-12-22 11:44:55.944root 11241100x80000000000000003844885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce25ab4d128e93b02021-12-22 11:44:55.945root 11241100x80000000000000003844886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4986ad5bda512fab2021-12-22 11:44:55.945root 11241100x80000000000000003844887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70978208a0ba44052021-12-22 11:44:55.945root 354300x80000000000000003844888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.158{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55398-false10.0.1.12-8000- 11241100x80000000000000003844889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59239f443e1d1a932021-12-22 11:44:56.443root 11241100x80000000000000003844890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1dfe7a0c02466592021-12-22 11:44:56.443root 11241100x80000000000000003844891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997f3acc67ff6bdf2021-12-22 11:44:56.443root 11241100x80000000000000003844892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31a4a833ac551272021-12-22 11:44:56.443root 11241100x80000000000000003844893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8fa7fef376298992021-12-22 11:44:56.443root 11241100x80000000000000003844894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59dafa584b9496622021-12-22 11:44:56.444root 11241100x80000000000000003844895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1953b3742859412021-12-22 11:44:56.444root 11241100x80000000000000003844896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51af1a1c5fd70dac2021-12-22 11:44:56.444root 11241100x80000000000000003844897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e945d39dc64894932021-12-22 11:44:56.444root 11241100x80000000000000003844898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be99303e9af6591c2021-12-22 11:44:56.444root 11241100x80000000000000003844899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7616c6e79ee1a1bc2021-12-22 11:44:56.444root 11241100x80000000000000003844900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22cf0ed7dcf5f0102021-12-22 11:44:56.444root 11241100x80000000000000003844901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd4c2678411e3a52021-12-22 11:44:56.444root 11241100x80000000000000003844902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8dbb5d0db603b6d2021-12-22 11:44:56.444root 11241100x80000000000000003844903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084c8eaf0346e09e2021-12-22 11:44:56.445root 11241100x80000000000000003844904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a478ab9460b2de572021-12-22 11:44:56.445root 11241100x80000000000000003844905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33c207ef45eba662021-12-22 11:44:56.445root 11241100x80000000000000003844906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f253faee0fc236b2021-12-22 11:44:56.445root 11241100x80000000000000003844907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b66507c6c366b022021-12-22 11:44:56.943root 11241100x80000000000000003844908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1453e0151a29caa82021-12-22 11:44:56.943root 11241100x80000000000000003844909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200518f220a5d1b82021-12-22 11:44:56.943root 11241100x80000000000000003844910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fad36bc8f9e132b2021-12-22 11:44:56.943root 11241100x80000000000000003844911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c6ed2ccc6e53a42021-12-22 11:44:56.943root 11241100x80000000000000003844912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e80f6e8cef0444a2021-12-22 11:44:56.944root 11241100x80000000000000003844913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f537a39502246b6e2021-12-22 11:44:56.944root 11241100x80000000000000003844914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284726e05b750f1b2021-12-22 11:44:56.944root 11241100x80000000000000003844915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097f1de8923f8cc42021-12-22 11:44:56.944root 11241100x80000000000000003844916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8a39f747d736a12021-12-22 11:44:56.944root 11241100x80000000000000003844917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266369a8cf5d5d922021-12-22 11:44:56.944root 11241100x80000000000000003844918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f4e2ed504f2c442021-12-22 11:44:56.944root 11241100x80000000000000003844919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07344a46927f6b062021-12-22 11:44:56.944root 11241100x80000000000000003844920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690fe63b8093e3bf2021-12-22 11:44:56.944root 11241100x80000000000000003844921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20dd06c6afacafde2021-12-22 11:44:56.944root 11241100x80000000000000003844922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a543ce22e345d6502021-12-22 11:44:56.944root 11241100x80000000000000003844923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae961454795bd052021-12-22 11:44:56.944root 11241100x80000000000000003844924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a435faa333f7e80e2021-12-22 11:44:56.944root 11241100x80000000000000003844925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a9c9ce9a31e98c2021-12-22 11:44:57.443root 11241100x80000000000000003844926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff589d35f491eed2021-12-22 11:44:57.443root 11241100x80000000000000003844927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d8cea4553dafd72021-12-22 11:44:57.443root 11241100x80000000000000003844928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc3b69978a5ccc22021-12-22 11:44:57.443root 11241100x80000000000000003844929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7248ddf212d43192021-12-22 11:44:57.443root 11241100x80000000000000003844930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43de6e1099d630992021-12-22 11:44:57.444root 11241100x80000000000000003844931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783c09adf36030432021-12-22 11:44:57.444root 11241100x80000000000000003844932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7f749822ef181f2021-12-22 11:44:57.444root 11241100x80000000000000003844933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1829b76ef76efeb92021-12-22 11:44:57.444root 11241100x80000000000000003844934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10dbc675cac2957d2021-12-22 11:44:57.444root 11241100x80000000000000003844935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b23a3cd1f1e7e82021-12-22 11:44:57.444root 11241100x80000000000000003844936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6aaf55da02bf8e62021-12-22 11:44:57.444root 11241100x80000000000000003844937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7dc5392d4e98fac2021-12-22 11:44:57.444root 11241100x80000000000000003844938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6564fa9843412dbe2021-12-22 11:44:57.444root 11241100x80000000000000003844939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8af3b42c0eb3362021-12-22 11:44:57.444root 11241100x80000000000000003844940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b31661414ddbd42021-12-22 11:44:57.444root 11241100x80000000000000003844941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a31dd042d08a6302021-12-22 11:44:57.444root 11241100x80000000000000003844942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d550c61b23efa072021-12-22 11:44:57.444root 11241100x80000000000000003844943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503eb970017c8dca2021-12-22 11:44:57.943root 11241100x80000000000000003844944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2152afd6257610f2021-12-22 11:44:57.943root 11241100x80000000000000003844945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a6cdb3972298f32021-12-22 11:44:57.943root 11241100x80000000000000003844946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078f81558e6d69462021-12-22 11:44:57.943root 11241100x80000000000000003844947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d6657d309092fc2021-12-22 11:44:57.943root 11241100x80000000000000003844948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611d0c88867fa06b2021-12-22 11:44:57.944root 11241100x80000000000000003844949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99f09c7ebaeb0a42021-12-22 11:44:57.944root 11241100x80000000000000003844950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ad4442d78002382021-12-22 11:44:57.944root 11241100x80000000000000003844951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2063e93f04cbe6fc2021-12-22 11:44:57.944root 11241100x80000000000000003844952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb48ec77c0c15592021-12-22 11:44:57.944root 11241100x80000000000000003844953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e7140106d1d2102021-12-22 11:44:57.944root 11241100x80000000000000003844954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91659b438f823862021-12-22 11:44:57.944root 11241100x80000000000000003844955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c71e49fe96071a2021-12-22 11:44:57.944root 11241100x80000000000000003844956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242ae8e8a3dc1c7b2021-12-22 11:44:57.944root 11241100x80000000000000003844957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4044e7010632a0c02021-12-22 11:44:57.944root 11241100x80000000000000003844958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb8d282333263362021-12-22 11:44:57.944root 11241100x80000000000000003844959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42af385c8498a94c2021-12-22 11:44:57.944root 11241100x80000000000000003844960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac22d4124aeba64f2021-12-22 11:44:57.944root 11241100x80000000000000003844961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c8a67544528d1d2021-12-22 11:44:58.443root 11241100x80000000000000003844962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68aa15a6de950af2021-12-22 11:44:58.443root 11241100x80000000000000003844963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f3318f67cbf7122021-12-22 11:44:58.443root 11241100x80000000000000003844964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d681ec307382f12021-12-22 11:44:58.443root 11241100x80000000000000003844965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc11cecb2c5b7f8e2021-12-22 11:44:58.444root 11241100x80000000000000003844966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26892a1a0865f8772021-12-22 11:44:58.444root 11241100x80000000000000003844967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d8ccde9d56c1492021-12-22 11:44:58.444root 11241100x80000000000000003844968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29a61ad2ee21d372021-12-22 11:44:58.444root 11241100x80000000000000003844969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eff503982fd17fc2021-12-22 11:44:58.444root 11241100x80000000000000003844970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ce75d6cf1ce9832021-12-22 11:44:58.444root 11241100x80000000000000003844971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6adac523ecae702021-12-22 11:44:58.444root 11241100x80000000000000003844972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f8f04cbc6457f52021-12-22 11:44:58.444root 11241100x80000000000000003844973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d599d24a8b42a22021-12-22 11:44:58.444root 11241100x80000000000000003844974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ccc9b63f9e239b2021-12-22 11:44:58.444root 11241100x80000000000000003844975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619277be7b4cf9302021-12-22 11:44:58.444root 11241100x80000000000000003844976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a231f20aaa526f72021-12-22 11:44:58.444root 11241100x80000000000000003844977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4175a9a85067aa2021-12-22 11:44:58.444root 11241100x80000000000000003844978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2cb161ad6aac032021-12-22 11:44:58.444root 11241100x80000000000000003844979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61498f0ac06ab3822021-12-22 11:44:58.943root 11241100x80000000000000003844980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc64e0038e2ef822021-12-22 11:44:58.943root 11241100x80000000000000003844981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ea958c15edc1a42021-12-22 11:44:58.943root 11241100x80000000000000003844982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d966e671b82773f92021-12-22 11:44:58.943root 11241100x80000000000000003844983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a57bc339aef3482021-12-22 11:44:58.943root 11241100x80000000000000003844984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23efa768e4f846f82021-12-22 11:44:58.944root 11241100x80000000000000003844985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e76c9b4ffc2ddfe2021-12-22 11:44:58.944root 11241100x80000000000000003844986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e6b890669289462021-12-22 11:44:58.944root 11241100x80000000000000003844987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e251ee181af416f82021-12-22 11:44:58.944root 11241100x80000000000000003844988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4332060845a3342021-12-22 11:44:58.944root 11241100x80000000000000003844989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34dd9eedc14238422021-12-22 11:44:58.944root 11241100x80000000000000003844990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96769b38bf578eaf2021-12-22 11:44:58.944root 11241100x80000000000000003844991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c2f9e563ce6c762021-12-22 11:44:58.944root 11241100x80000000000000003844992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8eb993f0e0ad45d2021-12-22 11:44:58.944root 11241100x80000000000000003844993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d773f4269425332021-12-22 11:44:58.944root 11241100x80000000000000003844994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233a27e1add2e8ec2021-12-22 11:44:58.944root 11241100x80000000000000003844995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90092cf133da46a2021-12-22 11:44:58.944root 11241100x80000000000000003844996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212036300a5d91342021-12-22 11:44:58.944root 11241100x80000000000000003844997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33754a0031e2fd842021-12-22 11:44:59.443root 11241100x80000000000000003844998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa7085dd06116572021-12-22 11:44:59.443root 11241100x80000000000000003844999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4669aa9b2dee0fb82021-12-22 11:44:59.443root 11241100x80000000000000003845000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3677a2c49ebde62021-12-22 11:44:59.443root 11241100x80000000000000003845001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0787f15f767a88c52021-12-22 11:44:59.444root 11241100x80000000000000003845002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e6063ad1b5397f2021-12-22 11:44:59.444root 11241100x80000000000000003845003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3cb3eb4df82b7992021-12-22 11:44:59.444root 11241100x80000000000000003845004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5426f8abb02fbdf82021-12-22 11:44:59.444root 11241100x80000000000000003845005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df75e0292a7551a2021-12-22 11:44:59.444root 11241100x80000000000000003845006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d30c9776993b052021-12-22 11:44:59.444root 11241100x80000000000000003845007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40abf5fc80220e352021-12-22 11:44:59.444root 11241100x80000000000000003845008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d190a17f3ba6d72021-12-22 11:44:59.444root 11241100x80000000000000003845009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58bb8d51371779222021-12-22 11:44:59.444root 11241100x80000000000000003845010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c0321af845f7b52021-12-22 11:44:59.444root 11241100x80000000000000003845011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b124f8131a6f39f2021-12-22 11:44:59.445root 11241100x80000000000000003845012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6aa96bc8fadc0392021-12-22 11:44:59.445root 11241100x80000000000000003845013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aeec3e766d3d2422021-12-22 11:44:59.445root 11241100x80000000000000003845014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442b7f9274f374c02021-12-22 11:44:59.445root 11241100x80000000000000003845015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96857fcf636a2a82021-12-22 11:44:59.943root 11241100x80000000000000003845016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086529921fa8c4792021-12-22 11:44:59.943root 11241100x80000000000000003845017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b965b3ee7977cb2021-12-22 11:44:59.943root 11241100x80000000000000003845018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7963aadf9ce4042021-12-22 11:44:59.943root 11241100x80000000000000003845019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d7f6b16caad8612021-12-22 11:44:59.944root 11241100x80000000000000003845020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99b0c0a1b15670c2021-12-22 11:44:59.944root 11241100x80000000000000003845021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ded88fc88d327c2021-12-22 11:44:59.944root 11241100x80000000000000003845022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c001c38b8be1742021-12-22 11:44:59.944root 11241100x80000000000000003845023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e072d656c2e0ae2021-12-22 11:44:59.944root 11241100x80000000000000003845024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230dbe06e001da792021-12-22 11:44:59.944root 11241100x80000000000000003845025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6af8e4e3c8556a32021-12-22 11:44:59.944root 11241100x80000000000000003845026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff88e30a43293ead2021-12-22 11:44:59.944root 11241100x80000000000000003845027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0199ee9e8243d62021-12-22 11:44:59.944root 11241100x80000000000000003845028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ec0bc4ecdbcaa82021-12-22 11:44:59.945root 11241100x80000000000000003845029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663e453998fd08552021-12-22 11:44:59.945root 11241100x80000000000000003845030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c4c8a4c96c02f02021-12-22 11:44:59.945root 11241100x80000000000000003845031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480c3283014eeeeb2021-12-22 11:44:59.945root 11241100x80000000000000003845032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80dbca5e5f1b2df82021-12-22 11:44:59.945root 11241100x80000000000000003845033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ef921f391bb7af2021-12-22 11:45:00.443root 11241100x80000000000000003845034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4120b73c24ca02d02021-12-22 11:45:00.443root 11241100x80000000000000003845035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881b2995c91162ad2021-12-22 11:45:00.443root 11241100x80000000000000003845036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86cde715502026952021-12-22 11:45:00.443root 11241100x80000000000000003845037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5624331a05eb18182021-12-22 11:45:00.444root 11241100x80000000000000003845038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8fd63f74bc16842021-12-22 11:45:00.444root 11241100x80000000000000003845039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9875e37de1911602021-12-22 11:45:00.444root 11241100x80000000000000003845040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d200ec4f6f73062021-12-22 11:45:00.444root 11241100x80000000000000003845041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6324e6cb7883c20b2021-12-22 11:45:00.444root 11241100x80000000000000003845042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7f1423a0f815192021-12-22 11:45:00.444root 11241100x80000000000000003845043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd838eba2219aaff2021-12-22 11:45:00.444root 11241100x80000000000000003845044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed06f75a9cbded22021-12-22 11:45:00.444root 11241100x80000000000000003845045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420095784ae6308f2021-12-22 11:45:00.444root 11241100x80000000000000003845046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba230821d9f4a3e62021-12-22 11:45:00.444root 11241100x80000000000000003845047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9221714bc05ce22021-12-22 11:45:00.444root 11241100x80000000000000003845048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6826e2782426a62021-12-22 11:45:00.444root 11241100x80000000000000003845049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7581be78188a2b92021-12-22 11:45:00.444root 11241100x80000000000000003845050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e5cd90a0025ae52021-12-22 11:45:00.444root 11241100x80000000000000003845051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb2c58fdc2c6c9a2021-12-22 11:45:00.943root 11241100x80000000000000003845052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d1b500e04fa1a22021-12-22 11:45:00.943root 11241100x80000000000000003845053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbf3de35035de672021-12-22 11:45:00.943root 11241100x80000000000000003845054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9c973b41c6a6ef2021-12-22 11:45:00.943root 11241100x80000000000000003845055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976a3628b6f2091e2021-12-22 11:45:00.944root 11241100x80000000000000003845056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291812ac0e7a2e622021-12-22 11:45:00.944root 11241100x80000000000000003845057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6064147926f483ca2021-12-22 11:45:00.944root 11241100x80000000000000003845058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52a857ccf53be2a2021-12-22 11:45:00.944root 11241100x80000000000000003845059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed3989475df571e2021-12-22 11:45:00.944root 11241100x80000000000000003845060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76491d01b85d9a412021-12-22 11:45:00.944root 11241100x80000000000000003845061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deff4f20f0f2f7402021-12-22 11:45:00.944root 11241100x80000000000000003845062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7820b6dcae35f202021-12-22 11:45:00.944root 11241100x80000000000000003845063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8119fc1c955c9b642021-12-22 11:45:00.944root 11241100x80000000000000003845064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b61178bd9d2913d2021-12-22 11:45:00.944root 11241100x80000000000000003845065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af24f4bc1f261f72021-12-22 11:45:00.944root 11241100x80000000000000003845066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b381c2987658ffc62021-12-22 11:45:00.944root 11241100x80000000000000003845067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8647a4f3cebc7bb32021-12-22 11:45:00.944root 11241100x80000000000000003845068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff24e7249bbc5b462021-12-22 11:45:00.944root 11241100x80000000000000003845069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4595acef240e682021-12-22 11:45:00.945root 11241100x80000000000000003845070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbc99e264e9a36f2021-12-22 11:45:00.946root 11241100x80000000000000003845071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a4806a65fe22cf2021-12-22 11:45:00.946root 11241100x80000000000000003845072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993d3861b9765d932021-12-22 11:45:00.946root 11241100x80000000000000003845073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7232ef9f3e117b582021-12-22 11:45:00.946root 11241100x80000000000000003845074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ade87624f3f46e2021-12-22 11:45:00.946root 11241100x80000000000000003845075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79be7c2113633be72021-12-22 11:45:00.946root 11241100x80000000000000003845076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d83ce5182c41eb2021-12-22 11:45:00.947root 11241100x80000000000000003845077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e410b2d17cde2ed2021-12-22 11:45:00.947root 11241100x80000000000000003845078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670ed3a8bc33f8b92021-12-22 11:45:00.947root 11241100x80000000000000003845079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19231c09e3e9eb32021-12-22 11:45:00.947root 11241100x80000000000000003845080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bddd941de382b52021-12-22 11:45:00.947root 11241100x80000000000000003845081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2880286111bb282021-12-22 11:45:00.947root 354300x80000000000000003845082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.237{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55400-false10.0.1.12-8000- 11241100x80000000000000003845083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4141da35ca64ecdc2021-12-22 11:45:01.239root 11241100x80000000000000003845084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6171b0f4f27a7852021-12-22 11:45:01.239root 11241100x80000000000000003845085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24465c8d48c988d32021-12-22 11:45:01.239root 11241100x80000000000000003845086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275b46037f5668af2021-12-22 11:45:01.240root 11241100x80000000000000003845087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a53982301648032021-12-22 11:45:01.240root 11241100x80000000000000003845088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c595e12cc99ae022021-12-22 11:45:01.240root 11241100x80000000000000003845089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956561c7b0c3b86e2021-12-22 11:45:01.240root 11241100x80000000000000003845090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509a21b78388c3b92021-12-22 11:45:01.240root 11241100x80000000000000003845091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48fdaee8c15b0bf2021-12-22 11:45:01.240root 11241100x80000000000000003845092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d91c1f53784c102021-12-22 11:45:01.241root 11241100x80000000000000003845093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0306c8fce7caddcb2021-12-22 11:45:01.241root 11241100x80000000000000003845094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857fa4479d688d512021-12-22 11:45:01.241root 11241100x80000000000000003845095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8865f8429f23601c2021-12-22 11:45:01.241root 11241100x80000000000000003845096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.affcef63df8ea0dc2021-12-22 11:45:01.241root 11241100x80000000000000003845097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295b99f540e42c5f2021-12-22 11:45:01.242root 11241100x80000000000000003845098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39dda32bb87a38eb2021-12-22 11:45:01.242root 11241100x80000000000000003845099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c2a8d5959bab0762021-12-22 11:45:01.242root 11241100x80000000000000003845100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30da003507fb4312021-12-22 11:45:01.242root 11241100x80000000000000003845101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9aa7a975bb29582021-12-22 11:45:01.242root 11241100x80000000000000003845102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd22055a0f93ceb52021-12-22 11:45:01.693root 11241100x80000000000000003845103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f20002fd45702b2021-12-22 11:45:01.693root 11241100x80000000000000003845104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fedbc794b7bbd28d2021-12-22 11:45:01.694root 11241100x80000000000000003845105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b9fd59ca6886752021-12-22 11:45:01.694root 11241100x80000000000000003845106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1e4765675c06b72021-12-22 11:45:01.694root 11241100x80000000000000003845107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b288dc76d066e72021-12-22 11:45:01.694root 11241100x80000000000000003845108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcdca81c3a65cb482021-12-22 11:45:01.694root 11241100x80000000000000003845109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4666a29c63cb37232021-12-22 11:45:01.695root 11241100x80000000000000003845110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc94d7cd10fbc40d2021-12-22 11:45:01.695root 11241100x80000000000000003845111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66bcfd327edd2ab72021-12-22 11:45:01.695root 11241100x80000000000000003845112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6acc8b29a3d56c2021-12-22 11:45:01.695root 11241100x80000000000000003845113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8a5db16c441f6b2021-12-22 11:45:01.695root 11241100x80000000000000003845114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6af722264e506a2021-12-22 11:45:01.695root 11241100x80000000000000003845115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b3ac84a34e45ed2021-12-22 11:45:01.696root 11241100x80000000000000003845116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df207ea7ea8a5222021-12-22 11:45:01.696root 11241100x80000000000000003845117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c32c67d0945c552021-12-22 11:45:01.696root 11241100x80000000000000003845118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6cb1f9ae227d522021-12-22 11:45:01.696root 11241100x80000000000000003845119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd26f06777991b12021-12-22 11:45:01.696root 11241100x80000000000000003845120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93b44505f91428a2021-12-22 11:45:01.696root 11241100x80000000000000003845121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70511c543d2bf322021-12-22 11:45:02.193root 11241100x80000000000000003845122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28cfb6228246a2f82021-12-22 11:45:02.193root 11241100x80000000000000003845123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11559381fbf205892021-12-22 11:45:02.193root 11241100x80000000000000003845124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4fa1c2ec4aab92f2021-12-22 11:45:02.193root 11241100x80000000000000003845125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05762f924b01e352021-12-22 11:45:02.193root 11241100x80000000000000003845126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3fccfa9a4424bdc2021-12-22 11:45:02.193root 11241100x80000000000000003845127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83fef249deb6a0e2021-12-22 11:45:02.193root 11241100x80000000000000003845128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c380df42f2165b2021-12-22 11:45:02.194root 11241100x80000000000000003845129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e072a37412fca3d2021-12-22 11:45:02.194root 11241100x80000000000000003845130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a99092d3cba3f52021-12-22 11:45:02.194root 11241100x80000000000000003845131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfac8b89346bb2c2021-12-22 11:45:02.194root 11241100x80000000000000003845132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a56c5a873745d092021-12-22 11:45:02.194root 11241100x80000000000000003845133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3060365a0fab1bf2021-12-22 11:45:02.194root 11241100x80000000000000003845134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d30abbb044552c62021-12-22 11:45:02.194root 11241100x80000000000000003845135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381e861e165910d42021-12-22 11:45:02.194root 11241100x80000000000000003845136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8a8c59be5f5aac2021-12-22 11:45:02.195root 11241100x80000000000000003845137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a1d786a1e6519c2021-12-22 11:45:02.195root 11241100x80000000000000003845138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40883a7549ab668b2021-12-22 11:45:02.195root 11241100x80000000000000003845139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c2b99962ceb6cf2021-12-22 11:45:02.195root 11241100x80000000000000003845140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8483e5a56864842021-12-22 11:45:02.195root 11241100x80000000000000003845141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440937f5c574f6a12021-12-22 11:45:02.195root 11241100x80000000000000003845142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031132ed60d50da02021-12-22 11:45:02.196root 11241100x80000000000000003845143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b3eb5dccfbc00e2021-12-22 11:45:02.196root 11241100x80000000000000003845144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d5202a63091e3b2021-12-22 11:45:02.196root 11241100x80000000000000003845145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5aced5e9181fe2e2021-12-22 11:45:02.196root 11241100x80000000000000003845146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11327eef0c6398992021-12-22 11:45:02.693root 11241100x80000000000000003845147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ccb8187785bf762021-12-22 11:45:02.693root 11241100x80000000000000003845148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf508ad0d44bc8df2021-12-22 11:45:02.693root 11241100x80000000000000003845149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07275d12d2de7d42021-12-22 11:45:02.693root 11241100x80000000000000003845150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11dcdc26f712ad112021-12-22 11:45:02.694root 11241100x80000000000000003845151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1088fe81726de92021-12-22 11:45:02.694root 11241100x80000000000000003845152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ca56cbd4f3ef122021-12-22 11:45:02.694root 11241100x80000000000000003845153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe38f05e85ad76e2021-12-22 11:45:02.694root 11241100x80000000000000003845154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffbd743e635dda8f2021-12-22 11:45:02.694root 11241100x80000000000000003845155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bec63b4205756002021-12-22 11:45:02.694root 11241100x80000000000000003845156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0846479a8593f3672021-12-22 11:45:02.694root 11241100x80000000000000003845157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d0514e1eed0a422021-12-22 11:45:02.694root 23542300x80000000000000003845178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:06.145{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000003845179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:06.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8bac15ba2bd0442021-12-22 11:45:06.442root 534500x80000000000000003845180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:06.772{ec2b6afe-9233-61c1-c81a-006eee550000}454/lib/systemd/systemd-journaldroot 11241100x80000000000000003845181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:06.773{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1a184194e25e9b2021-12-22 11:45:06.773root 11241100x80000000000000003845182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:07.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4823bcc3d9da802021-12-22 11:45:07.192root 11241100x80000000000000003845183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:07.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99c0f514de8b8292021-12-22 11:45:07.192root 354300x80000000000000003845184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:07.225{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55402-false10.0.1.12-8000- 11241100x80000000000000003845185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:07.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d56ff7b7852dcc2021-12-22 11:45:07.692root 11241100x80000000000000003845186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d6668425548c7f2021-12-22 11:45:07.693root 11241100x80000000000000003845187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca2f7f80c10d3252021-12-22 11:45:07.693root 11241100x80000000000000003845188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:08.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e5098bb77cd2892021-12-22 11:45:08.192root 11241100x80000000000000003845189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc47ab416e11cf2b2021-12-22 11:45:08.193root 11241100x80000000000000003845190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5105feee06e37f6a2021-12-22 11:45:08.193root 11241100x80000000000000003845191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:08.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177faadef05dcfe92021-12-22 11:45:08.692root 11241100x80000000000000003845192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cee79fdacefdd642021-12-22 11:45:08.693root 11241100x80000000000000003845193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3a7db44ad670032021-12-22 11:45:08.693root 11241100x80000000000000003845194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:09.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c51e6f551757792021-12-22 11:45:09.192root 11241100x80000000000000003845195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0190dddb4a531a0e2021-12-22 11:45:09.193root 11241100x80000000000000003845196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5917d390d58965032021-12-22 11:45:09.193root 11241100x80000000000000003845197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:09.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6effa925b8c79e42021-12-22 11:45:09.692root 11241100x80000000000000003845198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e1b51e3e8331882021-12-22 11:45:09.693root 11241100x80000000000000003845199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9b051c83baea762021-12-22 11:45:09.693root 11241100x80000000000000003845200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:10.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e3732ab67937b32021-12-22 11:45:10.192root 11241100x80000000000000003845201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16d1305e4d8747b2021-12-22 11:45:10.193root 11241100x80000000000000003845202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60cc34b206e1c712021-12-22 11:45:10.193root 11241100x80000000000000003845203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:10.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69fa974a25ed9e72021-12-22 11:45:10.692root 11241100x80000000000000003845204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ced2573a9d10fa2021-12-22 11:45:10.693root 11241100x80000000000000003845205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c15fa4f9527e3f72021-12-22 11:45:10.693root 11241100x80000000000000003845206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:11.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102d9a31e08054092021-12-22 11:45:11.192root 11241100x80000000000000003845207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a674a8410abc412021-12-22 11:45:11.193root 11241100x80000000000000003845208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220628494fee58222021-12-22 11:45:11.193root 11241100x80000000000000003845209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:11.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a0185d483844312021-12-22 11:45:11.692root 11241100x80000000000000003845210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f3cdfc3c9019662021-12-22 11:45:11.693root 11241100x80000000000000003845211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8cf70b64cabf2032021-12-22 11:45:11.693root 11241100x80000000000000003845212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:12.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdfcfd70ff075732021-12-22 11:45:12.192root 11241100x80000000000000003845213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f8584b3c0639092021-12-22 11:45:12.193root 11241100x80000000000000003845214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e57fd89f39c3572021-12-22 11:45:12.193root 11241100x80000000000000003845215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:12.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b489394c960aaa942021-12-22 11:45:12.692root 11241100x80000000000000003845216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:12.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f5c159dec81b352021-12-22 11:45:12.692root 11241100x80000000000000003845217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986fa0a8163964d82021-12-22 11:45:12.693root 11241100x80000000000000003845218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:13.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0351c6503b6b7722021-12-22 11:45:13.192root 11241100x80000000000000003845219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5dc9d73f95b5fb2021-12-22 11:45:13.193root 11241100x80000000000000003845220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd2219cf7153a292021-12-22 11:45:13.193root 354300x80000000000000003845221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:13.198{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55404-false10.0.1.12-8000- 11241100x80000000000000003845222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b448fd5c938ab0d2021-12-22 11:45:13.693root 11241100x80000000000000003845223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6d6f74536c89232021-12-22 11:45:13.693root 11241100x80000000000000003845224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3c7abbdb17a8d02021-12-22 11:45:13.693root 11241100x80000000000000003845225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19286bedc4fb44d2021-12-22 11:45:13.693root 11241100x80000000000000003845226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:14.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a908179fa1f9d342021-12-22 11:45:14.192root 11241100x80000000000000003845227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c200a2593b20632021-12-22 11:45:14.193root 11241100x80000000000000003845228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f635b8a933480cc42021-12-22 11:45:14.193root 11241100x80000000000000003845229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16823882860258b12021-12-22 11:45:14.193root 11241100x80000000000000003845230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:14.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ccd6141231ce54d2021-12-22 11:45:14.692root 11241100x80000000000000003845231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a91ef5056333a9e2021-12-22 11:45:14.693root 11241100x80000000000000003845232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046fa2e2d052e6c52021-12-22 11:45:14.693root 11241100x80000000000000003845233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bc4e06c1a917392021-12-22 11:45:14.693root 11241100x80000000000000003845234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:15.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1013f9362f322a2021-12-22 11:45:15.192root 11241100x80000000000000003845235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d7d2d48796f5302021-12-22 11:45:15.193root 11241100x80000000000000003845236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d4b72c699101af2021-12-22 11:45:15.193root 11241100x80000000000000003845237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38cf593f190516682021-12-22 11:45:15.193root 11241100x80000000000000003845238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:15.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34941abffbb62c22021-12-22 11:45:15.692root 11241100x80000000000000003845239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba7ae344812b5d92021-12-22 11:45:15.693root 11241100x80000000000000003845240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d37fb00368bb38d2021-12-22 11:45:15.693root 11241100x80000000000000003845241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5fdab79b87ff1a2021-12-22 11:45:15.693root 11241100x80000000000000003845242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:16.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88bf6611a540e952021-12-22 11:45:16.192root 11241100x80000000000000003845243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c71546957a121f2021-12-22 11:45:16.193root 11241100x80000000000000003845244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5b8f41dec1bcae2021-12-22 11:45:16.193root 11241100x80000000000000003845245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca3149389c659e12021-12-22 11:45:16.193root 11241100x80000000000000003845246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:16.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e52d275ee118cd2021-12-22 11:45:16.692root 11241100x80000000000000003845247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961646c0fb4a639c2021-12-22 11:45:16.693root 11241100x80000000000000003845248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ece04db4e08abc2021-12-22 11:45:16.693root 11241100x80000000000000003845249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3152d519ca8ead842021-12-22 11:45:16.693root 11241100x80000000000000003845250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:17.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96187c7e52a064a72021-12-22 11:45:17.192root 11241100x80000000000000003845251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee38abbfe39205c2021-12-22 11:45:17.193root 11241100x80000000000000003845252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cde0d5f424228cf2021-12-22 11:45:17.193root 11241100x80000000000000003845253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c591a214c81941d82021-12-22 11:45:17.193root 11241100x80000000000000003845254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:17.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ac065f6b7fbf432021-12-22 11:45:17.692root 11241100x80000000000000003845255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8316fe39d4253ed62021-12-22 11:45:17.693root 11241100x80000000000000003845256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c21a0df8d678ad2021-12-22 11:45:17.693root 11241100x80000000000000003845257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb70d0db29b887b2021-12-22 11:45:17.693root 11241100x80000000000000003845258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a6c62f5b1391752021-12-22 11:45:18.193root 11241100x80000000000000003845259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db765817b519e12e2021-12-22 11:45:18.193root 11241100x80000000000000003845260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32efc09c38a88cc92021-12-22 11:45:18.193root 11241100x80000000000000003845261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71422b437d0de4582021-12-22 11:45:18.193root 11241100x80000000000000003845262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:18.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a576d487b71f882021-12-22 11:45:18.692root 11241100x80000000000000003845263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3009e4e4197c35e82021-12-22 11:45:18.693root 11241100x80000000000000003845264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b32569c6ec35572021-12-22 11:45:18.693root 11241100x80000000000000003845265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6ef50c0a59c1632021-12-22 11:45:18.693root 354300x80000000000000003845266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:19.077{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55406-false10.0.1.12-8000- 11241100x80000000000000003845267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:19.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0c1f3976221a3f2021-12-22 11:45:19.078root 11241100x80000000000000003845268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:19.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d156550c94b15e292021-12-22 11:45:19.078root 11241100x80000000000000003845269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:19.079{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01045864c3c178ec2021-12-22 11:45:19.079root 11241100x80000000000000003845270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:19.079{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7228b8a587a354d2021-12-22 11:45:19.079root 11241100x80000000000000003845271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4572146a6e39ff3a2021-12-22 11:45:19.443root 11241100x80000000000000003845272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f684378d36c8d02021-12-22 11:45:19.443root 11241100x80000000000000003845273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7274677dc208dc2021-12-22 11:45:19.443root 11241100x80000000000000003845274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1c1ac6ffc1d2752021-12-22 11:45:19.443root 11241100x80000000000000003845275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75220dd8966179d92021-12-22 11:45:19.444root 11241100x80000000000000003845276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e410d40a3b6679d2021-12-22 11:45:19.943root 11241100x80000000000000003845277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10cf3c5a79ec3042021-12-22 11:45:19.943root 11241100x80000000000000003845278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46371cd066d702f72021-12-22 11:45:19.943root 11241100x80000000000000003845279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8eabe2b68dddb92021-12-22 11:45:19.943root 11241100x80000000000000003845280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44897220561b1d7f2021-12-22 11:45:19.943root 11241100x80000000000000003845281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4797d7c10705b92021-12-22 11:45:20.443root 11241100x80000000000000003845282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef25b878b44b75c02021-12-22 11:45:20.443root 11241100x80000000000000003845283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab93aa409ce4af222021-12-22 11:45:20.443root 11241100x80000000000000003845284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7ed569463af3c32021-12-22 11:45:20.443root 11241100x80000000000000003845285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45fdd263fd03fa02021-12-22 11:45:20.443root 11241100x80000000000000003845286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725653f2c3bfab612021-12-22 11:45:20.943root 11241100x80000000000000003845287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aef2f50effef29c2021-12-22 11:45:20.943root 11241100x80000000000000003845288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2466e614d948f58a2021-12-22 11:45:20.943root 11241100x80000000000000003845289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba475fa4957df112021-12-22 11:45:20.944root 11241100x80000000000000003845290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462c57a326059bc82021-12-22 11:45:20.944root 11241100x80000000000000003845291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:21.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2202bba3df7366f2021-12-22 11:45:21.442root 11241100x80000000000000003845292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd5bf84c161dd5a2021-12-22 11:45:21.443root 11241100x80000000000000003845293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3715c71823e3ef2021-12-22 11:45:21.443root 11241100x80000000000000003845294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcfd4a930f079c1c2021-12-22 11:45:21.443root 11241100x80000000000000003845295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0e4fb64395e3fb2021-12-22 11:45:21.443root 11241100x80000000000000003845296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:21.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7e7bbd7bf31b132021-12-22 11:45:21.942root 11241100x80000000000000003845297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8395815d6b54c3392021-12-22 11:45:21.943root 11241100x80000000000000003845298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4024cc48f777ba42021-12-22 11:45:21.943root 11241100x80000000000000003845299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f31ccc1b61f019e2021-12-22 11:45:21.943root 11241100x80000000000000003845300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30cedf695565317d2021-12-22 11:45:21.943root 11241100x80000000000000003845301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f571ab134bbc10ed2021-12-22 11:45:22.443root 11241100x80000000000000003845302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14630166f7cf304e2021-12-22 11:45:22.443root 11241100x80000000000000003845303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee6debaba912ddc2021-12-22 11:45:22.443root 11241100x80000000000000003845304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a67139b53efb2a72021-12-22 11:45:22.443root 11241100x80000000000000003845305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b43ac07f74d95d2021-12-22 11:45:22.443root 11241100x80000000000000003845306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:22.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8267f9f017a83e2021-12-22 11:45:22.942root 11241100x80000000000000003845307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a106da5545a111a2021-12-22 11:45:22.943root 11241100x80000000000000003845308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc49a9fab22a8e052021-12-22 11:45:22.943root 11241100x80000000000000003845309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1986121939a64ab22021-12-22 11:45:22.943root 11241100x80000000000000003845310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d2c6b5a7f5b91c2021-12-22 11:45:22.943root 11241100x80000000000000003845311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278cd9fb137f57012021-12-22 11:45:23.443root 11241100x80000000000000003845312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c23fe4a87dc9ed2021-12-22 11:45:23.443root 11241100x80000000000000003845313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836f8d47f2f3ab532021-12-22 11:45:23.443root 11241100x80000000000000003845314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522a244235f492432021-12-22 11:45:23.443root 11241100x80000000000000003845315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a83143b8e0ac9d32021-12-22 11:45:23.443root 11241100x80000000000000003845316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:23.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4766ff81fb8816cc2021-12-22 11:45:23.942root 11241100x80000000000000003845317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543740a1a39822192021-12-22 11:45:23.943root 11241100x80000000000000003845318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c8ca2950921ba22021-12-22 11:45:23.943root 11241100x80000000000000003845319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4d150ed508cb352021-12-22 11:45:23.943root 11241100x80000000000000003845320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bff9498e263d9f92021-12-22 11:45:23.943root 354300x80000000000000003845321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:24.158{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55408-false10.0.1.12-8000- 11241100x80000000000000003845322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3beb08f775edf2e2021-12-22 11:45:24.443root 11241100x80000000000000003845323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867d7450f7c98a2e2021-12-22 11:45:24.443root 11241100x80000000000000003845324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f691f8a62f057eb92021-12-22 11:45:24.443root 11241100x80000000000000003845325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8f35c17351268a2021-12-22 11:45:24.443root 11241100x80000000000000003845326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6227cf9ec42d8e2021-12-22 11:45:24.443root 11241100x80000000000000003845327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10daafbda1c7ec42021-12-22 11:45:24.443root 11241100x80000000000000003845328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18c6f4b93af42062021-12-22 11:45:24.943root 11241100x80000000000000003845329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67354fe37c7743e2021-12-22 11:45:24.943root 11241100x80000000000000003845330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbe8d75c334101f2021-12-22 11:45:24.943root 11241100x80000000000000003845331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e158ef5e1ce0cd162021-12-22 11:45:24.943root 11241100x80000000000000003845332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add4abf021c4270b2021-12-22 11:45:24.943root 11241100x80000000000000003845333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af0453a9d9bd9c72021-12-22 11:45:24.943root 11241100x80000000000000003845334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e8d7d78beb99f62021-12-22 11:45:25.443root 11241100x80000000000000003845335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2f73fe3591babb2021-12-22 11:45:25.443root 11241100x80000000000000003845336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81673ea11e9774922021-12-22 11:45:25.443root 11241100x80000000000000003845337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ebeb3ffdaed5752021-12-22 11:45:25.443root 11241100x80000000000000003845338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb552a2782ae5132021-12-22 11:45:25.443root 11241100x80000000000000003845339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60274b18e47d8e0c2021-12-22 11:45:25.443root 11241100x80000000000000003845340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ac834c11b72d7e2021-12-22 11:45:25.943root 11241100x80000000000000003845341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f09172756fd5df2021-12-22 11:45:25.943root 11241100x80000000000000003845342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9433efde121f13622021-12-22 11:45:25.943root 11241100x80000000000000003845343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf4c471cf4337172021-12-22 11:45:25.943root 11241100x80000000000000003845344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2063c5d2b38f2f5f2021-12-22 11:45:25.943root 11241100x80000000000000003845345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815546bd148c41a22021-12-22 11:45:25.943root 11241100x80000000000000003845346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f372c70c3de65e02021-12-22 11:45:26.443root 11241100x80000000000000003845347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9614bc38eec312022021-12-22 11:45:26.443root 11241100x80000000000000003845348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4cfe5edc1b643c82021-12-22 11:45:26.443root 11241100x80000000000000003845349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e95aa93f9d59742021-12-22 11:45:26.443root 11241100x80000000000000003845350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28710dbb941f8662021-12-22 11:45:26.443root 11241100x80000000000000003845351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12292989bb06061d2021-12-22 11:45:26.443root 11241100x80000000000000003845352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfbb07395c1b4722021-12-22 11:45:26.943root 11241100x80000000000000003845353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa4c4e712983d7b2021-12-22 11:45:26.943root 11241100x80000000000000003845354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949d0fe66b04a7fb2021-12-22 11:45:26.943root 11241100x80000000000000003845355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d89b4f61f4aa632021-12-22 11:45:26.943root 11241100x80000000000000003845356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0c3ae105e242a52021-12-22 11:45:26.943root 11241100x80000000000000003845357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71829e76b65d968f2021-12-22 11:45:26.943root 11241100x80000000000000003845358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63524ea9490b13342021-12-22 11:45:27.443root 11241100x80000000000000003845359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79d0b81e431d0652021-12-22 11:45:27.443root 11241100x80000000000000003845360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc352946b4086aee2021-12-22 11:45:27.443root 11241100x80000000000000003845361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816ac7ca058710752021-12-22 11:45:27.443root 11241100x80000000000000003845362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452c2deae300694c2021-12-22 11:45:27.443root 11241100x80000000000000003845363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dfdd3dc1f740df92021-12-22 11:45:27.443root 11241100x80000000000000003845364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3867ba907d0723902021-12-22 11:45:27.943root 11241100x80000000000000003845365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e370e93a2bb919672021-12-22 11:45:27.943root 11241100x80000000000000003845366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86042471dc4ba0cc2021-12-22 11:45:27.943root 11241100x80000000000000003845367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a254abb980f3802021-12-22 11:45:27.943root 11241100x80000000000000003845368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567d098287404e552021-12-22 11:45:27.943root 11241100x80000000000000003845369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16fedd02bab907b2021-12-22 11:45:27.943root 11241100x80000000000000003845370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83678cd99e4145602021-12-22 11:45:28.443root 11241100x80000000000000003845371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e882fe49fc489cd2021-12-22 11:45:28.443root 11241100x80000000000000003845372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1709acf29b064ec2021-12-22 11:45:28.443root 11241100x80000000000000003845373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1088feebe7039fb12021-12-22 11:45:28.443root 11241100x80000000000000003845374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbfbd32b075f88972021-12-22 11:45:28.443root 11241100x80000000000000003845375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5605844a0efa7a5f2021-12-22 11:45:28.443root 11241100x80000000000000003845376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c04f722f692f9f2021-12-22 11:45:28.943root 11241100x80000000000000003845377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5903c26e279844902021-12-22 11:45:28.943root 11241100x80000000000000003845378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8db4168651821b2021-12-22 11:45:28.943root 11241100x80000000000000003845379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a196a62f2a312a452021-12-22 11:45:28.943root 11241100x80000000000000003845380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5adf492326a20a2b2021-12-22 11:45:28.943root 11241100x80000000000000003845381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4528285f758108e2021-12-22 11:45:28.943root 354300x80000000000000003845382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.186{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55410-false10.0.1.12-8000- 11241100x80000000000000003845383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f818dc4d2f4314c2021-12-22 11:45:29.443root 11241100x80000000000000003845384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f12782d003257a2021-12-22 11:45:29.443root 11241100x80000000000000003845385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881a3ccaccb7145c2021-12-22 11:45:29.443root 11241100x80000000000000003845386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7eb10face1b4d5c2021-12-22 11:45:29.443root 11241100x80000000000000003845387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0017b439ab571bbd2021-12-22 11:45:29.443root 11241100x80000000000000003845388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990683e58e8299032021-12-22 11:45:29.443root 11241100x80000000000000003845389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9d17ad31ff41832021-12-22 11:45:29.443root 154100x80000000000000003845390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.585{ec2b6afe-0fd9-61c3-6844-cd328c550000}19054/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x80000000000000003845391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.595{ec2b6afe-0fd9-61c3-6844-cd328c550000}19054/bin/psroot 11241100x80000000000000003845392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4bfe33bfcc8e202021-12-22 11:45:29.943root 11241100x80000000000000003845393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d587a66d74eb102021-12-22 11:45:29.943root 11241100x80000000000000003845394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9505befbccdd9d462021-12-22 11:45:29.943root 11241100x80000000000000003845395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d2d1c85190baec2021-12-22 11:45:29.944root 11241100x80000000000000003845396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac6b7faaa9a90fc2021-12-22 11:45:29.944root 11241100x80000000000000003845397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499bfa64f64a6f9d2021-12-22 11:45:29.944root 11241100x80000000000000003845398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff64f3df2f3c40802021-12-22 11:45:29.944root 11241100x80000000000000003845399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40e68c6cb03b4b72021-12-22 11:45:29.945root 11241100x80000000000000003845400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3120cde173a2012021-12-22 11:45:29.945root 11241100x80000000000000003845401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e8dfd7a4960d342021-12-22 11:45:30.443root 11241100x80000000000000003845402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a56a9f31e12c2162021-12-22 11:45:30.443root 11241100x80000000000000003845403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e08df24acfdcd52021-12-22 11:45:30.443root 11241100x80000000000000003845404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def5216757fa81d22021-12-22 11:45:30.443root 11241100x80000000000000003845405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30eff0fde19c689b2021-12-22 11:45:30.443root 11241100x80000000000000003845406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3109ec4e1d11c2c12021-12-22 11:45:30.443root 11241100x80000000000000003845407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6729e6a80d60232021-12-22 11:45:30.443root 11241100x80000000000000003845408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39188fc5c0421edb2021-12-22 11:45:30.443root 11241100x80000000000000003845409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372b0124aa7baa292021-12-22 11:45:30.444root 11241100x80000000000000003845410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45743ed43fba15c2021-12-22 11:45:30.943root 11241100x80000000000000003845411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f9036ae2c244732021-12-22 11:45:30.943root 11241100x80000000000000003845412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd79dff27d3be4d2021-12-22 11:45:30.943root 11241100x80000000000000003845413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d804a241711b1762021-12-22 11:45:30.943root 11241100x80000000000000003845414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e010f9f7e2f33a2021-12-22 11:45:30.943root 11241100x80000000000000003845415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38effff4839399bf2021-12-22 11:45:30.943root 11241100x80000000000000003845416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd2ae9cf31427aa2021-12-22 11:45:30.943root 11241100x80000000000000003845417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7debc4508e2d232021-12-22 11:45:30.943root 11241100x80000000000000003845418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de67cfb59b2d60012021-12-22 11:45:30.943root 11241100x80000000000000003845419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0833d9806d02f82021-12-22 11:45:31.443root 11241100x80000000000000003845420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11a5f1b3dc5d58c2021-12-22 11:45:31.443root 11241100x80000000000000003845421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d5a30bfea902982021-12-22 11:45:31.443root 11241100x80000000000000003845422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6345c61a430ec02021-12-22 11:45:31.443root 11241100x80000000000000003845423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a68b478c64f2cc2021-12-22 11:45:31.443root 11241100x80000000000000003845424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dfc6e43ed630e0c2021-12-22 11:45:31.443root 11241100x80000000000000003845425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef39ed9f7ac0d2d2021-12-22 11:45:31.443root 11241100x80000000000000003845426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34882d87b5b30cc2021-12-22 11:45:31.443root 11241100x80000000000000003845427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2637a3d8da9f29e2021-12-22 11:45:31.443root 11241100x80000000000000003845428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1769b79a43bd98b32021-12-22 11:45:31.943root 11241100x80000000000000003845429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1201fc1b6be1c5262021-12-22 11:45:31.943root 11241100x80000000000000003845430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9892e32b101c4d1f2021-12-22 11:45:31.943root 11241100x80000000000000003845431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318d328479ec49f72021-12-22 11:45:31.943root 11241100x80000000000000003845432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62aa3b7e64fb1c022021-12-22 11:45:31.944root 11241100x80000000000000003845433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56db9155ab20fb3a2021-12-22 11:45:31.944root 11241100x80000000000000003845434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f7dafe058e36612021-12-22 11:45:31.944root 11241100x80000000000000003845435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf172bdc197b646e2021-12-22 11:45:31.945root 11241100x80000000000000003845436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d438f934ebc0052021-12-22 11:45:31.945root 11241100x80000000000000003845437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d3a3f0c445afd02021-12-22 11:45:32.443root 11241100x80000000000000003845438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e48b70760bbb152021-12-22 11:45:32.443root 11241100x80000000000000003845439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e766ee92f901f12021-12-22 11:45:32.443root 11241100x80000000000000003845440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03801047f75c7dbd2021-12-22 11:45:32.443root 11241100x80000000000000003845441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18709d8cc3a5a712021-12-22 11:45:32.443root 11241100x80000000000000003845442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75868cfb75ef1a1b2021-12-22 11:45:32.443root 11241100x80000000000000003845443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3da85ec1696cec32021-12-22 11:45:32.444root 11241100x80000000000000003845444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7037e20b240a9a612021-12-22 11:45:32.444root 11241100x80000000000000003845445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8868913afec9e7972021-12-22 11:45:32.444root 11241100x80000000000000003845446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4730326242f58172021-12-22 11:45:32.943root 11241100x80000000000000003845447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ae749a1ff37f4b2021-12-22 11:45:32.943root 11241100x80000000000000003845448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16e65200e82fb2e2021-12-22 11:45:32.943root 11241100x80000000000000003845449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5a6c7bb8d4ef3d2021-12-22 11:45:32.943root 11241100x80000000000000003845450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887a777bcb1c5d2f2021-12-22 11:45:32.944root 11241100x80000000000000003845451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5e777998a0692f2021-12-22 11:45:32.944root 11241100x80000000000000003845452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ead76400fb0e8592021-12-22 11:45:32.944root 11241100x80000000000000003845453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4a16a2059d5db12021-12-22 11:45:32.944root 11241100x80000000000000003845454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ed2a6b4c18fc232021-12-22 11:45:32.944root 11241100x80000000000000003845455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.143{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-22 11:45:33.143root 11241100x80000000000000003845456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8d6598725826332021-12-22 11:45:33.443root 11241100x80000000000000003845457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f03ffc028510f1b2021-12-22 11:45:33.443root 11241100x80000000000000003845458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d84b3a014666e32021-12-22 11:45:33.443root 11241100x80000000000000003845459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3bcb66c479994db2021-12-22 11:45:33.444root 11241100x80000000000000003845460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456539f30958d4312021-12-22 11:45:33.444root 11241100x80000000000000003845461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6cdef807741c322021-12-22 11:45:33.444root 11241100x80000000000000003845462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537879f84121b39c2021-12-22 11:45:33.444root 11241100x80000000000000003845463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1014c1fcbf9005462021-12-22 11:45:33.444root 11241100x80000000000000003845464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a42be1689e667f42021-12-22 11:45:33.444root 11241100x80000000000000003845465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e226f343af111bf12021-12-22 11:45:33.445root 11241100x80000000000000003845466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a784bf88700b20442021-12-22 11:45:33.943root 11241100x80000000000000003845467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54316c87be3e7c942021-12-22 11:45:33.943root 11241100x80000000000000003845468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97f8240f9e11d9e2021-12-22 11:45:33.943root 11241100x80000000000000003845469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f7bcfa041392192021-12-22 11:45:33.943root 11241100x80000000000000003845470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dcda618271abccf2021-12-22 11:45:33.943root 11241100x80000000000000003845471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18194a665b49c0ac2021-12-22 11:45:33.943root 11241100x80000000000000003845472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc7cb5336c3cb5e2021-12-22 11:45:33.943root 11241100x80000000000000003845473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb01a82e9caea622021-12-22 11:45:33.944root 11241100x80000000000000003845474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b84bb51160335172021-12-22 11:45:33.944root 11241100x80000000000000003845475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64433f04ecc64e802021-12-22 11:45:33.944root 354300x80000000000000003845476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.948{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-42476-false10.0.1.12-8089- 11241100x80000000000000003845477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299383674aec38d12021-12-22 11:45:34.443root 11241100x80000000000000003845478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1aa7340dee7c342021-12-22 11:45:34.443root 11241100x80000000000000003845479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ef1dcbfeef2ead2021-12-22 11:45:34.443root 11241100x80000000000000003845480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d068ab79406157282021-12-22 11:45:34.443root 11241100x80000000000000003845481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093e79c2fb641b1e2021-12-22 11:45:34.444root 11241100x80000000000000003845482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2a3ea297b08a032021-12-22 11:45:34.444root 11241100x80000000000000003845483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a142afa5accda942021-12-22 11:45:34.444root 11241100x80000000000000003845484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d5e71f121838ed2021-12-22 11:45:34.445root 11241100x80000000000000003845485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61ad7a117e5f8102021-12-22 11:45:34.445root 11241100x80000000000000003845486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fdada19d025b222021-12-22 11:45:34.445root 11241100x80000000000000003845487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5a4e9b2d55833c2021-12-22 11:45:34.445root 11241100x80000000000000003845488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f31e147adec8f5d2021-12-22 11:45:34.943root 11241100x80000000000000003845489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e29f26fa83ae352021-12-22 11:45:34.943root 11241100x80000000000000003845490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b028ec98b33b2002021-12-22 11:45:34.943root 11241100x80000000000000003845491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41b8c3ca5d38f882021-12-22 11:45:34.943root 11241100x80000000000000003845492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5571b9713855cfb2021-12-22 11:45:34.943root 11241100x80000000000000003845493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc02a2ac6a3146992021-12-22 11:45:34.944root 11241100x80000000000000003845494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69c84e14e5b78c52021-12-22 11:45:34.944root 11241100x80000000000000003845495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1651e8bfa58496622021-12-22 11:45:34.944root 11241100x80000000000000003845496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922364860574657c2021-12-22 11:45:34.944root 11241100x80000000000000003845497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08bb1122c3f431cf2021-12-22 11:45:34.944root 11241100x80000000000000003845498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e8e7ee7e17f3fb2021-12-22 11:45:34.944root 354300x80000000000000003845499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.070{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55414-false10.0.1.12-8000- 11241100x80000000000000003845500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a058611f8a3c815f2021-12-22 11:45:35.443root 11241100x80000000000000003845501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a1a34bc9aec6382021-12-22 11:45:35.443root 11241100x80000000000000003845502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd349018cce92702021-12-22 11:45:35.443root 11241100x80000000000000003845503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b9cb5f413c429d2021-12-22 11:45:35.443root 11241100x80000000000000003845504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e32127f6debe292021-12-22 11:45:35.443root 11241100x80000000000000003845505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b21c7f8b7d5bb22021-12-22 11:45:35.443root 11241100x80000000000000003845506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3240f138b02a1c2021-12-22 11:45:35.443root 11241100x80000000000000003845507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102fc3c39ea23df52021-12-22 11:45:35.443root 11241100x80000000000000003845508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efda068028d70f1a2021-12-22 11:45:35.444root 11241100x80000000000000003845509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5dfecb44ac9b4b2021-12-22 11:45:35.444root 11241100x80000000000000003845510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33c35273664b2f82021-12-22 11:45:35.444root 11241100x80000000000000003845511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae4c3e1cc7e737a2021-12-22 11:45:35.444root 11241100x80000000000000003845512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed9c831559086122021-12-22 11:45:35.943root 11241100x80000000000000003845513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f452230080b968832021-12-22 11:45:35.943root 11241100x80000000000000003845514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dcf42bca030bda72021-12-22 11:45:35.943root 11241100x80000000000000003845515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d6a37d529463ee2021-12-22 11:45:35.943root 11241100x80000000000000003845516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ff36f20b7d23fb2021-12-22 11:45:35.943root 11241100x80000000000000003845517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e104d0ba6336f4932021-12-22 11:45:35.943root 11241100x80000000000000003845518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a042b54bbc7d934f2021-12-22 11:45:35.943root 11241100x80000000000000003845519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10efa16f2b10b93a2021-12-22 11:45:35.944root 11241100x80000000000000003845520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5a0837553948192021-12-22 11:45:35.944root 11241100x80000000000000003845521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252013c5dc30d7062021-12-22 11:45:35.944root 11241100x80000000000000003845522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32f6a5bcb8a02862021-12-22 11:45:35.944root 11241100x80000000000000003845523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0f92fd844604f22021-12-22 11:45:35.944root 23542300x80000000000000003845524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.146{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000003845525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6389968949fc5f2021-12-22 11:45:36.443root 11241100x80000000000000003845526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58aab652e59be9322021-12-22 11:45:36.443root 11241100x80000000000000003845527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2904eb3bf4e2a1602021-12-22 11:45:36.443root 11241100x80000000000000003845528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b984694432666f0a2021-12-22 11:45:36.443root 11241100x80000000000000003845529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3e849172e2725a2021-12-22 11:45:36.443root 11241100x80000000000000003845530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6f7eac2e4dd5202021-12-22 11:45:36.443root 11241100x80000000000000003845531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9e5142a21c5eb72021-12-22 11:45:36.444root 11241100x80000000000000003845532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6833ca19374811df2021-12-22 11:45:36.444root 11241100x80000000000000003845533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc821404966098e82021-12-22 11:45:36.444root 11241100x80000000000000003845534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d082b16fb9bdf28f2021-12-22 11:45:36.444root 11241100x80000000000000003845535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af43f19fe0c673b42021-12-22 11:45:36.444root 11241100x80000000000000003845536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2987872ed77ff02021-12-22 11:45:36.444root 11241100x80000000000000003845537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473b325d8794182d2021-12-22 11:45:36.444root 11241100x80000000000000003845538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb8fc029a33738b2021-12-22 11:45:36.943root 11241100x80000000000000003845539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064ca7ec3fe1c36f2021-12-22 11:45:36.943root 11241100x80000000000000003845540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667d2858eaf42f9c2021-12-22 11:45:36.943root 11241100x80000000000000003845541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342e22ed8da6b87e2021-12-22 11:45:36.943root 11241100x80000000000000003845542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65d628cda630b132021-12-22 11:45:36.943root 11241100x80000000000000003845543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2c9166c7c1050b2021-12-22 11:45:36.943root 11241100x80000000000000003845544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91189224ae769db52021-12-22 11:45:36.944root 11241100x80000000000000003845545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1ad65a87f13e152021-12-22 11:45:36.944root 11241100x80000000000000003845546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd609315e7c970012021-12-22 11:45:36.944root 11241100x80000000000000003845547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53de9c2e37d63e02021-12-22 11:45:36.944root 11241100x80000000000000003845548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.359dc5a712727fab2021-12-22 11:45:36.944root 11241100x80000000000000003845549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd14fd205a4823a2021-12-22 11:45:36.944root 11241100x80000000000000003845550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ce55f1129e454c2021-12-22 11:45:36.944root 11241100x80000000000000003845551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6c52158b2468592021-12-22 11:45:37.443root 11241100x80000000000000003845552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e810a1abbddda0a2021-12-22 11:45:37.443root 11241100x80000000000000003845553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39265deaf9be6b6a2021-12-22 11:45:37.443root 11241100x80000000000000003845554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ea2b2841106bc42021-12-22 11:45:37.443root 11241100x80000000000000003845555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638b65bacc1c45a12021-12-22 11:45:37.443root 11241100x80000000000000003845556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee8ac39d8051f3d2021-12-22 11:45:37.444root 11241100x80000000000000003845557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7069384debd6be2021-12-22 11:45:37.444root 11241100x80000000000000003845558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ee6a3cc8c99f602021-12-22 11:45:37.444root 11241100x80000000000000003845559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48195988b7174d572021-12-22 11:45:37.444root 11241100x80000000000000003845560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de6bf392b989ddf2021-12-22 11:45:37.444root 11241100x80000000000000003845561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7065e9c9f8360b2e2021-12-22 11:45:37.444root 11241100x80000000000000003845562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33925999804ebd842021-12-22 11:45:37.444root 11241100x80000000000000003845563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f4e658c02825af2021-12-22 11:45:37.444root 11241100x80000000000000003845564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05ebdc4cc037f682021-12-22 11:45:37.943root 11241100x80000000000000003845565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a308be520cb1b22021-12-22 11:45:37.943root 11241100x80000000000000003845566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b365281806fa64aa2021-12-22 11:45:37.943root 11241100x80000000000000003845567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767a43e67bd5a7102021-12-22 11:45:37.943root 11241100x80000000000000003845568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2585d4e11bbd96182021-12-22 11:45:37.943root 11241100x80000000000000003845569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17dc02bf82d68d902021-12-22 11:45:37.944root 11241100x80000000000000003845570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609046ec29456a8c2021-12-22 11:45:37.944root 11241100x80000000000000003845571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c6d52e9979356a2021-12-22 11:45:37.944root 11241100x80000000000000003845572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76750506270482f02021-12-22 11:45:37.944root 11241100x80000000000000003845573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389578ec2f1523412021-12-22 11:45:37.944root 11241100x80000000000000003845574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c604e3b13a77ce72021-12-22 11:45:37.944root 11241100x80000000000000003845575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5664bc7971fadfc2021-12-22 11:45:37.944root 11241100x80000000000000003845576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a025518b06ebfce2021-12-22 11:45:37.944root 11241100x80000000000000003845577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e765e7185d78f0c2021-12-22 11:45:38.443root 11241100x80000000000000003845578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213a1075d07f30822021-12-22 11:45:38.443root 11241100x80000000000000003845579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8730ad0e61bfa3af2021-12-22 11:45:38.443root 11241100x80000000000000003845580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0cf4ad2b137560a2021-12-22 11:45:38.443root 11241100x80000000000000003845581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092174200268b0632021-12-22 11:45:38.443root 11241100x80000000000000003845582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe1aa3cf376bd602021-12-22 11:45:38.444root 11241100x80000000000000003845583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ea79bf0317a4ce2021-12-22 11:45:38.444root 11241100x80000000000000003845584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f270e43570ca96572021-12-22 11:45:38.444root 11241100x80000000000000003845585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f2f8bd6228c8ba2021-12-22 11:45:38.444root 11241100x80000000000000003845586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff613f6bea6c4f32021-12-22 11:45:38.444root 11241100x80000000000000003845587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47572cf73171d6162021-12-22 11:45:38.444root 11241100x80000000000000003845588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7de5968c2c532ef2021-12-22 11:45:38.444root 11241100x80000000000000003845589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b3db768c7fb2912021-12-22 11:45:38.444root 11241100x80000000000000003845590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e785bc6b3cce392021-12-22 11:45:38.943root 11241100x80000000000000003845591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede6f801e25381d82021-12-22 11:45:38.943root 11241100x80000000000000003845592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb625c2ac8c461ba2021-12-22 11:45:38.943root 11241100x80000000000000003845593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ac60395bebe2952021-12-22 11:45:38.943root 11241100x80000000000000003845594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6b16de3b7ba29d2021-12-22 11:45:38.943root 11241100x80000000000000003845595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a55d6bdcf507b292021-12-22 11:45:38.944root 11241100x80000000000000003845596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e942c7f3492ed1552021-12-22 11:45:38.944root 11241100x80000000000000003845597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04cdba4535d6f2bb2021-12-22 11:45:38.944root 11241100x80000000000000003845598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed2fa66bfcef3cb2021-12-22 11:45:38.944root 11241100x80000000000000003845599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5440dcfcc5c17c12021-12-22 11:45:38.944root 11241100x80000000000000003845600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6d1866eefbed432021-12-22 11:45:38.944root 11241100x80000000000000003845601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e970356fb2bbab282021-12-22 11:45:38.944root 11241100x80000000000000003845602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a452bafa990993fb2021-12-22 11:45:38.944root 11241100x80000000000000003845603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711f39f45403a84a2021-12-22 11:45:39.443root 11241100x80000000000000003845604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ca02d53a86ca8f2021-12-22 11:45:39.443root 11241100x80000000000000003845605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f0202a655294762021-12-22 11:45:39.443root 11241100x80000000000000003845606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c1f05994ade3a82021-12-22 11:45:39.443root 11241100x80000000000000003845607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985ee342ff30452f2021-12-22 11:45:39.443root 11241100x80000000000000003845608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05dc386823c25b8d2021-12-22 11:45:39.443root 11241100x80000000000000003845609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57092b4b7ff25c812021-12-22 11:45:39.443root 11241100x80000000000000003845610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51299ad016135492021-12-22 11:45:39.444root 11241100x80000000000000003845611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c32b1fecda4f8882021-12-22 11:45:39.444root 11241100x80000000000000003845612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0583716d90a0462021-12-22 11:45:39.444root 11241100x80000000000000003845613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29bcbbdb3d46d02b2021-12-22 11:45:39.444root 11241100x80000000000000003845614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f6cb716af6f34f2021-12-22 11:45:39.444root 11241100x80000000000000003845615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cef90f7417dce032021-12-22 11:45:39.444root 11241100x80000000000000003845616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbfc893b04f29bdd2021-12-22 11:45:39.943root 11241100x80000000000000003845617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68eec2e21a6071682021-12-22 11:45:39.943root 11241100x80000000000000003845618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25327363be99bce2021-12-22 11:45:39.943root 11241100x80000000000000003845619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcb1cc3b363ed382021-12-22 11:45:39.943root 11241100x80000000000000003845620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1330255dd6b5dbd2021-12-22 11:45:39.943root 11241100x80000000000000003845621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0cb8b9b0541c552021-12-22 11:45:39.943root 11241100x80000000000000003845622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a3dd479130d1a92021-12-22 11:45:39.943root 11241100x80000000000000003845623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e604a04c474401e2021-12-22 11:45:39.944root 11241100x80000000000000003845624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432575ccb7313ce42021-12-22 11:45:39.944root 11241100x80000000000000003845625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b97cb933a222c3a2021-12-22 11:45:39.944root 11241100x80000000000000003845626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbb37b0258806442021-12-22 11:45:39.944root 11241100x80000000000000003845627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cabc7e7e5280b612021-12-22 11:45:39.944root 11241100x80000000000000003845628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3724f8c69bd3a0542021-12-22 11:45:39.944root 11241100x80000000000000003845629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914f7a507d543d662021-12-22 11:45:40.443root 11241100x80000000000000003845630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1beb97f0fb7045752021-12-22 11:45:40.443root 11241100x80000000000000003845631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa909a9ae012f6f72021-12-22 11:45:40.443root 11241100x80000000000000003845632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f158b25824b21de2021-12-22 11:45:40.443root 11241100x80000000000000003845633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5253db1de4b4bc2021-12-22 11:45:40.443root 11241100x80000000000000003845634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f7a9b7bf45c9372021-12-22 11:45:40.443root 11241100x80000000000000003845635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9644380acd88c9f2021-12-22 11:45:40.443root 11241100x80000000000000003845636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4187e5179dadb0652021-12-22 11:45:40.444root 11241100x80000000000000003845637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41309e312627de152021-12-22 11:45:40.444root 11241100x80000000000000003845638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879a1ff33d4fde832021-12-22 11:45:40.444root 11241100x80000000000000003845639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823ceb266da623062021-12-22 11:45:40.444root 11241100x80000000000000003845640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202b9fe7b6069bbd2021-12-22 11:45:40.444root 11241100x80000000000000003845641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2309e352f5587f8d2021-12-22 11:45:40.444root 11241100x80000000000000003845642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7aa8d250c646c3a2021-12-22 11:45:40.943root 11241100x80000000000000003845643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e0431c0a10e2ec2021-12-22 11:45:40.943root 11241100x80000000000000003845644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4aafd3e833cbdfc2021-12-22 11:45:40.943root 11241100x80000000000000003845645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc7228d98f97fe72021-12-22 11:45:40.943root 11241100x80000000000000003845646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ea7142092e330a2021-12-22 11:45:40.943root 11241100x80000000000000003845647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2f41f05bae708f2021-12-22 11:45:40.943root 11241100x80000000000000003845648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f34adf18084a7c2021-12-22 11:45:40.944root 11241100x80000000000000003845649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c379da8550a0902021-12-22 11:45:40.944root 11241100x80000000000000003845650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c6f1d936e87b5d2021-12-22 11:45:40.944root 11241100x80000000000000003845651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3fa418e56c109f2021-12-22 11:45:40.944root 11241100x80000000000000003845652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93c4f5dab3249752021-12-22 11:45:40.944root 11241100x80000000000000003845653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cbf0bc339483ed2021-12-22 11:45:40.944root 11241100x80000000000000003845654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0787cc76a7de87cc2021-12-22 11:45:40.944root 354300x80000000000000003845655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.055{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55416-false10.0.1.12-8000- 11241100x80000000000000003845656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24d00b34d89f4b22021-12-22 11:45:41.443root 11241100x80000000000000003845657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f691af27e58b6f5e2021-12-22 11:45:41.443root 11241100x80000000000000003845658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756f00b8319600392021-12-22 11:45:41.443root 11241100x80000000000000003845659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9d9207ef3ca3f02021-12-22 11:45:41.443root 11241100x80000000000000003845660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bf8d1c26b05aa02021-12-22 11:45:41.443root 11241100x80000000000000003845661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd76c76a32dc4afa2021-12-22 11:45:41.444root 11241100x80000000000000003845662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c235f1ba91d0e32021-12-22 11:45:41.444root 11241100x80000000000000003845663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681c0bcf8c3feff22021-12-22 11:45:41.444root 11241100x80000000000000003845664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6457c993dc3edf2e2021-12-22 11:45:41.444root 11241100x80000000000000003845665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae263d09c0ddbe282021-12-22 11:45:41.444root 11241100x80000000000000003845666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493e6d54851e2fde2021-12-22 11:45:41.444root 11241100x80000000000000003845667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4324c9f5117dec622021-12-22 11:45:41.444root 11241100x80000000000000003845668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0274b9fa894b2b182021-12-22 11:45:41.444root 11241100x80000000000000003845669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6158dfe286e1b4be2021-12-22 11:45:41.444root 11241100x80000000000000003845670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d1d645e03a586f2021-12-22 11:45:41.943root 11241100x80000000000000003845671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d6a0d2457c06162021-12-22 11:45:41.943root 11241100x80000000000000003845672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03cec23e7901284e2021-12-22 11:45:41.943root 11241100x80000000000000003845673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7165c106f0827fc22021-12-22 11:45:41.943root 11241100x80000000000000003845674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24514630eac03ba2021-12-22 11:45:41.943root 11241100x80000000000000003845675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649ce11ab4974ce42021-12-22 11:45:41.943root 11241100x80000000000000003845676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1451170e4ec579e2021-12-22 11:45:41.943root 11241100x80000000000000003845677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6753d76c638386f12021-12-22 11:45:41.943root 11241100x80000000000000003845678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7227d2aa47815bf2021-12-22 11:45:41.943root 11241100x80000000000000003845679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc553ce5870598382021-12-22 11:45:41.943root 11241100x80000000000000003845680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94ad751212b1d892021-12-22 11:45:41.944root 11241100x80000000000000003845681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e03130ff4c474b32021-12-22 11:45:41.944root 11241100x80000000000000003845682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13dfd6569356d3f52021-12-22 11:45:41.944root 11241100x80000000000000003845683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94756e0ada404572021-12-22 11:45:41.944root 11241100x80000000000000003845684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1739e719a0a4af2021-12-22 11:45:42.443root 11241100x80000000000000003845685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37566c944c9c354c2021-12-22 11:45:42.443root 11241100x80000000000000003845686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925065f4caa43ee62021-12-22 11:45:42.443root 11241100x80000000000000003845687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61754ca4e56791eb2021-12-22 11:45:42.444root 11241100x80000000000000003845688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a278b5622e0cef2021-12-22 11:45:42.444root 11241100x80000000000000003845689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d004ce43f185fd22021-12-22 11:45:42.444root 11241100x80000000000000003845690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e41694a62fe9972021-12-22 11:45:42.444root 11241100x80000000000000003845691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cec2ed945e5341f2021-12-22 11:45:42.445root 11241100x80000000000000003845692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728fa515ec8e13622021-12-22 11:45:42.445root 11241100x80000000000000003845693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14297ed96a4835832021-12-22 11:45:42.445root 11241100x80000000000000003845694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37064a2ddde3286e2021-12-22 11:45:42.446root 11241100x80000000000000003845695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ff9383786920492021-12-22 11:45:42.446root 11241100x80000000000000003845696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a955143efa231fa72021-12-22 11:45:42.446root 11241100x80000000000000003845697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5758e455f4a0474c2021-12-22 11:45:42.447root 11241100x80000000000000003845698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bdf38e1ee47d2772021-12-22 11:45:42.943root 11241100x80000000000000003845699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd43632a4daa961e2021-12-22 11:45:42.943root 11241100x80000000000000003845700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18100146ae4c9a742021-12-22 11:45:42.944root 11241100x80000000000000003845701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6f24e817bbd3822021-12-22 11:45:42.944root 11241100x80000000000000003845702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd0fc89e8c8fb5e2021-12-22 11:45:42.944root 11241100x80000000000000003845703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f68cb14076c381e2021-12-22 11:45:42.945root 11241100x80000000000000003845704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7069420832fe9bc62021-12-22 11:45:42.945root 11241100x80000000000000003845705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1032091e5cf5165a2021-12-22 11:45:42.945root 11241100x80000000000000003845706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9f85b9e175d5442021-12-22 11:45:42.946root 11241100x80000000000000003845707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f86b2072f0605b2021-12-22 11:45:42.946root 11241100x80000000000000003845708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94bdb8baebaf87362021-12-22 11:45:42.946root 11241100x80000000000000003845709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348b003aaf67280c2021-12-22 11:45:42.947root 11241100x80000000000000003845710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19109979685b33c12021-12-22 11:45:42.947root 11241100x80000000000000003845711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42479aaa16563f42021-12-22 11:45:42.947root 11241100x80000000000000003845712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724c1c75c7256a592021-12-22 11:45:43.443root 11241100x80000000000000003845713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41cede7635bc3fd72021-12-22 11:45:43.443root 11241100x80000000000000003845714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2724171233f083f22021-12-22 11:45:43.443root 11241100x80000000000000003845715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91eaac2c05d124b62021-12-22 11:45:43.443root 11241100x80000000000000003845716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c1c7b631e7b95c2021-12-22 11:45:43.443root 11241100x80000000000000003845717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f625aca936c4022021-12-22 11:45:43.444root 11241100x80000000000000003845718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8fd6923539c6d52021-12-22 11:45:43.444root 11241100x80000000000000003845719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07cf876a3399d3182021-12-22 11:45:43.444root 11241100x80000000000000003845720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc02f676fa8ce552021-12-22 11:45:43.444root 11241100x80000000000000003845721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80cdcb42b955cd012021-12-22 11:45:43.444root 11241100x80000000000000003845722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a8b6b2c2bdb2e02021-12-22 11:45:43.444root 11241100x80000000000000003845723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d43598a0b0540d02021-12-22 11:45:43.444root 11241100x80000000000000003845724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8870e5e6d476c4f2021-12-22 11:45:43.444root 11241100x80000000000000003845725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095a8244955f65722021-12-22 11:45:43.444root 11241100x80000000000000003845726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7d9acc904099202021-12-22 11:45:43.943root 11241100x80000000000000003845727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff378b03db19ea42021-12-22 11:45:43.943root 11241100x80000000000000003845728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8576c1732f3f792021-12-22 11:45:43.943root 11241100x80000000000000003845729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed8cb6e45cc030e2021-12-22 11:45:43.943root 11241100x80000000000000003845730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf501b78efdb4592021-12-22 11:45:43.943root 11241100x80000000000000003845731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee2497ad212f86f2021-12-22 11:45:43.944root 11241100x80000000000000003845732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9feefd72fe057a4c2021-12-22 11:45:43.944root 11241100x80000000000000003845733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c56924ab05bff12021-12-22 11:45:43.944root 11241100x80000000000000003845734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad591c564afee7c2021-12-22 11:45:43.944root 11241100x80000000000000003845735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0f3852da4478a62021-12-22 11:45:43.944root 11241100x80000000000000003845736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4204c2642c260d2021-12-22 11:45:43.944root 11241100x80000000000000003845737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60131f41b78c62402021-12-22 11:45:43.944root 11241100x80000000000000003845738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f6445da5f139aa2021-12-22 11:45:43.944root 11241100x80000000000000003845739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b245475e56b1cf22021-12-22 11:45:43.944root 11241100x80000000000000003845740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03882ba9c93aabf62021-12-22 11:45:44.443root 11241100x80000000000000003845741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432c30d067d1b6fe2021-12-22 11:45:44.443root 11241100x80000000000000003845742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7c93fc553bef092021-12-22 11:45:44.443root 11241100x80000000000000003845743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb3c070875277a02021-12-22 11:45:44.443root 11241100x80000000000000003845744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f04732fa3907882021-12-22 11:45:44.443root 11241100x80000000000000003845745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff11df0287da7002021-12-22 11:45:44.443root 11241100x80000000000000003845746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eaaeb0773a8b6612021-12-22 11:45:44.444root 11241100x80000000000000003845747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67efbdc4174ed8c52021-12-22 11:45:44.444root 11241100x80000000000000003845748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ccabf9560b9df842021-12-22 11:45:44.444root 11241100x80000000000000003845749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54dbae63d01707162021-12-22 11:45:44.444root 11241100x80000000000000003845750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd38bb17dd567512021-12-22 11:45:44.444root 11241100x80000000000000003845751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492477f59e2e0a512021-12-22 11:45:44.444root 11241100x80000000000000003845752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674c5f95700bcb152021-12-22 11:45:44.444root 11241100x80000000000000003845753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aace83938acf1fad2021-12-22 11:45:44.444root 11241100x80000000000000003845754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988a4fbc436df2bc2021-12-22 11:45:44.943root 11241100x80000000000000003845755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3393f1fc62a851bb2021-12-22 11:45:44.943root 11241100x80000000000000003845756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca207c1376a629c52021-12-22 11:45:44.943root 11241100x80000000000000003845757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b27d08766e2e1dc2021-12-22 11:45:44.943root 11241100x80000000000000003845758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c46d753e50c32402021-12-22 11:45:44.943root 11241100x80000000000000003845759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd6187541847eea2021-12-22 11:45:44.944root 11241100x80000000000000003845760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c2cf4de1879d542021-12-22 11:45:44.944root 11241100x80000000000000003845761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18196631fb1438b72021-12-22 11:45:44.944root 11241100x80000000000000003845762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4526f166bc52a722021-12-22 11:45:44.944root 11241100x80000000000000003845763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb12fa4ba6dc3cbe2021-12-22 11:45:44.944root 11241100x80000000000000003845764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e9d3c4e14bbc3b2021-12-22 11:45:44.944root 11241100x80000000000000003845765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e34f2a32b99a672021-12-22 11:45:44.944root 11241100x80000000000000003845766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc24d11cf61ad3b2021-12-22 11:45:44.944root 11241100x80000000000000003845767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a87378bd91f4a032021-12-22 11:45:44.944root 11241100x80000000000000003845768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc2fb02bf068f592021-12-22 11:45:45.443root 11241100x80000000000000003845769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5968a8d92cf6712021-12-22 11:45:45.443root 11241100x80000000000000003845770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20de6c95bbeabda72021-12-22 11:45:45.443root 11241100x80000000000000003845771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902f052e2453def72021-12-22 11:45:45.443root 11241100x80000000000000003845772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2b47e4ecfe3c362021-12-22 11:45:45.444root 11241100x80000000000000003845773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ad6896886f964d2021-12-22 11:45:45.444root 11241100x80000000000000003845774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda788f1d25e791c2021-12-22 11:45:45.444root 11241100x80000000000000003845775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ded34525b81659d2021-12-22 11:45:45.444root 11241100x80000000000000003845776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77fdf68c01a4ea5e2021-12-22 11:45:45.444root 11241100x80000000000000003845777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404dac72eebceb3a2021-12-22 11:45:45.445root 11241100x80000000000000003845778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0936b2537e7896f92021-12-22 11:45:45.445root 11241100x80000000000000003845779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe1b7ee94a2ccc12021-12-22 11:45:45.445root 11241100x80000000000000003845780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f751fb708d35533e2021-12-22 11:45:45.445root 11241100x80000000000000003845781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc28b3b7bfffae092021-12-22 11:45:45.445root 11241100x80000000000000003845782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576119cf104d37c42021-12-22 11:45:45.943root 11241100x80000000000000003845783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae2d1e8e42798f42021-12-22 11:45:45.943root 11241100x80000000000000003845784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a69aaf8e50864892021-12-22 11:45:45.943root 11241100x80000000000000003845785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020fb9bd508b9b942021-12-22 11:45:45.943root 11241100x80000000000000003845786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7666e0aec2c5462021-12-22 11:45:45.944root 11241100x80000000000000003845787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a6de6e7475216e2021-12-22 11:45:45.944root 11241100x80000000000000003845788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59eb2dd396f9b31e2021-12-22 11:45:45.944root 11241100x80000000000000003845789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e828a8f391f8db02021-12-22 11:45:45.944root 11241100x80000000000000003845790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca28d9f1fa192c62021-12-22 11:45:45.944root 11241100x80000000000000003845791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58adbb5771adee82021-12-22 11:45:45.944root 11241100x80000000000000003845792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81383829e41253ca2021-12-22 11:45:45.945root 11241100x80000000000000003845793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72558144b5142edc2021-12-22 11:45:45.945root 11241100x80000000000000003845794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4871f7dd07f5db112021-12-22 11:45:45.945root 11241100x80000000000000003845795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0274512534970be22021-12-22 11:45:45.945root 354300x80000000000000003845796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.077{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55418-false10.0.1.12-8000- 11241100x80000000000000003845797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019ca8ec454b5c7c2021-12-22 11:45:46.443root 11241100x80000000000000003845798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d95b77f3d8de0942021-12-22 11:45:46.443root 11241100x80000000000000003845799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65fa4252432b12f22021-12-22 11:45:46.443root 11241100x80000000000000003845800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a097719da1a3d8e02021-12-22 11:45:46.443root 11241100x80000000000000003845801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4743225329c705a2021-12-22 11:45:46.444root 11241100x80000000000000003845802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36a9e6aea0149bb2021-12-22 11:45:46.444root 11241100x80000000000000003845803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202eedfdd63174722021-12-22 11:45:46.444root 11241100x80000000000000003845804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c2d9872349af062021-12-22 11:45:46.444root 11241100x80000000000000003845805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd81282fd2823c02021-12-22 11:45:46.444root 11241100x80000000000000003845806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109baae354d5b27a2021-12-22 11:45:46.444root 11241100x80000000000000003845807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645affef44e90b432021-12-22 11:45:46.445root 11241100x80000000000000003845808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fbe1115d98969752021-12-22 11:45:46.445root 11241100x80000000000000003845809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8e1ededea548ef2021-12-22 11:45:46.445root 11241100x80000000000000003845810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf32060149ad1c932021-12-22 11:45:46.445root 11241100x80000000000000003845811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5e84887c8e14452021-12-22 11:45:46.446root 11241100x80000000000000003845812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df41d6ef07400d562021-12-22 11:45:46.943root 11241100x80000000000000003845813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba849ccbc2e129932021-12-22 11:45:46.943root 11241100x80000000000000003845814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0957df87c29e83362021-12-22 11:45:46.943root 11241100x80000000000000003845815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4107c5db86722ff02021-12-22 11:45:46.943root 11241100x80000000000000003845816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63963cf44b107aea2021-12-22 11:45:46.943root 11241100x80000000000000003845817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f367273797475c2021-12-22 11:45:46.943root 11241100x80000000000000003845818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1397cb069df75c2021-12-22 11:45:46.944root 11241100x80000000000000003845819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180595c165cce2082021-12-22 11:45:46.944root 11241100x80000000000000003845820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8606f17a3d27ef262021-12-22 11:45:46.944root 11241100x80000000000000003845821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815b797851ae6ed02021-12-22 11:45:46.944root 11241100x80000000000000003845822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4b96aff46bb4992021-12-22 11:45:46.944root 11241100x80000000000000003845823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed74e30655caf9a2021-12-22 11:45:46.944root 11241100x80000000000000003845824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2858f6a648d8de112021-12-22 11:45:46.944root 11241100x80000000000000003845825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d77e3f782a27f082021-12-22 11:45:46.944root 11241100x80000000000000003845826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e633df1d98eb64312021-12-22 11:45:46.944root 11241100x80000000000000003845827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04247f85f345b3b92021-12-22 11:45:47.443root 11241100x80000000000000003845828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5da691086e92172021-12-22 11:45:47.443root 11241100x80000000000000003845829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9475547932efe552021-12-22 11:45:47.443root 11241100x80000000000000003845830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344aa2ed80c57fd42021-12-22 11:45:47.443root 11241100x80000000000000003845831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35d14792ee4ab822021-12-22 11:45:47.444root 11241100x80000000000000003845832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd966dead85f3ce2021-12-22 11:45:47.444root 11241100x80000000000000003845833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f742d4c87d92a032021-12-22 11:45:47.444root 11241100x80000000000000003845834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16697abc04580daa2021-12-22 11:45:47.444root 11241100x80000000000000003845835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7658d44bb9cb155c2021-12-22 11:45:47.444root 11241100x80000000000000003845836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e34363a16a73e72021-12-22 11:45:47.444root 11241100x80000000000000003845837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d16babef3f955e52021-12-22 11:45:47.444root 11241100x80000000000000003845838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba91cc5eb07e4a2d2021-12-22 11:45:47.444root 11241100x80000000000000003845839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9302ab5eaae03a552021-12-22 11:45:47.444root 11241100x80000000000000003845840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf13b03eec6c99f02021-12-22 11:45:47.445root 11241100x80000000000000003845841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9f01e4fa96933c2021-12-22 11:45:47.445root 11241100x80000000000000003845842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd5aa1d229e62982021-12-22 11:45:47.943root 11241100x80000000000000003845843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee18bac4371a8a62021-12-22 11:45:47.943root 11241100x80000000000000003845844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d00afb55dc62ee62021-12-22 11:45:47.943root 11241100x80000000000000003845845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec873175e102cfd2021-12-22 11:45:47.943root 11241100x80000000000000003845846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cd9c1d8af7992a2021-12-22 11:45:47.943root 11241100x80000000000000003845847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b7113c6e48c66e2021-12-22 11:45:47.943root 11241100x80000000000000003845848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076ab1fb18ab57442021-12-22 11:45:47.944root 11241100x80000000000000003845849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dce1b7a4dd0336c2021-12-22 11:45:47.944root 11241100x80000000000000003845850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2844702fa12130eb2021-12-22 11:45:47.944root 11241100x80000000000000003845851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0317b1ec072a65e2021-12-22 11:45:47.944root 11241100x80000000000000003845852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34193e65c1964662021-12-22 11:45:47.944root 11241100x80000000000000003845853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aaeaa560aa5cb4c2021-12-22 11:45:47.944root 11241100x80000000000000003845854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4095bc46b5ec78aa2021-12-22 11:45:47.944root 11241100x80000000000000003845855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d3d2da5fb540f92021-12-22 11:45:47.944root 11241100x80000000000000003845856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75a3283022677172021-12-22 11:45:47.944root 11241100x80000000000000003845857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb46daf0436e2612021-12-22 11:45:48.443root 11241100x80000000000000003845858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc9e09b6c15c9d02021-12-22 11:45:48.443root 11241100x80000000000000003845859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5780a8f1ba3c46e62021-12-22 11:45:48.444root 11241100x80000000000000003845860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6cc9588a702b6f82021-12-22 11:45:48.444root 11241100x80000000000000003845861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493d15acda0c0a9b2021-12-22 11:45:48.444root 11241100x80000000000000003845862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e76d80050690362021-12-22 11:45:48.444root 11241100x80000000000000003845863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2134d4343932666e2021-12-22 11:45:48.444root 11241100x80000000000000003845864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b670b539f4ca9162021-12-22 11:45:48.444root 11241100x80000000000000003845865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a65bfdefe3453da2021-12-22 11:45:48.444root 11241100x80000000000000003845866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0dc2ad33e361052021-12-22 11:45:48.445root 11241100x80000000000000003845867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9489dffdbc24072021-12-22 11:45:48.445root 11241100x80000000000000003845868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7cfd3e36ff2c3892021-12-22 11:45:48.445root 11241100x80000000000000003845869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e606800962887a2021-12-22 11:45:48.447root 11241100x80000000000000003845870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5672e611021e59a12021-12-22 11:45:48.447root 11241100x80000000000000003845871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d926bc87d7e25b2021-12-22 11:45:48.447root 11241100x80000000000000003845872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4fd712f24a95322021-12-22 11:45:48.943root 11241100x80000000000000003845873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f143863deb70cf062021-12-22 11:45:48.943root 11241100x80000000000000003845874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c232f68c00db2b732021-12-22 11:45:48.944root 11241100x80000000000000003845875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d796cd1127eafb262021-12-22 11:45:48.944root 11241100x80000000000000003845876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f8b623e314ecad2021-12-22 11:45:48.944root 11241100x80000000000000003845877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b83e7632e16d632021-12-22 11:45:48.944root 11241100x80000000000000003845878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbdc8407a1720edc2021-12-22 11:45:48.944root 11241100x80000000000000003845879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a1d6d369a1f05a2021-12-22 11:45:48.945root 11241100x80000000000000003845880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d23a154b0b09a22021-12-22 11:45:48.945root 11241100x80000000000000003845881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42cee89d68cb89b2021-12-22 11:45:48.945root 11241100x80000000000000003845882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8d329f9a611aab2021-12-22 11:45:48.946root 11241100x80000000000000003845883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f93ede84a3bfff42021-12-22 11:45:48.946root 11241100x80000000000000003845884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6fa7da158aaeed2021-12-22 11:45:48.946root 11241100x80000000000000003845885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45946baeee18b27d2021-12-22 11:45:48.946root 11241100x80000000000000003845886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ebb73a0eb2707b2021-12-22 11:45:48.947root 11241100x80000000000000003845887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4868d665b74cae022021-12-22 11:45:49.443root 11241100x80000000000000003845888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43145a70a49646ab2021-12-22 11:45:49.444root 11241100x80000000000000003845889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a054a36b0c0025be2021-12-22 11:45:49.444root 11241100x80000000000000003845890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70a2d25788e11d62021-12-22 11:45:49.444root 11241100x80000000000000003845891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa500ff50a84912f2021-12-22 11:45:49.444root 11241100x80000000000000003845892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694fb0c664214f562021-12-22 11:45:49.444root 11241100x80000000000000003845893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c54d7f7a37477ab2021-12-22 11:45:49.444root 11241100x80000000000000003845894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f701810a7a0ccd8a2021-12-22 11:45:49.444root 11241100x80000000000000003845895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f94ddaa7bc45e52021-12-22 11:45:49.444root 11241100x80000000000000003845896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5f6f53705ce60a2021-12-22 11:45:49.445root 11241100x80000000000000003845897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99abe4a3e28a0dfd2021-12-22 11:45:49.445root 11241100x80000000000000003845898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806fea6b50c7af132021-12-22 11:45:49.445root 11241100x80000000000000003845899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54eb0c7c4da92dbf2021-12-22 11:45:49.445root 11241100x80000000000000003845900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd775ea0fc4399322021-12-22 11:45:49.445root 11241100x80000000000000003845901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966422eb1ff0c86a2021-12-22 11:45:49.445root 11241100x80000000000000003845902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65068de96b357dc32021-12-22 11:45:49.943root 11241100x80000000000000003845903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2933bc4010c3e442021-12-22 11:45:49.944root 11241100x80000000000000003845904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee27687b1cc507b2021-12-22 11:45:49.944root 11241100x80000000000000003845905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9eb0aff20f013f2021-12-22 11:45:49.944root 11241100x80000000000000003845906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7202aa39d7ea86b2021-12-22 11:45:49.945root 11241100x80000000000000003845907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e471a75032dad12021-12-22 11:45:49.946root 11241100x80000000000000003845908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5cf63f7033e75a82021-12-22 11:45:49.946root 11241100x80000000000000003845909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b046a942b16f06e2021-12-22 11:45:49.946root 11241100x80000000000000003845910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c60bd9d66778f432021-12-22 11:45:49.946root 11241100x80000000000000003845911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad8743d87a8651c2021-12-22 11:45:49.946root 11241100x80000000000000003845912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4461fa1fac3bb7c2021-12-22 11:45:49.946root 11241100x80000000000000003845913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8fef6a3a6e56772021-12-22 11:45:49.947root 11241100x80000000000000003845914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a953cb9028ee5502021-12-22 11:45:49.947root 11241100x80000000000000003845915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2f995dbd84338e2021-12-22 11:45:49.947root 11241100x80000000000000003845916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08dc7bde639303c82021-12-22 11:45:49.947root 11241100x80000000000000003845917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baafc4bf53bb546d2021-12-22 11:45:50.443root 11241100x80000000000000003845918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805349383b2192352021-12-22 11:45:50.443root 11241100x80000000000000003845919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e75f59eed205852021-12-22 11:45:50.443root 11241100x80000000000000003845920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e356162c9857d9572021-12-22 11:45:50.444root 11241100x80000000000000003845921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9ea04a3a0a9a7a2021-12-22 11:45:50.444root 11241100x80000000000000003845922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70aaa349c2e1d9372021-12-22 11:45:50.444root 11241100x80000000000000003845923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a553df4839b0832021-12-22 11:45:50.444root 11241100x80000000000000003845924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01cebab56d6a6012021-12-22 11:45:50.444root 11241100x80000000000000003845925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7e83c64b6b0d3b2021-12-22 11:45:50.444root 11241100x80000000000000003845926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4570a24059ea72a2021-12-22 11:45:50.444root 11241100x80000000000000003845927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324f3b2dd4c200662021-12-22 11:45:50.445root 11241100x80000000000000003845928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47a7549b5db4d152021-12-22 11:45:50.445root 11241100x80000000000000003845929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1034e4736ed9d5b02021-12-22 11:45:50.445root 11241100x80000000000000003845930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496bc3dfb75af44f2021-12-22 11:45:50.445root 11241100x80000000000000003845931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17341d758e349c832021-12-22 11:45:50.445root 11241100x80000000000000003845932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77bce85d49af0e302021-12-22 11:45:50.943root 11241100x80000000000000003845933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19272b48fbd119c32021-12-22 11:45:50.943root 11241100x80000000000000003845934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c00c776555d8f432021-12-22 11:45:50.943root 11241100x80000000000000003845935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e0f88b94d48d372021-12-22 11:45:50.943root 11241100x80000000000000003845936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861f4c5b6f9186722021-12-22 11:45:50.943root 11241100x80000000000000003845937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e874833c594f858e2021-12-22 11:45:50.943root 11241100x80000000000000003845938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ece6243cc0a09e12021-12-22 11:45:50.943root 11241100x80000000000000003845939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3161c4b265d3de2021-12-22 11:45:50.944root 11241100x80000000000000003845940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83af8491da2bcd12021-12-22 11:45:50.944root 11241100x80000000000000003845941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d10df8105a043f2021-12-22 11:45:50.944root 11241100x80000000000000003845942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2b12930c2a89d02021-12-22 11:45:50.944root 11241100x80000000000000003845943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de267e5e8ed5d062021-12-22 11:45:50.944root 11241100x80000000000000003845944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ee81aca4528b6a2021-12-22 11:45:50.944root 11241100x80000000000000003845945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8b92badf69a02f2021-12-22 11:45:50.944root 11241100x80000000000000003845946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd653c8c983c29b2021-12-22 11:45:50.944root 354300x80000000000000003845947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.191{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55420-false10.0.1.12-8000- 11241100x80000000000000003845948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3282d25dc775fa2021-12-22 11:45:51.443root 11241100x80000000000000003845949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7267bbcf1bde552021-12-22 11:45:51.443root 11241100x80000000000000003845950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f073ea6c64d193432021-12-22 11:45:51.443root 11241100x80000000000000003845951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94614f179c1171832021-12-22 11:45:51.443root 11241100x80000000000000003845952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803a4f4f861aaeb42021-12-22 11:45:51.444root 11241100x80000000000000003845953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45dd4f71f83c0fa82021-12-22 11:45:51.444root 11241100x80000000000000003845954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c176d004713c212021-12-22 11:45:51.444root 11241100x80000000000000003845955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb22309ff270f8a2021-12-22 11:45:51.444root 11241100x80000000000000003845956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019d8543717739b72021-12-22 11:45:51.444root 11241100x80000000000000003845957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9b8befc7b2d5282021-12-22 11:45:51.444root 11241100x80000000000000003845958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a67935182b011482021-12-22 11:45:51.444root 11241100x80000000000000003845959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419be8c2be659b032021-12-22 11:45:51.445root 11241100x80000000000000003845960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3ff6ec7929b9752021-12-22 11:45:51.445root 11241100x80000000000000003845961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d629f17a12885762021-12-22 11:45:51.446root 11241100x80000000000000003845962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa2cf2e02e091342021-12-22 11:45:51.446root 11241100x80000000000000003845963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90eff6146b864392021-12-22 11:45:51.446root 11241100x80000000000000003845964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f4a3fee7d966832021-12-22 11:45:51.943root 11241100x80000000000000003845965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b321d40f094c162021-12-22 11:45:51.943root 11241100x80000000000000003845966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e92bffca161ea22021-12-22 11:45:51.943root 11241100x80000000000000003845967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba6f699f10a80422021-12-22 11:45:51.943root 11241100x80000000000000003845968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baec89c143e637e62021-12-22 11:45:51.944root 11241100x80000000000000003845969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70daf60061fdfb82021-12-22 11:45:51.944root 11241100x80000000000000003845970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fcabc24e07d62782021-12-22 11:45:51.944root 11241100x80000000000000003845971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455e6706b8de7bf22021-12-22 11:45:51.944root 11241100x80000000000000003845972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb7920db6974ee02021-12-22 11:45:51.944root 11241100x80000000000000003845973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4be2917b09456c52021-12-22 11:45:51.944root 11241100x80000000000000003845974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5aae5ac3c503e72021-12-22 11:45:51.944root 11241100x80000000000000003845975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b19f1d87c23ce52021-12-22 11:45:51.944root 11241100x80000000000000003845976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6d22bcbe70ddd92021-12-22 11:45:51.945root 11241100x80000000000000003845977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0791c3cb78f636242021-12-22 11:45:51.945root 11241100x80000000000000003845978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4468066b9b6caa8a2021-12-22 11:45:51.945root 11241100x80000000000000003845979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec73c91b220269d2021-12-22 11:45:51.945root 11241100x80000000000000003845980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d187624c78358b2021-12-22 11:45:52.444root 11241100x80000000000000003845981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106c841780350eb02021-12-22 11:45:52.444root 11241100x80000000000000003845982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699da849c37138ac2021-12-22 11:45:52.444root 11241100x80000000000000003845983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3692607729b6a12021-12-22 11:45:52.444root 11241100x80000000000000003845984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c381ea9af273dae72021-12-22 11:45:52.444root 11241100x80000000000000003845985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f801a07e0020202021-12-22 11:45:52.445root 11241100x80000000000000003845986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98955483682852992021-12-22 11:45:52.445root 11241100x80000000000000003845987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a44dd6c5cf33ff62021-12-22 11:45:52.445root 11241100x80000000000000003845988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f2beac0bed547a2021-12-22 11:45:52.445root 11241100x80000000000000003845989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796848152ed2619e2021-12-22 11:45:52.445root 11241100x80000000000000003845990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65153564756ad6062021-12-22 11:45:52.445root 11241100x80000000000000003845991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0849e4b695b03c202021-12-22 11:45:52.445root 11241100x80000000000000003845992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a82078d7483cab2021-12-22 11:45:52.446root 11241100x80000000000000003845993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecec47337ebe23962021-12-22 11:45:52.446root 11241100x80000000000000003845994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0461ac1a34e8e48a2021-12-22 11:45:52.446root 11241100x80000000000000003845995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8126dbb86c79f52f2021-12-22 11:45:52.446root 11241100x80000000000000003845996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49e77564ca6d5232021-12-22 11:45:52.943root 11241100x80000000000000003845997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589c2bfcb4f6d6892021-12-22 11:45:52.943root 11241100x80000000000000003845998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f684f40cb98726092021-12-22 11:45:52.944root 11241100x80000000000000003845999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880ec7041602b7df2021-12-22 11:45:52.944root 11241100x80000000000000003846000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59dc2e10e6bfeaa62021-12-22 11:45:52.944root 11241100x80000000000000003846001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe5a93d31eaa25a2021-12-22 11:45:52.944root 11241100x80000000000000003846002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11680d15ff373bff2021-12-22 11:45:52.945root 11241100x80000000000000003846003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a29c6c560b7ba6d2021-12-22 11:45:52.945root 11241100x80000000000000003846004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435c82b9e8b340352021-12-22 11:45:52.945root 11241100x80000000000000003846005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b6ebbe13093e572021-12-22 11:45:52.945root 11241100x80000000000000003846006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9538fea3a528694b2021-12-22 11:45:52.946root 11241100x80000000000000003846007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2393cf2ee684302021-12-22 11:45:52.946root 11241100x80000000000000003846008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e730e512a340ca692021-12-22 11:45:52.946root 11241100x80000000000000003846009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff7155613e2dc822021-12-22 11:45:52.947root 11241100x80000000000000003846010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b318afccd82696d22021-12-22 11:45:52.947root 11241100x80000000000000003846011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed595d1909c91f9e2021-12-22 11:45:52.947root 11241100x80000000000000003846012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd2d8cb9278d1102021-12-22 11:45:53.443root 11241100x80000000000000003846013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72fdbf3a8d4a0b962021-12-22 11:45:53.443root 11241100x80000000000000003846014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3c7f092bb5ded32021-12-22 11:45:53.444root 11241100x80000000000000003846015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61cf95a9fa04736b2021-12-22 11:45:53.444root 11241100x80000000000000003846016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648ed14f1b4b6fe22021-12-22 11:45:53.444root 11241100x80000000000000003846017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ba31520211958c2021-12-22 11:45:53.444root 11241100x80000000000000003846018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba7167928112dc92021-12-22 11:45:53.444root 11241100x80000000000000003846019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595dabea44bac4132021-12-22 11:45:53.444root 11241100x80000000000000003846020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6783cd1dcf05e9ba2021-12-22 11:45:53.444root 11241100x80000000000000003846021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a2733263c9a3552021-12-22 11:45:53.444root 11241100x80000000000000003846022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d0c9be69e718262021-12-22 11:45:53.445root 11241100x80000000000000003846023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199a9e966e1465182021-12-22 11:45:53.445root 11241100x80000000000000003846024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941f164daa696e222021-12-22 11:45:53.445root 11241100x80000000000000003846025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5271f638882d782021-12-22 11:45:53.445root 11241100x80000000000000003846026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52c994f506c7f7e2021-12-22 11:45:53.445root 11241100x80000000000000003846027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b81f51edefed002021-12-22 11:45:53.445root 11241100x80000000000000003846028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cbf10e2276dd6252021-12-22 11:45:53.943root 11241100x80000000000000003846029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcdb1211500e76012021-12-22 11:45:53.943root 11241100x80000000000000003846030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41210faca5a0196f2021-12-22 11:45:53.943root 11241100x80000000000000003846031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722448c99f7bce212021-12-22 11:45:53.943root 11241100x80000000000000003846032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cdf276b93fd0f72021-12-22 11:45:53.944root 11241100x80000000000000003846033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c43ec53a0e93602021-12-22 11:45:53.944root 11241100x80000000000000003846034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b91f34a703bf1802021-12-22 11:45:53.944root 11241100x80000000000000003846035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ae83f89c293dc62021-12-22 11:45:53.944root 11241100x80000000000000003846036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892c7a88864060f02021-12-22 11:45:53.944root 11241100x80000000000000003846037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1c504fe88bf17c2021-12-22 11:45:53.944root 11241100x80000000000000003846038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1455654a3eb9dcdf2021-12-22 11:45:53.944root 11241100x80000000000000003846039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf43299bbc3d8522021-12-22 11:45:53.945root 11241100x80000000000000003846040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bde19623e9c83de2021-12-22 11:45:53.945root 11241100x80000000000000003846041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f063533205293ff2021-12-22 11:45:53.945root 11241100x80000000000000003846042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918d6567a67566532021-12-22 11:45:53.945root 11241100x80000000000000003846043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec953cd841f304b2021-12-22 11:45:53.945root 11241100x80000000000000003846044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54f0ffe2ce7c30a2021-12-22 11:45:54.443root 11241100x80000000000000003846045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e4621606c3f19c2021-12-22 11:45:54.443root 11241100x80000000000000003846046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019b30fcc40a72422021-12-22 11:45:54.443root 11241100x80000000000000003846047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab4d203cf515ebd2021-12-22 11:45:54.443root 11241100x80000000000000003846048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c6464c7f8f9b7e2021-12-22 11:45:54.443root 11241100x80000000000000003846049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52129153c51254592021-12-22 11:45:54.444root 11241100x80000000000000003846050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bce35124b1c98bd2021-12-22 11:45:54.444root 11241100x80000000000000003846051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c095757fac4b36262021-12-22 11:45:54.444root 11241100x80000000000000003846052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8253dcb981878c752021-12-22 11:45:54.444root 11241100x80000000000000003846053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1d77b6c9c3b87a2021-12-22 11:45:54.444root 11241100x80000000000000003846054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3289bb881f120a32021-12-22 11:45:54.444root 11241100x80000000000000003846055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8baa6a08358dc202021-12-22 11:45:54.444root 11241100x80000000000000003846056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56660f6f18f8213e2021-12-22 11:45:54.444root 11241100x80000000000000003846057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14a3ac00e92308a2021-12-22 11:45:54.445root 11241100x80000000000000003846058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cee506da77e75842021-12-22 11:45:54.445root 11241100x80000000000000003846059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8416decbb4f0dc2021-12-22 11:45:54.445root 11241100x80000000000000003846060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be81eeabf9a29a62021-12-22 11:45:54.943root 11241100x80000000000000003846061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b9b3ae79a45af82021-12-22 11:45:54.943root 11241100x80000000000000003846062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18decaca62510b02021-12-22 11:45:54.944root 11241100x80000000000000003846063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c21c03c526bdc582021-12-22 11:45:54.944root 11241100x80000000000000003846064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6095faad0d5e62cc2021-12-22 11:45:54.944root 11241100x80000000000000003846065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2fd643e72de92f02021-12-22 11:45:54.944root 11241100x80000000000000003846066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8937c507adb88052021-12-22 11:45:54.944root 11241100x80000000000000003846067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba5c6d45b6e22ff2021-12-22 11:45:54.945root 11241100x80000000000000003846068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df719208706ffcb2021-12-22 11:45:54.945root 11241100x80000000000000003846069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570347f2e7c6e5d72021-12-22 11:45:54.945root 11241100x80000000000000003846070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8329b5c20ef7e782021-12-22 11:45:54.945root 11241100x80000000000000003846071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2a54ce1ce2dd392021-12-22 11:45:54.945root 11241100x80000000000000003846072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5813a2c2fc138f182021-12-22 11:45:54.945root 11241100x80000000000000003846073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdf86abb3ffce0d2021-12-22 11:45:54.945root 11241100x80000000000000003846074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e3735b7a1c34872021-12-22 11:45:54.945root 11241100x80000000000000003846075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f908d31fadabda92021-12-22 11:45:54.945root 11241100x80000000000000003846076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0245bdfed00f23e52021-12-22 11:45:55.443root 11241100x80000000000000003846077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f76201845b51ab2021-12-22 11:45:55.443root 11241100x80000000000000003846078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c55b5bb1b601632021-12-22 11:45:55.443root 11241100x80000000000000003846079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882d69ca414584fc2021-12-22 11:45:55.443root 11241100x80000000000000003846080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af6aaee11a394e32021-12-22 11:45:55.443root 11241100x80000000000000003846081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8df646ddb4887582021-12-22 11:45:55.444root 11241100x80000000000000003846082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33c2b4cd0f628af2021-12-22 11:45:55.444root 11241100x80000000000000003846083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5fe66b7155d64802021-12-22 11:45:55.444root 11241100x80000000000000003846084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d55bc6b4f6dcf62021-12-22 11:45:55.444root 11241100x80000000000000003846085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ea30a9411b13762021-12-22 11:45:55.444root 11241100x80000000000000003846086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20dbe6a64f56b9f2021-12-22 11:45:55.444root 11241100x80000000000000003846087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24bf1ce972f264612021-12-22 11:45:55.444root 11241100x80000000000000003846088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00bf066eb3fb92e2021-12-22 11:45:55.444root 11241100x80000000000000003846089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e58c5b6fd62a1a02021-12-22 11:45:55.444root 11241100x80000000000000003846090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa91a28c3328d4692021-12-22 11:45:55.444root 11241100x80000000000000003846091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efad914e853196712021-12-22 11:45:55.445root 11241100x80000000000000003846092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6beb134e62804d182021-12-22 11:45:55.943root 11241100x80000000000000003846093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c307f4cb1093be2021-12-22 11:45:55.943root 11241100x80000000000000003846094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8730106d2aea67802021-12-22 11:45:55.943root 11241100x80000000000000003846095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8cd0e9714a4d922021-12-22 11:45:55.943root 11241100x80000000000000003846096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b35ac996acceb8a2021-12-22 11:45:55.943root 11241100x80000000000000003846097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7d5de2fdbda5452021-12-22 11:45:55.944root 11241100x80000000000000003846098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83ab8bfee08a83e2021-12-22 11:45:55.944root 11241100x80000000000000003846099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18e38f1c8ce2a272021-12-22 11:45:55.944root 11241100x80000000000000003846100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a861ba635d347202021-12-22 11:45:55.944root 11241100x80000000000000003846101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b06acd5e138f272021-12-22 11:45:55.944root 11241100x80000000000000003846102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4bc915f91d387fd2021-12-22 11:45:55.944root 11241100x80000000000000003846103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86dd16d2439ada722021-12-22 11:45:55.944root 11241100x80000000000000003846104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4c0b6ec920e8d62021-12-22 11:45:55.944root 11241100x80000000000000003846105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a433cdece99b2af2021-12-22 11:45:55.944root 11241100x80000000000000003846106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb4b7d69d01879c2021-12-22 11:45:55.944root 11241100x80000000000000003846107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54aefde4763bbc572021-12-22 11:45:55.945root 354300x80000000000000003846108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.244{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55422-false10.0.1.12-8000- 11241100x80000000000000003846109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ec6a125109c4e72021-12-22 11:45:56.244root 11241100x80000000000000003846110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dfb4554dff9f1262021-12-22 11:45:56.244root 11241100x80000000000000003846111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf6df836dc7ba192021-12-22 11:45:56.244root 11241100x80000000000000003846112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377b65e7501427e32021-12-22 11:45:56.245root 11241100x80000000000000003846113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76193603b9c75db32021-12-22 11:45:56.245root 11241100x80000000000000003846114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355ab79f45e887e52021-12-22 11:45:56.245root 11241100x80000000000000003846115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21fc2c25296664992021-12-22 11:45:56.245root 11241100x80000000000000003846116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ae07933dcc2c172021-12-22 11:45:56.245root 11241100x80000000000000003846117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dade38a1dbd9d17c2021-12-22 11:45:56.245root 11241100x80000000000000003846118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90b483a97a823a62021-12-22 11:45:56.245root 11241100x80000000000000003846119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc7caa8079655062021-12-22 11:45:56.245root 11241100x80000000000000003846120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d143d216d5401d2021-12-22 11:45:56.245root 11241100x80000000000000003846121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b812816c987f3b592021-12-22 11:45:56.245root 11241100x80000000000000003846122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628e382fae9acf8e2021-12-22 11:45:56.245root 11241100x80000000000000003846123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdcb1f4eacc140632021-12-22 11:45:56.245root 11241100x80000000000000003846124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976a023125794a312021-12-22 11:45:56.245root 11241100x80000000000000003846125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f175035c229732542021-12-22 11:45:56.245root 11241100x80000000000000003846126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432160c93d7bed862021-12-22 11:45:56.693root 11241100x80000000000000003846127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7bf8a17915dda12021-12-22 11:45:56.693root 11241100x80000000000000003846128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dffd219295ef8492021-12-22 11:45:56.693root 11241100x80000000000000003846129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de6b6372226a5582021-12-22 11:45:56.693root 11241100x80000000000000003846130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60abb2648da3ff732021-12-22 11:45:56.693root 11241100x80000000000000003846131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83292a41c926b5cc2021-12-22 11:45:56.693root 11241100x80000000000000003846132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cff921eaaf95ab72021-12-22 11:45:56.693root 11241100x80000000000000003846133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6a3c62e9e129f72021-12-22 11:45:56.693root 11241100x80000000000000003846134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5481056837748cd62021-12-22 11:45:56.694root 11241100x80000000000000003846135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14caca4a3c1058262021-12-22 11:45:56.694root 11241100x80000000000000003846136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03568e10b0bb6e8c2021-12-22 11:45:56.694root 11241100x80000000000000003846137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524af709367296422021-12-22 11:45:56.694root 11241100x80000000000000003846138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9af935a9b451542021-12-22 11:45:56.694root 11241100x80000000000000003846139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1bdac1885847dc22021-12-22 11:45:56.694root 11241100x80000000000000003846140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc9e966fe577be72021-12-22 11:45:56.694root 11241100x80000000000000003846141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5340c79dabb83fa72021-12-22 11:45:56.694root 11241100x80000000000000003846142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5553ddf575cbc32021-12-22 11:45:56.694root 11241100x80000000000000003846143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5454a1f6e6557e2021-12-22 11:45:57.193root 11241100x80000000000000003846144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650082b898d9ca382021-12-22 11:45:57.193root 11241100x80000000000000003846145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b7218d719683da72021-12-22 11:45:57.194root 11241100x80000000000000003846146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4a1cc929c373522021-12-22 11:45:57.194root 11241100x80000000000000003846147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d53c1564b742442021-12-22 11:45:57.194root 11241100x80000000000000003846148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44aadabacc9c6252021-12-22 11:45:57.194root 11241100x80000000000000003846149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71db1bb45fd6e4f32021-12-22 11:45:57.194root 11241100x80000000000000003846150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f87f9c8004bab442021-12-22 11:45:57.194root 11241100x80000000000000003846151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673419e25bb54e962021-12-22 11:45:57.195root 11241100x80000000000000003846152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1abbfcef439c412021-12-22 11:45:57.195root 11241100x80000000000000003846153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84df4b5817aee7c2021-12-22 11:45:57.195root 11241100x80000000000000003846154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a82d67656a3bf182021-12-22 11:45:57.195root 11241100x80000000000000003846155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88ed27001da22732021-12-22 11:45:57.195root 11241100x80000000000000003846156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af4f1e448036e8f2021-12-22 11:45:57.195root 11241100x80000000000000003846157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3825d126fc6ad4f12021-12-22 11:45:57.196root 11241100x80000000000000003846158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476e12170a67523d2021-12-22 11:45:57.196root 11241100x80000000000000003846159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6258af529331fe2021-12-22 11:45:57.196root 11241100x80000000000000003846160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c313c52d5e5c122021-12-22 11:45:57.693root 11241100x80000000000000003846161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84cb055bbcf81c872021-12-22 11:45:57.693root 11241100x80000000000000003846162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97fbd41f6de3d39f2021-12-22 11:45:57.693root 11241100x80000000000000003846163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1752adb5005b2fb72021-12-22 11:45:57.694root 11241100x80000000000000003846164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a143868e06a09f2021-12-22 11:45:57.695root 11241100x80000000000000003846165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53598a5fe0570f062021-12-22 11:45:57.695root 11241100x80000000000000003846166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6a51f55ac3c8b42021-12-22 11:45:57.695root 11241100x80000000000000003846167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a97da17cc3ca2f32021-12-22 11:45:57.696root 11241100x80000000000000003846168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35be13095f8a91a82021-12-22 11:45:57.697root 11241100x80000000000000003846169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bac094815485d082021-12-22 11:45:57.697root 11241100x80000000000000003846170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4ff996e66f14d12021-12-22 11:45:57.698root 11241100x80000000000000003846171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9ad2706b21d8322021-12-22 11:45:57.698root 11241100x80000000000000003846172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317338bfb56c01d82021-12-22 11:45:57.698root 11241100x80000000000000003846173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a956674c0fb4a9d82021-12-22 11:45:57.698root 11241100x80000000000000003846174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58bbd336c667c1c42021-12-22 11:45:57.699root 11241100x80000000000000003846175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d8ff49457c01e22021-12-22 11:45:57.699root 11241100x80000000000000003846176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677b87eb7ee03c802021-12-22 11:45:57.699root 11241100x80000000000000003846177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddcdd33c657de7122021-12-22 11:45:58.193root 11241100x80000000000000003846178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2e1216f8b39b392021-12-22 11:45:58.193root 11241100x80000000000000003846179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c224ef302fdb7c6c2021-12-22 11:45:58.193root 11241100x80000000000000003846180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f799b55e40032d42021-12-22 11:45:58.193root 11241100x80000000000000003846181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80fe949042582602021-12-22 11:45:58.193root 11241100x80000000000000003846182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e9e9945dc9053e2021-12-22 11:45:58.194root 11241100x80000000000000003846183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bafbbcb6d3dea5a2021-12-22 11:45:58.194root 11241100x80000000000000003846184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc5add294ab83892021-12-22 11:45:58.194root 11241100x80000000000000003846185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7e5769c0893f602021-12-22 11:45:58.194root 11241100x80000000000000003846186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181018a89fc75e152021-12-22 11:45:58.194root 11241100x80000000000000003846187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566e5c0f88784b0b2021-12-22 11:45:58.194root 11241100x80000000000000003846188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fca8110851c93952021-12-22 11:45:58.194root 11241100x80000000000000003846189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2210f94441192722021-12-22 11:45:58.194root 11241100x80000000000000003846190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a29e90528fd0ca2021-12-22 11:45:58.194root 11241100x80000000000000003846191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd7995e30d227692021-12-22 11:45:58.194root 11241100x80000000000000003846192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b90cc08c38cdf72021-12-22 11:45:58.194root 11241100x80000000000000003846193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338aabf566e596b62021-12-22 11:45:58.194root 11241100x80000000000000003846194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825e887efbbf13012021-12-22 11:45:58.693root 11241100x80000000000000003846195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b0269f74b8f8982021-12-22 11:45:58.693root 11241100x80000000000000003846196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e6d3c0e9bc9e902021-12-22 11:45:58.693root 11241100x80000000000000003846197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf59daff81018acc2021-12-22 11:45:58.693root 11241100x80000000000000003846198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecaccdbbeb0fa8682021-12-22 11:45:58.693root 11241100x80000000000000003846199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332c99a1544b96052021-12-22 11:45:58.694root 11241100x80000000000000003846200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78256da223337b702021-12-22 11:45:58.694root 11241100x80000000000000003846201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3555dd4d64e259f2021-12-22 11:45:58.694root 11241100x80000000000000003846202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bba6e0d397dcb652021-12-22 11:45:58.694root 11241100x80000000000000003846203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c5836ba4117bc72021-12-22 11:45:58.694root 11241100x80000000000000003846204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19cb025346711072021-12-22 11:45:58.694root 11241100x80000000000000003846205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170ff481202318af2021-12-22 11:45:58.694root 11241100x80000000000000003846206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffe9d5bf9ca460b2021-12-22 11:45:58.694root 11241100x80000000000000003846207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb76df6f1e832a32021-12-22 11:45:58.694root 11241100x80000000000000003846208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821e80d2a5f5cd222021-12-22 11:45:58.694root 11241100x80000000000000003846209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0be5051975ea9bf2021-12-22 11:45:58.694root 11241100x80000000000000003846210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b1c856c0c3cb862021-12-22 11:45:58.694root 11241100x80000000000000003846211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37068555cdaaf6bb2021-12-22 11:45:59.193root 11241100x80000000000000003846212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6b22b0673fe0db2021-12-22 11:45:59.193root 11241100x80000000000000003846213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58de23e5233d0d242021-12-22 11:45:59.194root 11241100x80000000000000003846214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ec1a8256a3859a2021-12-22 11:45:59.194root 11241100x80000000000000003846215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83572949d4752e872021-12-22 11:45:59.194root 11241100x80000000000000003846216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90a352fd2fa4bd22021-12-22 11:45:59.194root 11241100x80000000000000003846217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68fe49887d7d7cfa2021-12-22 11:45:59.194root 11241100x80000000000000003846218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45aeca0c52f2e7e2021-12-22 11:45:59.195root 11241100x80000000000000003846219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e247642751557b32021-12-22 11:45:59.195root 11241100x80000000000000003846220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd61eba625c25c32021-12-22 11:45:59.195root 11241100x80000000000000003846221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c6b9bf2809d1a32021-12-22 11:45:59.195root 11241100x80000000000000003846222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d374ace2da013e882021-12-22 11:45:59.195root 11241100x80000000000000003846223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115e4f52009cfc322021-12-22 11:45:59.195root 11241100x80000000000000003846224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f789ff0172d9213b2021-12-22 11:45:59.195root 11241100x80000000000000003846225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb60b3dd974562272021-12-22 11:45:59.195root 11241100x80000000000000003846226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db3c15e214e691f2021-12-22 11:45:59.195root 11241100x80000000000000003846227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f614c0533735e97d2021-12-22 11:45:59.195root 11241100x80000000000000003846228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c04bc5abc00a2c82021-12-22 11:45:59.693root 11241100x80000000000000003846229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a75979a1870c1732021-12-22 11:45:59.693root 11241100x80000000000000003846230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd015b4182aa3d122021-12-22 11:45:59.693root 11241100x80000000000000003846231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21cdc8188a5122f2021-12-22 11:45:59.693root 11241100x80000000000000003846232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e0b3f2121decdb2021-12-22 11:45:59.693root 11241100x80000000000000003846233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e38127704aefb02021-12-22 11:45:59.693root 11241100x80000000000000003846234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d37485ee394c952021-12-22 11:45:59.693root 11241100x80000000000000003846235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bcc225acd205d32021-12-22 11:45:59.693root 11241100x80000000000000003846236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4f64ccbd9780062021-12-22 11:45:59.694root 11241100x80000000000000003846237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f63ea47ccc154172021-12-22 11:45:59.694root 11241100x80000000000000003846238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f479b7dbbc4e152021-12-22 11:45:59.694root 11241100x80000000000000003846239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ddbfad1718633a62021-12-22 11:45:59.694root 11241100x80000000000000003846240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef91b85d0f112a5e2021-12-22 11:45:59.694root 11241100x80000000000000003846241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad4bfffe29631b12021-12-22 11:45:59.694root 11241100x80000000000000003846242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7692d5818b81f9e72021-12-22 11:45:59.694root 11241100x80000000000000003846243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13042aaa06e8d3a2021-12-22 11:45:59.695root 11241100x80000000000000003846244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de50b41a35ed47e2021-12-22 11:45:59.695root 11241100x80000000000000003846245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51af8d463c86629e2021-12-22 11:45:59.695root 11241100x80000000000000003846246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4bbcdea1f57d8702021-12-22 11:45:59.695root 11241100x80000000000000003846247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3ca43ae7e2e4212021-12-22 11:45:59.695root 11241100x80000000000000003846248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a1e7674981c8e22021-12-22 11:46:00.193root 11241100x80000000000000003846249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c8abc3272ede372021-12-22 11:46:00.193root 11241100x80000000000000003846250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.addc4ad4fa3fc39c2021-12-22 11:46:00.193root 11241100x80000000000000003846251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf7fbbc82e6c80f2021-12-22 11:46:00.193root 11241100x80000000000000003846252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ddb08cf628bb5b2021-12-22 11:46:00.194root 11241100x80000000000000003846253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c379feff83baea2021-12-22 11:46:00.194root 11241100x80000000000000003846254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a356c2a2c5c9a4552021-12-22 11:46:00.194root 11241100x80000000000000003846255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bfbbe7011619bb2021-12-22 11:46:00.194root 11241100x80000000000000003846256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3073e3f9cab2e1192021-12-22 11:46:00.194root 11241100x80000000000000003846257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd9b5621ccc20972021-12-22 11:46:00.194root 11241100x80000000000000003846258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6350192eaf86e942021-12-22 11:46:00.195root 11241100x80000000000000003846259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013f6d19cde90a412021-12-22 11:46:00.195root 11241100x80000000000000003846260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38cc282d868878b52021-12-22 11:46:00.195root 11241100x80000000000000003846261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1652809f135a8c2021-12-22 11:46:00.195root 11241100x80000000000000003846262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71172b13e12d0b272021-12-22 11:46:00.195root 11241100x80000000000000003846263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab7cf726a78796a2021-12-22 11:46:00.196root 11241100x80000000000000003846264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f141cc2ae5ecf6bc2021-12-22 11:46:00.196root 11241100x80000000000000003846265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa67ae3384a90e62021-12-22 11:46:00.693root 11241100x80000000000000003846266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1d1cbf5a2f7efa2021-12-22 11:46:00.693root 11241100x80000000000000003846267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe227971e81224a2021-12-22 11:46:00.693root 11241100x80000000000000003846268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b79c91f2d7c5c82021-12-22 11:46:00.693root 11241100x80000000000000003846269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13db50d70398446b2021-12-22 11:46:00.693root 11241100x80000000000000003846270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6721c87cf540ad902021-12-22 11:46:00.693root 11241100x80000000000000003846271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961f720a288ef5072021-12-22 11:46:00.693root 11241100x80000000000000003846272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f514ba36cdee242021-12-22 11:46:00.694root 11241100x80000000000000003846273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d799169ef5faab2021-12-22 11:46:00.694root 11241100x80000000000000003846274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053782708ef5ff112021-12-22 11:46:00.694root 11241100x80000000000000003846275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4cb4ff2bd95a492021-12-22 11:46:00.694root 11241100x80000000000000003846276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb93d7432716af42021-12-22 11:46:00.694root 11241100x80000000000000003846277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d2b7f0a48208942021-12-22 11:46:00.694root 11241100x80000000000000003846278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df0bdff1ae9f3f12021-12-22 11:46:00.694root 11241100x80000000000000003846279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358e444a12e261b22021-12-22 11:46:00.694root 11241100x80000000000000003846280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87556cd53e77f7b62021-12-22 11:46:00.694root 11241100x80000000000000003846281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0785a6a5e9bec12f2021-12-22 11:46:00.694root 11241100x80000000000000003846282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b554097ccf0c5a772021-12-22 11:46:01.193root 11241100x80000000000000003846283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57ebe7450b12a172021-12-22 11:46:01.193root 11241100x80000000000000003846284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee49ff3b2e5adbff2021-12-22 11:46:01.193root 11241100x80000000000000003846285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b64271d7abc99c42021-12-22 11:46:01.193root 11241100x80000000000000003846286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2af407cc427f26f2021-12-22 11:46:01.193root 11241100x80000000000000003846287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42cc11c83796e532021-12-22 11:46:01.194root 11241100x80000000000000003846288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168d0f6f98864bab2021-12-22 11:46:01.194root 11241100x80000000000000003846289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f81e633a58bb8d82021-12-22 11:46:01.194root 11241100x80000000000000003846290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f9712204e1d7392021-12-22 11:46:01.194root 11241100x80000000000000003846291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7058c8637d1c19b12021-12-22 11:46:01.194root 11241100x80000000000000003846292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9434984108adc0222021-12-22 11:46:01.194root 11241100x80000000000000003846293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d69aeefd87189882021-12-22 11:46:01.194root 11241100x80000000000000003846294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b59aa0ae7cb5c32021-12-22 11:46:01.194root 11241100x80000000000000003846295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159d3b8edc32f5502021-12-22 11:46:01.194root 11241100x80000000000000003846296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6163a516ffd1072021-12-22 11:46:01.194root 11241100x80000000000000003846297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9de47dff469f532021-12-22 11:46:01.195root 11241100x80000000000000003846298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fd61473cf99cb22021-12-22 11:46:01.195root 11241100x80000000000000003846299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2398a1c872af8a2021-12-22 11:46:01.693root 11241100x80000000000000003846300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c4c08e1a8c681c2021-12-22 11:46:01.693root 11241100x80000000000000003846301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87a54f5227aff6e2021-12-22 11:46:01.693root 11241100x80000000000000003846302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65dc5eb50948e472021-12-22 11:46:01.693root 11241100x80000000000000003846303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8df9652de24eb592021-12-22 11:46:01.693root 11241100x80000000000000003846304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4986c07a1f55b5872021-12-22 11:46:01.693root 11241100x80000000000000003846305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5bcaffabebb8de2021-12-22 11:46:01.693root 11241100x80000000000000003846306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adcfece0eaacda3f2021-12-22 11:46:01.694root 11241100x80000000000000003846307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5ceda3fa1132722021-12-22 11:46:01.694root 11241100x80000000000000003846308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67a98b44c73bd052021-12-22 11:46:01.694root 11241100x80000000000000003846309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288d33b83e48d3a02021-12-22 11:46:01.694root 11241100x80000000000000003846310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685732c50b45d4332021-12-22 11:46:01.694root 11241100x80000000000000003846311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2781eb372655d72021-12-22 11:46:01.694root 11241100x80000000000000003846312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c475737788e9bd2021-12-22 11:46:01.694root 11241100x80000000000000003846313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c150ace2b71235512021-12-22 11:46:01.695root 11241100x80000000000000003846314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e081f25a236579e2021-12-22 11:46:01.695root 11241100x80000000000000003846315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20adc50944d9844a2021-12-22 11:46:01.695root 354300x80000000000000003846316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.043{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55424-false10.0.1.12-8000- 11241100x80000000000000003846317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6221c12a8d05a8862021-12-22 11:46:02.043root 11241100x80000000000000003846318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216e2d3c8a83a3662021-12-22 11:46:02.044root 11241100x80000000000000003846319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455c74b02f49b9762021-12-22 11:46:02.044root 11241100x80000000000000003846320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246fff57e8fcd6402021-12-22 11:46:02.044root 11241100x80000000000000003846321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f775582e7de37e2021-12-22 11:46:02.044root 11241100x80000000000000003846322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17e3a134bdb11bd2021-12-22 11:46:02.044root 11241100x80000000000000003846323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2607a0aef38e223b2021-12-22 11:46:02.044root 11241100x80000000000000003846324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff223ff72cb86a92021-12-22 11:46:02.044root 11241100x80000000000000003846325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b835854a1946d1622021-12-22 11:46:02.044root 11241100x80000000000000003846326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa6913ab5f17b6d2021-12-22 11:46:02.044root 11241100x80000000000000003846327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45818b897c459142021-12-22 11:46:02.045root 11241100x80000000000000003846328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9405865f370d48072021-12-22 11:46:02.045root 11241100x80000000000000003846329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2645a6c7f53a8f02021-12-22 11:46:02.045root 11241100x80000000000000003846330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea08c92fb5f8a7c52021-12-22 11:46:02.045root 11241100x80000000000000003846331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573d7e3f138892332021-12-22 11:46:02.045root 11241100x80000000000000003846332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c177e62772b8372021-12-22 11:46:02.045root 11241100x80000000000000003846333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ca32eaad538d452021-12-22 11:46:02.045root 11241100x80000000000000003846334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6a6252cadf22ac2021-12-22 11:46:02.046root 11241100x80000000000000003846335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ebb7c82b9cae9b2021-12-22 11:46:02.046root 11241100x80000000000000003846336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b01ece67e1603c2021-12-22 11:46:02.046root 11241100x80000000000000003846337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c540c3c7849071c2021-12-22 11:46:02.046root 11241100x80000000000000003846338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0a8c9eb135ff552021-12-22 11:46:02.046root 11241100x80000000000000003846339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d3f71540a340072021-12-22 11:46:02.443root 11241100x80000000000000003846340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04f5cb790bbc09f2021-12-22 11:46:02.443root 11241100x80000000000000003846341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4996ed7c52481dc22021-12-22 11:46:02.444root 11241100x80000000000000003846342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197624a351224d322021-12-22 11:46:02.444root 11241100x80000000000000003846343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ea257e886a6bd52021-12-22 11:46:02.444root 11241100x80000000000000003846344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fdd3b8b7991c5b32021-12-22 11:46:02.444root 11241100x80000000000000003846345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1db35fe06a605cd2021-12-22 11:46:02.444root 11241100x80000000000000003846346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76897edbd85445b2021-12-22 11:46:02.444root 11241100x80000000000000003846347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41539b435f24e5382021-12-22 11:46:02.444root 11241100x80000000000000003846348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ad9b4e86f5620f2021-12-22 11:46:02.444root 11241100x80000000000000003846349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2669f4301d45580c2021-12-22 11:46:02.445root 11241100x80000000000000003846350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7dbada8ab79f962021-12-22 11:46:02.445root 11241100x80000000000000003846351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8eb080bab1f743e2021-12-22 11:46:02.445root 11241100x80000000000000003846352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f22f80d6abae0082021-12-22 11:46:02.445root 11241100x80000000000000003846353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166b4e97f64055b52021-12-22 11:46:02.445root 11241100x80000000000000003846354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ffd250fca8fdb02021-12-22 11:46:02.445root 11241100x80000000000000003846355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32333acdbdf85f0a2021-12-22 11:46:02.446root 11241100x80000000000000003846356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2acacd1cb7d1b9152021-12-22 11:46:02.446root 11241100x80000000000000003846357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8a0d37a99108bd2021-12-22 11:46:02.943root 11241100x80000000000000003846358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5749e61705cb1f02021-12-22 11:46:02.943root 11241100x80000000000000003846359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb08422d2cb2f352021-12-22 11:46:02.944root 11241100x80000000000000003846360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a4e73137ad1f902021-12-22 11:46:02.944root 11241100x80000000000000003846361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94bc822904e3c55d2021-12-22 11:46:02.944root 11241100x80000000000000003846362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc2acf30bff44fc2021-12-22 11:46:02.945root 11241100x80000000000000003846363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5021c5229bd808b2021-12-22 11:46:02.945root 11241100x80000000000000003846364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7c3707343da3352021-12-22 11:46:02.946root 11241100x80000000000000003846365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a031d7a02b5c062021-12-22 11:46:02.946root 11241100x80000000000000003846366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f46ff3766bdb86d2021-12-22 11:46:02.946root 11241100x80000000000000003846367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4982fea1b6e2343e2021-12-22 11:46:02.946root 11241100x80000000000000003846368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b15179f3f52d4502021-12-22 11:46:02.947root 11241100x80000000000000003846369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a703a9c3877ae72021-12-22 11:46:02.947root 11241100x80000000000000003846370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b3a43c65c9412d2021-12-22 11:46:02.947root 11241100x80000000000000003846371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69df0b2ccf951de82021-12-22 11:46:02.947root 11241100x80000000000000003846372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd2f539c558d7ed2021-12-22 11:46:02.947root 11241100x80000000000000003846373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e5989d83195cb72021-12-22 11:46:02.947root 11241100x80000000000000003846374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fdacf1427b5c5d2021-12-22 11:46:02.948root 11241100x80000000000000003846375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.144{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-22 11:46:03.144root 11241100x80000000000000003846376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2c78eeff95abdb2021-12-22 11:46:03.443root 11241100x80000000000000003846377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9419fd628f4ba43b2021-12-22 11:46:03.443root 11241100x80000000000000003846378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0acd89e1968af9a32021-12-22 11:46:03.443root 11241100x80000000000000003846379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826d81c5c0087ceb2021-12-22 11:46:03.443root 11241100x80000000000000003846380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e238451872682f2021-12-22 11:46:03.444root 11241100x80000000000000003846381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0800604bae20c2c52021-12-22 11:46:03.444root 11241100x80000000000000003846382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33af132b76ce35a32021-12-22 11:46:03.444root 11241100x80000000000000003846383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c9aaa1205c54702021-12-22 11:46:03.444root 11241100x80000000000000003846384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.359dff7b465e1f4b2021-12-22 11:46:03.444root 11241100x80000000000000003846385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ffa93742cec1b82021-12-22 11:46:03.444root 11241100x80000000000000003846386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f62c250954b7332021-12-22 11:46:03.444root 11241100x80000000000000003846387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c12c053fdf95632021-12-22 11:46:03.444root 11241100x80000000000000003846388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fa0d96d10c5a1a2021-12-22 11:46:03.444root 11241100x80000000000000003846389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61a1d134827c6022021-12-22 11:46:03.444root 11241100x80000000000000003846390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a3da788f4a99d02021-12-22 11:46:03.444root 11241100x80000000000000003846391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4f3064811564cb2021-12-22 11:46:03.445root 11241100x80000000000000003846392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d897180440370c2021-12-22 11:46:03.445root 11241100x80000000000000003846393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4405eced2d7a822021-12-22 11:46:03.445root 11241100x80000000000000003846394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e422cc3df2c839d2021-12-22 11:46:03.445root 11241100x80000000000000003846395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6862b7dcce324d82021-12-22 11:46:03.943root 11241100x80000000000000003846396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c43482ce282186c2021-12-22 11:46:03.943root 11241100x80000000000000003846397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e3eb5f654e7f732021-12-22 11:46:03.944root 11241100x80000000000000003846398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e77ecb6ca4b6aef2021-12-22 11:46:03.944root 11241100x80000000000000003846399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8703a5a110a5dffa2021-12-22 11:46:03.944root 11241100x80000000000000003846400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265549de4a814f282021-12-22 11:46:03.944root 11241100x80000000000000003846401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a015e75111929b3c2021-12-22 11:46:03.944root 11241100x80000000000000003846402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808d2777071fcb9e2021-12-22 11:46:03.945root 11241100x80000000000000003846403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb71e78ad7401072021-12-22 11:46:03.945root 11241100x80000000000000003846404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267b3e7a32f281652021-12-22 11:46:03.945root 11241100x80000000000000003846405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59010ef9fd1d2742021-12-22 11:46:03.945root 11241100x80000000000000003846406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d930484ce8ad892021-12-22 11:46:03.946root 11241100x80000000000000003846407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429e81ae1269c2c02021-12-22 11:46:03.946root 11241100x80000000000000003846408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e92a3d74e752822021-12-22 11:46:03.946root 11241100x80000000000000003846409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7fc52f7a90f8dc2021-12-22 11:46:03.946root 11241100x80000000000000003846410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58aeb4a82ad4e7b22021-12-22 11:46:03.947root 11241100x80000000000000003846411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2af8ee23c0d4e722021-12-22 11:46:03.947root 11241100x80000000000000003846412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a833e432fb82172021-12-22 11:46:03.947root 11241100x80000000000000003846413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbae2e004cc05c72021-12-22 11:46:03.947root 11241100x80000000000000003846414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f911e51b57ef4422021-12-22 11:46:04.443root 11241100x80000000000000003846415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e531fbdc5396d0b2021-12-22 11:46:04.443root 11241100x80000000000000003846416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d889598207b5f62021-12-22 11:46:04.444root 11241100x80000000000000003846417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cc41174b7fc2782021-12-22 11:46:04.444root 11241100x80000000000000003846418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6eaf22fb2267742021-12-22 11:46:04.444root 11241100x80000000000000003846419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2352a19425107502021-12-22 11:46:04.444root 11241100x80000000000000003846420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c5dd5f7fec955a2021-12-22 11:46:04.444root 11241100x80000000000000003846421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3242c2de74cd332021-12-22 11:46:04.444root 11241100x80000000000000003846422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0998e4b27994652021-12-22 11:46:04.445root 11241100x80000000000000003846423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8417117c5f539fc82021-12-22 11:46:04.445root 11241100x80000000000000003846424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d60bd8edd1cc2b2021-12-22 11:46:04.445root 11241100x80000000000000003846425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5816637bcffc14702021-12-22 11:46:04.445root 11241100x80000000000000003846426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403c30903708c6f72021-12-22 11:46:04.445root 11241100x80000000000000003846427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5548f155e3748792021-12-22 11:46:04.445root 11241100x80000000000000003846428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee14901a5a38ac1f2021-12-22 11:46:04.445root 11241100x80000000000000003846429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eabb3763d7a1eaa02021-12-22 11:46:04.445root 11241100x80000000000000003846430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57eb18726115ec232021-12-22 11:46:04.446root 11241100x80000000000000003846431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c1651a155225c12021-12-22 11:46:04.446root 11241100x80000000000000003846432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fb85b5525d2bbd2021-12-22 11:46:04.446root 11241100x80000000000000003846433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d77df70031b7d82021-12-22 11:46:04.943root 11241100x80000000000000003846434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b117cabb1e774332021-12-22 11:46:04.943root 11241100x80000000000000003846435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995a233b0b23aa5f2021-12-22 11:46:04.943root 11241100x80000000000000003846436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6f57ce57355a4f2021-12-22 11:46:04.943root 11241100x80000000000000003846437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe175417e37bf422021-12-22 11:46:04.944root 11241100x80000000000000003846438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def0eb0ef5213ecc2021-12-22 11:46:04.944root 11241100x80000000000000003846439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1530bc9b49b0ea2021-12-22 11:46:04.944root 11241100x80000000000000003846440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e90ea98922187912021-12-22 11:46:04.944root 11241100x80000000000000003846441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23af2c118f03a6c2021-12-22 11:46:04.944root 11241100x80000000000000003846442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5896b53dc3a4762021-12-22 11:46:04.944root 11241100x80000000000000003846443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3245724cc88dc212021-12-22 11:46:04.945root 11241100x80000000000000003846444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825706869c184c782021-12-22 11:46:04.945root 11241100x80000000000000003846445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c7fbe25924db332021-12-22 11:46:04.945root 11241100x80000000000000003846446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3b719e9e7c6f0c2021-12-22 11:46:04.945root 11241100x80000000000000003846447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b374ecdcb65c99b22021-12-22 11:46:04.945root 11241100x80000000000000003846448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37da9cc5971b20842021-12-22 11:46:04.945root 11241100x80000000000000003846449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6eabbaba2d74ab22021-12-22 11:46:04.945root 11241100x80000000000000003846450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e192773987911f72021-12-22 11:46:04.946root 11241100x80000000000000003846451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d1b62da46e4ea72021-12-22 11:46:04.946root 11241100x80000000000000003846452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8fa55abd6f13cb2021-12-22 11:46:05.443root 11241100x80000000000000003846453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da895996cf90d152021-12-22 11:46:05.443root 11241100x80000000000000003846454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0f4c80e4ebfe202021-12-22 11:46:05.443root 11241100x80000000000000003846455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02a09c88eb97c832021-12-22 11:46:05.443root 11241100x80000000000000003846456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534b8afc2c22ba9c2021-12-22 11:46:05.444root 11241100x80000000000000003846457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b8cd84093e028e2021-12-22 11:46:05.444root 11241100x80000000000000003846458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5a53a848aeaff42021-12-22 11:46:05.444root 11241100x80000000000000003846459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd88b8639c558022021-12-22 11:46:05.444root 11241100x80000000000000003846460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59432c5c9f77e7af2021-12-22 11:46:05.444root 11241100x80000000000000003846461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c2525cd66f10722021-12-22 11:46:05.444root 11241100x80000000000000003846462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197ec0a267a17d612021-12-22 11:46:05.445root 11241100x80000000000000003846463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b5b66056a481582021-12-22 11:46:05.445root 11241100x80000000000000003846464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5bb79c3121e0072021-12-22 11:46:05.445root 11241100x80000000000000003846465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16e21a0d5cf6f102021-12-22 11:46:05.445root 11241100x80000000000000003846466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12e240807ebe3472021-12-22 11:46:05.445root 11241100x80000000000000003846467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba13f8378652d0e2021-12-22 11:46:05.445root 11241100x80000000000000003846468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb32d7d9538bdf8f2021-12-22 11:46:05.445root 11241100x80000000000000003846469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8c2f42175a67922021-12-22 11:46:05.446root 11241100x80000000000000003846470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64dde651b60f2ea2021-12-22 11:46:05.446root 11241100x80000000000000003846471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461461cad0b4a7f52021-12-22 11:46:05.943root 11241100x80000000000000003846472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e50cf968034da362021-12-22 11:46:05.943root 11241100x80000000000000003846473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2ad47099b7a84b2021-12-22 11:46:05.943root 11241100x80000000000000003846474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7275ae88388beca2021-12-22 11:46:05.943root 11241100x80000000000000003846475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1136d0ba26cb0002021-12-22 11:46:05.943root 11241100x80000000000000003846476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc2dfd54834c0a22021-12-22 11:46:05.943root 11241100x80000000000000003846477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e570c09225eb2b2021-12-22 11:46:05.944root 11241100x80000000000000003846478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6e0f4578d3960d2021-12-22 11:46:05.944root 11241100x80000000000000003846479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d664ff0ddada72152021-12-22 11:46:05.944root 11241100x80000000000000003846480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eddd8250ce8699a2021-12-22 11:46:05.944root 11241100x80000000000000003846481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a07ba82eac585142021-12-22 11:46:05.944root 11241100x80000000000000003846482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332a8a4e73ca0b182021-12-22 11:46:05.944root 11241100x80000000000000003846483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb7de3c8edaf7822021-12-22 11:46:05.945root 11241100x80000000000000003846484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707c2ac08b2137ca2021-12-22 11:46:05.945root 11241100x80000000000000003846485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3374bbf9c612281a2021-12-22 11:46:05.945root 11241100x80000000000000003846486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef348cc7b1c4af22021-12-22 11:46:05.945root 11241100x80000000000000003846487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2fb337b2d3931b2021-12-22 11:46:05.945root 11241100x80000000000000003846488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0605c36082657e62021-12-22 11:46:05.945root 11241100x80000000000000003846489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764b6de9c2c757ca2021-12-22 11:46:05.945root 23542300x80000000000000003846490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.144{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000003846491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2847acb85458a1102021-12-22 11:46:06.443root 11241100x80000000000000003846492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b582c016fcb78d812021-12-22 11:46:06.443root 11241100x80000000000000003846493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cac5be4d62598d02021-12-22 11:46:06.443root 11241100x80000000000000003846494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1e4c18fc5f5bab2021-12-22 11:46:06.443root 11241100x80000000000000003846495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd504968ece90692021-12-22 11:46:06.444root 11241100x80000000000000003846496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45dd8d6e3003ec3b2021-12-22 11:46:06.444root 11241100x80000000000000003846497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e285b0ab6233e32021-12-22 11:46:06.444root 11241100x80000000000000003846498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4c95d6056755542021-12-22 11:46:06.444root 11241100x80000000000000003846499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a08f7b66ffdb8d2021-12-22 11:46:06.444root 11241100x80000000000000003846500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6126f75c4e9841a22021-12-22 11:46:06.444root 11241100x80000000000000003846501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35334b823fe23b982021-12-22 11:46:06.444root 11241100x80000000000000003846502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941deac38e5ba21e2021-12-22 11:46:06.444root 11241100x80000000000000003846503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb806e3f3ae02f82021-12-22 11:46:06.444root 11241100x80000000000000003846504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fec80c7179fe17c2021-12-22 11:46:06.444root 11241100x80000000000000003846505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73c2dfe8e13dd7c2021-12-22 11:46:06.444root 11241100x80000000000000003846506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b2595b66dc604b2021-12-22 11:46:06.444root 11241100x80000000000000003846507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90bcd1960127eb8a2021-12-22 11:46:06.444root 11241100x80000000000000003846508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678ec1377e0087c02021-12-22 11:46:06.445root 11241100x80000000000000003846509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b048e425621b0e2021-12-22 11:46:06.445root 11241100x80000000000000003846510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aace0b7b88e2a82e2021-12-22 11:46:06.445root 11241100x80000000000000003846511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c3b06e61758a2f2021-12-22 11:46:06.943root 11241100x80000000000000003846512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0d11dad2dc2c1a2021-12-22 11:46:06.943root 11241100x80000000000000003846513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac14239af25732a2021-12-22 11:46:06.943root 11241100x80000000000000003846514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1338e24ee2cdb5502021-12-22 11:46:06.944root 11241100x80000000000000003846515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53864f2bffe408d2021-12-22 11:46:06.944root 11241100x80000000000000003846516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d76292a6d12810c2021-12-22 11:46:06.944root 11241100x80000000000000003846517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9ee064ced894c82021-12-22 11:46:06.944root 11241100x80000000000000003846518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9255f265367b869b2021-12-22 11:46:06.945root 11241100x80000000000000003846519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8006e469c3b002452021-12-22 11:46:06.945root 11241100x80000000000000003846520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849a4f8fa9a452692021-12-22 11:46:06.945root 11241100x80000000000000003846521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce08e876bb67c9f2021-12-22 11:46:06.945root 11241100x80000000000000003846522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320d5a5d18fdd6532021-12-22 11:46:06.945root 11241100x80000000000000003846523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226f306c6714fa912021-12-22 11:46:06.945root 11241100x80000000000000003846524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d03d9a4fe71b75a2021-12-22 11:46:06.946root 11241100x80000000000000003846525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d6b64708dfeec62021-12-22 11:46:06.946root 11241100x80000000000000003846526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d81547cf659c7762021-12-22 11:46:06.946root 11241100x80000000000000003846527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0cc23629bf045e2021-12-22 11:46:06.946root 11241100x80000000000000003846528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981544a715ad685a2021-12-22 11:46:06.946root 11241100x80000000000000003846529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030a17363af730ac2021-12-22 11:46:06.946root 11241100x80000000000000003846530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1575c83a38cd1c2021-12-22 11:46:06.946root 354300x80000000000000003846531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.217{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55426-false10.0.1.12-8000- 11241100x80000000000000003846532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b776d09413ea3c2021-12-22 11:46:07.217root 11241100x80000000000000003846533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d374ba989906d3b22021-12-22 11:46:07.218root 11241100x80000000000000003846534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b8aef2408b0b4f2021-12-22 11:46:07.218root 11241100x80000000000000003846535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b758e2f53b13b62021-12-22 11:46:07.218root 11241100x80000000000000003846536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6a5e6258a4dade2021-12-22 11:46:07.218root 11241100x80000000000000003846537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0704914fc5b7e0742021-12-22 11:46:07.218root 11241100x80000000000000003846538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29342565e6027faa2021-12-22 11:46:07.218root 11241100x80000000000000003846539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1eb19afd6530892021-12-22 11:46:07.218root 11241100x80000000000000003846540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5cac2287637d6552021-12-22 11:46:07.218root 11241100x80000000000000003846541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad924684087a1bf2021-12-22 11:46:07.218root 11241100x80000000000000003846542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216119dfd9d7a9792021-12-22 11:46:07.218root 11241100x80000000000000003846543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4ae5d5f98776622021-12-22 11:46:07.218root 11241100x80000000000000003846544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1bb019df18cb9f42021-12-22 11:46:07.218root 11241100x80000000000000003846545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e46c2122f86d6d2021-12-22 11:46:07.218root 11241100x80000000000000003846546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd4588c84da93132021-12-22 11:46:07.218root 11241100x80000000000000003846547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8143e2e46037b1de2021-12-22 11:46:07.219root 11241100x80000000000000003846548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bc2ea5c10941732021-12-22 11:46:07.219root 11241100x80000000000000003846549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2147903e6a6c32112021-12-22 11:46:07.219root 11241100x80000000000000003846550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96bcad8f5612ddc72021-12-22 11:46:07.219root 11241100x80000000000000003846551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3272252ecac14822021-12-22 11:46:07.219root 11241100x80000000000000003846552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2edd7aec3528ae562021-12-22 11:46:07.219root 11241100x80000000000000003846553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3e8380dbf130a52021-12-22 11:46:07.219root 11241100x80000000000000003846554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d063c1f2b973deb72021-12-22 11:46:07.219root 11241100x80000000000000003846555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007584001ae1ff212021-12-22 11:46:07.219root 11241100x80000000000000003846556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdfbdd7dab46abe92021-12-22 11:46:07.693root 11241100x80000000000000003846557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd11edc9c22cac12021-12-22 11:46:07.693root 11241100x80000000000000003846558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e3e7bccea4943e2021-12-22 11:46:07.693root 11241100x80000000000000003846559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60a899c47be29242021-12-22 11:46:07.693root 11241100x80000000000000003846560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b91f04b05007402021-12-22 11:46:07.694root 11241100x80000000000000003846561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d18d54c3ff10a12021-12-22 11:46:07.694root 11241100x80000000000000003846562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c033a3a4bf1636c2021-12-22 11:46:07.694root 11241100x80000000000000003846563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb1833bf73b8bdd2021-12-22 11:46:07.694root 11241100x80000000000000003846564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65fdfcf88bc69ed2021-12-22 11:46:07.694root 11241100x80000000000000003846565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8bf3de385876c5d2021-12-22 11:46:07.694root 11241100x80000000000000003846566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef5de0fe1a70f592021-12-22 11:46:07.694root 11241100x80000000000000003846567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6c277d99956e102021-12-22 11:46:07.695root 11241100x80000000000000003846568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de8671bf5e154d52021-12-22 11:46:07.695root 11241100x80000000000000003846569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee88dd5727b129502021-12-22 11:46:07.695root 11241100x80000000000000003846570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03aa2063ec29ccda2021-12-22 11:46:07.695root 11241100x80000000000000003846571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eddddf090b23c612021-12-22 11:46:07.695root 11241100x80000000000000003846572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5f93057a49772c2021-12-22 11:46:07.695root 11241100x80000000000000003846573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61be079280396c82021-12-22 11:46:07.695root 11241100x80000000000000003846574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8c1b63a9b7d64b2021-12-22 11:46:07.695root 11241100x80000000000000003846575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64bf1ab0ddd9848a2021-12-22 11:46:07.695root 11241100x80000000000000003846576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc3e526987237832021-12-22 11:46:07.696root 11241100x80000000000000003846577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8977b97913ef26652021-12-22 11:46:08.193root 11241100x80000000000000003846578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e893c0c8e75bd1f02021-12-22 11:46:08.193root 11241100x80000000000000003846579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a80254233051e412021-12-22 11:46:08.193root 11241100x80000000000000003846580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a879404b820d042021-12-22 11:46:08.193root 11241100x80000000000000003846581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d61441502a402dc2021-12-22 11:46:08.193root 11241100x80000000000000003846582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5067802d61ad896e2021-12-22 11:46:08.193root 11241100x80000000000000003846583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47e0e919c37213f2021-12-22 11:46:08.194root 11241100x80000000000000003846584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f651352166855022021-12-22 11:46:08.194root 11241100x80000000000000003846585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6360b1e3e413f052021-12-22 11:46:08.194root 11241100x80000000000000003846586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f339fe3b20ca0132021-12-22 11:46:08.194root 11241100x80000000000000003846587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bfc76fe67329c192021-12-22 11:46:08.194root 11241100x80000000000000003846588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20dc78cd19338ee2021-12-22 11:46:08.194root 11241100x80000000000000003846589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93bbcfdbf5f81ef92021-12-22 11:46:08.194root 11241100x80000000000000003846590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c6781474665d162021-12-22 11:46:08.194root 11241100x80000000000000003846591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a8dfe02968e7aa2021-12-22 11:46:08.194root 11241100x80000000000000003846592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f19e9e926664d22021-12-22 11:46:08.194root 11241100x80000000000000003846593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5071b6c984f3e4e72021-12-22 11:46:08.195root 11241100x80000000000000003846594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c2d24932907ed42021-12-22 11:46:08.195root 11241100x80000000000000003846595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb693f40968e2f42021-12-22 11:46:08.195root 11241100x80000000000000003846596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19dc135fd29316612021-12-22 11:46:08.195root 11241100x80000000000000003846597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28261e02946ac11c2021-12-22 11:46:08.195root 11241100x80000000000000003846598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6520ad0bbc549aa2021-12-22 11:46:08.693root 11241100x80000000000000003846599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b2f01ab125db1f2021-12-22 11:46:08.693root 11241100x80000000000000003846600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7fb9e707bcf1972021-12-22 11:46:08.693root 11241100x80000000000000003846601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1022dbf7960c911f2021-12-22 11:46:08.694root 11241100x80000000000000003846602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8da40c6b9959ba2021-12-22 11:46:08.694root 11241100x80000000000000003846603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0fabb97c9cdc952021-12-22 11:46:08.694root 11241100x80000000000000003846604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507d7b3a36c6dc9d2021-12-22 11:46:08.694root 11241100x80000000000000003846605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea2dc6222cd3cdc2021-12-22 11:46:08.694root 11241100x80000000000000003846606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3d5d57c759d6362021-12-22 11:46:08.694root 11241100x80000000000000003846607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce98cfdb5760a8062021-12-22 11:46:08.694root 11241100x80000000000000003846608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6226bbc4ea90f5c2021-12-22 11:46:08.694root 11241100x80000000000000003846609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d30f184b6548dc2021-12-22 11:46:08.694root 11241100x80000000000000003846610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86b4b4d42cc8d8a2021-12-22 11:46:08.694root 11241100x80000000000000003846611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2add461082434f2021-12-22 11:46:08.694root 11241100x80000000000000003846612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89cd1f3cb062cc882021-12-22 11:46:08.694root 11241100x80000000000000003846613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a54f976a3ca3242021-12-22 11:46:08.694root 11241100x80000000000000003846614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25afc9145d9468c2021-12-22 11:46:08.694root 11241100x80000000000000003846615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c7ba512eb2f65d2021-12-22 11:46:08.694root 11241100x80000000000000003846616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a94d42a2278ae0f2021-12-22 11:46:08.695root 11241100x80000000000000003846617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056ef34611f028762021-12-22 11:46:08.695root 11241100x80000000000000003846618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e5ad67eea7bdc72021-12-22 11:46:08.695root 11241100x80000000000000003846619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68667077bc77e62f2021-12-22 11:46:09.193root 11241100x80000000000000003846620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ead6f418af665df2021-12-22 11:46:09.194root 11241100x80000000000000003846621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a300994e232885042021-12-22 11:46:09.194root 11241100x80000000000000003846622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42da4b83ef143fce2021-12-22 11:46:09.194root 11241100x80000000000000003846623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aee9390447fff4c2021-12-22 11:46:09.194root 11241100x80000000000000003846624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45703b67d639fbf02021-12-22 11:46:09.194root 11241100x80000000000000003846625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d421b299c50001a2021-12-22 11:46:09.195root 11241100x80000000000000003846626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a038ac0c4fd3bd5e2021-12-22 11:46:09.195root 11241100x80000000000000003846627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ab86b0af203b4d2021-12-22 11:46:09.195root 11241100x80000000000000003846628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7358f4ace81bdc2021-12-22 11:46:09.195root 11241100x80000000000000003846629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c067580c2004aae2021-12-22 11:46:09.195root 11241100x80000000000000003846630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d090dfca082de42021-12-22 11:46:09.195root 11241100x80000000000000003846631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73112f6a3353809f2021-12-22 11:46:09.195root 11241100x80000000000000003846632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4364adbfce40cc9b2021-12-22 11:46:09.195root 11241100x80000000000000003846633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf9fde4e33756d82021-12-22 11:46:09.195root 11241100x80000000000000003846634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a7db7a37055ded2021-12-22 11:46:09.195root 11241100x80000000000000003846635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88fb9cac96cff412021-12-22 11:46:09.195root 11241100x80000000000000003846636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b6268c34830f512021-12-22 11:46:09.196root 11241100x80000000000000003846637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d88e16a1664118a2021-12-22 11:46:09.196root 11241100x80000000000000003846638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6c4f156659c9ba2021-12-22 11:46:09.196root 11241100x80000000000000003846639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2bd7e0551f993442021-12-22 11:46:09.196root 11241100x80000000000000003846640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24123f0ada6883752021-12-22 11:46:09.693root 11241100x80000000000000003846641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfdcaa6e33d66cf2021-12-22 11:46:09.693root 11241100x80000000000000003846642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb63c99264664bd2021-12-22 11:46:09.693root 11241100x80000000000000003846643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6ffed55d2e54862021-12-22 11:46:09.693root 11241100x80000000000000003846644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3dd651d2bc535e2021-12-22 11:46:09.694root 11241100x80000000000000003846645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511d9a0fa4bc06542021-12-22 11:46:09.694root 11241100x80000000000000003846646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6450c0a32ac20292021-12-22 11:46:09.694root 11241100x80000000000000003846647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8733790e007a612021-12-22 11:46:09.694root 11241100x80000000000000003846648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592c2acdd7148cf52021-12-22 11:46:09.694root 11241100x80000000000000003846649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a014b58c1db1a0fa2021-12-22 11:46:09.694root 11241100x80000000000000003846650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09df72837d0c47bf2021-12-22 11:46:09.694root 11241100x80000000000000003846651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc26afc054998f12021-12-22 11:46:09.694root 11241100x80000000000000003846652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da42e316aa4da5f72021-12-22 11:46:09.695root 11241100x80000000000000003846653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53159f15d190a6ac2021-12-22 11:46:09.695root 11241100x80000000000000003846654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f551353e75c71c32021-12-22 11:46:09.695root 11241100x80000000000000003846655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01fc7e92cb11dfe2021-12-22 11:46:09.695root 11241100x80000000000000003846656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c562b030013a402021-12-22 11:46:09.695root 11241100x80000000000000003846657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0b7f48d770dd982021-12-22 11:46:09.695root 11241100x80000000000000003846658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1829839a545d122021-12-22 11:46:09.696root 11241100x80000000000000003846659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b16196f3e0602b2021-12-22 11:46:09.696root 11241100x80000000000000003846660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504da9c5462cd1aa2021-12-22 11:46:09.696root 11241100x80000000000000003846661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751cc63e79280f102021-12-22 11:46:10.193root 11241100x80000000000000003846662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdaebce0c2b8f2e52021-12-22 11:46:10.193root 11241100x80000000000000003846663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1630c1d1be383adf2021-12-22 11:46:10.194root 11241100x80000000000000003846664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79a06e33da209962021-12-22 11:46:10.194root 11241100x80000000000000003846665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d6271fe9adf0e32021-12-22 11:46:10.194root 11241100x80000000000000003846666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a5c1ea0ae05ee52021-12-22 11:46:10.194root 11241100x80000000000000003846667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e061fa1a06e8ced2021-12-22 11:46:10.194root 11241100x80000000000000003846668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c274d320b2fc802021-12-22 11:46:10.194root 11241100x80000000000000003846669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6846311c57f748822021-12-22 11:46:10.194root 11241100x80000000000000003846670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd96a2a6caa0311f2021-12-22 11:46:10.194root 11241100x80000000000000003846671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3480b0fee28bf02021-12-22 11:46:10.194root 11241100x80000000000000003846672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42ec1b1dbc7fb312021-12-22 11:46:10.194root 11241100x80000000000000003846673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c48bf2813214982021-12-22 11:46:10.194root 11241100x80000000000000003846674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4b4dd5fb23d3932021-12-22 11:46:10.194root 11241100x80000000000000003846675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404687a80df70fb22021-12-22 11:46:10.194root 11241100x80000000000000003846676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcfcd7eecb246c82021-12-22 11:46:10.194root 11241100x80000000000000003846677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c4dc79344b5c622021-12-22 11:46:10.194root 11241100x80000000000000003846678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc73a959530b65c2021-12-22 11:46:10.194root 11241100x80000000000000003846679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6722c90965b232982021-12-22 11:46:10.195root 11241100x80000000000000003846680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbf00045f853b8a2021-12-22 11:46:10.195root 11241100x80000000000000003846681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb273d98c02a53ad2021-12-22 11:46:10.195root 11241100x80000000000000003846682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b2e1a9f58615222021-12-22 11:46:10.693root 11241100x80000000000000003846683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3674a2d3589a2acd2021-12-22 11:46:10.693root 11241100x80000000000000003846684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37cf8b80b25ebbe72021-12-22 11:46:10.693root 11241100x80000000000000003846685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f569bc3b77f3932c2021-12-22 11:46:10.693root 11241100x80000000000000003846686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd2a689bf4e60952021-12-22 11:46:10.694root 11241100x80000000000000003846687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3d3227e34a8ca42021-12-22 11:46:10.694root 11241100x80000000000000003846688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b82705b4cc8ad22021-12-22 11:46:10.694root 11241100x80000000000000003846689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60033b81985a6cb2021-12-22 11:46:10.694root 11241100x80000000000000003846690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6839cbeee155e7a2021-12-22 11:46:10.694root 11241100x80000000000000003846691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69219e349e0019982021-12-22 11:46:10.694root 11241100x80000000000000003846692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427c3badf88e62672021-12-22 11:46:10.694root 11241100x80000000000000003846693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09f8b1fa22f5b262021-12-22 11:46:10.694root 11241100x80000000000000003846694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46cb821758f3f7f42021-12-22 11:46:10.694root 11241100x80000000000000003846695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44272d76e27ecaf2021-12-22 11:46:10.694root 11241100x80000000000000003846696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3451a5f3ff9fc45c2021-12-22 11:46:10.694root 11241100x80000000000000003846697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55ae38094c01c122021-12-22 11:46:10.694root 11241100x80000000000000003846698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6368771dbdcfe72021-12-22 11:46:10.694root 11241100x80000000000000003846699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cebae1814b35fef2021-12-22 11:46:10.695root 11241100x80000000000000003846700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681981684bc1575a2021-12-22 11:46:10.695root 11241100x80000000000000003846701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e817b508147eb6942021-12-22 11:46:10.695root 11241100x80000000000000003846702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d48d1fc561ef582021-12-22 11:46:10.695root 11241100x80000000000000003846703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfccfe8ed5c07ce2021-12-22 11:46:11.193root 11241100x80000000000000003846704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e26c1dd9fd026e62021-12-22 11:46:11.193root 11241100x80000000000000003846705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a40d6f9af9fb2202021-12-22 11:46:11.193root 11241100x80000000000000003846706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daac22e0bfcb31732021-12-22 11:46:11.193root 11241100x80000000000000003846707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9cc430c1beea7392021-12-22 11:46:11.193root 11241100x80000000000000003846708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7821660fbf9d2392021-12-22 11:46:11.193root 11241100x80000000000000003846709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbfab1d975a5e51c2021-12-22 11:46:11.194root 11241100x80000000000000003846710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc0a42c86408c9d2021-12-22 11:46:11.194root 11241100x80000000000000003846711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a07e61533786622021-12-22 11:46:11.194root 11241100x80000000000000003846712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b95cd66124b6e32021-12-22 11:46:11.195root 11241100x80000000000000003846713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a329d06629fba9902021-12-22 11:46:11.195root 11241100x80000000000000003846714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab95bb1c86e21e42021-12-22 11:46:11.195root 11241100x80000000000000003846715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc3c319ab0124a92021-12-22 11:46:11.196root 11241100x80000000000000003846716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d52a60591ce2e752021-12-22 11:46:11.196root 11241100x80000000000000003846717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b4934a739be0052021-12-22 11:46:11.196root 11241100x80000000000000003846718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd490e9bd1ec0d72021-12-22 11:46:11.197root 11241100x80000000000000003846719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111986f3f67552a52021-12-22 11:46:11.197root 11241100x80000000000000003846720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b81d2d6cf17a6732021-12-22 11:46:11.197root 11241100x80000000000000003846721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ace91ceacbbfae32021-12-22 11:46:11.197root 11241100x80000000000000003846722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe2cd8ee91efdc92021-12-22 11:46:11.198root 11241100x80000000000000003846723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05baa5ea37b146df2021-12-22 11:46:11.198root 11241100x80000000000000003846724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31a3cb1f16225ed2021-12-22 11:46:11.692root 11241100x80000000000000003846725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2a88473e1c914e2021-12-22 11:46:11.693root 11241100x80000000000000003846726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696bd10b5f6825442021-12-22 11:46:11.693root 11241100x80000000000000003846727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d71b1997bb52bb2021-12-22 11:46:11.693root 11241100x80000000000000003846728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4e5f85fd0821982021-12-22 11:46:11.693root 11241100x80000000000000003846729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504e7ef0e06b963f2021-12-22 11:46:11.694root 11241100x80000000000000003846730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7383da0a4def5e562021-12-22 11:46:11.694root 11241100x80000000000000003846731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21270576b7e912212021-12-22 11:46:11.694root 11241100x80000000000000003846732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991536029f93e16e2021-12-22 11:46:11.694root 11241100x80000000000000003846733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc9bf204a277e632021-12-22 11:46:11.694root 11241100x80000000000000003846734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357501dc52ce2bfa2021-12-22 11:46:11.695root 11241100x80000000000000003846735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe2c534e039087d2021-12-22 11:46:11.695root 11241100x80000000000000003846736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138a2593fd281ef22021-12-22 11:46:11.695root 11241100x80000000000000003846737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c107f15c4958a2df2021-12-22 11:46:11.695root 11241100x80000000000000003846738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d6cf1bcde686c82021-12-22 11:46:11.695root 11241100x80000000000000003846739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2d96b18ea5b8362021-12-22 11:46:11.696root 11241100x80000000000000003846740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3f9fbcec9f952e2021-12-22 11:46:11.696root 11241100x80000000000000003846741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f8996faeb5afd42021-12-22 11:46:11.696root 11241100x80000000000000003846742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd9853fc2b9ad782021-12-22 11:46:11.696root 11241100x80000000000000003846743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7165b56c861d86e2021-12-22 11:46:11.696root 11241100x80000000000000003846744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4356f60b0961b122021-12-22 11:46:11.696root 11241100x80000000000000003846745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9c873892e696532021-12-22 11:46:11.696root 11241100x80000000000000003846746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb8dd882264eb382021-12-22 11:46:11.696root 11241100x80000000000000003846747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66835b363998b6f02021-12-22 11:46:12.192root 11241100x80000000000000003846748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6f73631d6f07472021-12-22 11:46:12.193root 11241100x80000000000000003846749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219146526de90cef2021-12-22 11:46:12.193root 11241100x80000000000000003846750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1a364b28bb2a052021-12-22 11:46:12.193root 11241100x80000000000000003846751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244265ac466c54d82021-12-22 11:46:12.194root 11241100x80000000000000003846752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbd41565ab990b42021-12-22 11:46:12.194root 11241100x80000000000000003846753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4785a27f7af220722021-12-22 11:46:12.194root 11241100x80000000000000003846754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00eb059ef9c5bef2021-12-22 11:46:12.194root 11241100x80000000000000003846755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef598c27bafcbf272021-12-22 11:46:12.194root 11241100x80000000000000003846756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10f427baf0043d72021-12-22 11:46:12.195root 11241100x80000000000000003846757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85735e44496555a72021-12-22 11:46:12.195root 11241100x80000000000000003846758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b46041dee77b5312021-12-22 11:46:12.195root 11241100x80000000000000003846759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f804b07cb30c846f2021-12-22 11:46:12.196root 11241100x80000000000000003846760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64a6eaa1332d53c2021-12-22 11:46:12.196root 11241100x80000000000000003846761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0be328017f53212021-12-22 11:46:12.196root 11241100x80000000000000003846762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4fcb0871ad36a712021-12-22 11:46:12.196root 11241100x80000000000000003846763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eab8b8d1a7e39032021-12-22 11:46:12.197root 11241100x80000000000000003846764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3838f0c3aaaa72132021-12-22 11:46:12.197root 11241100x80000000000000003846765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0f1638ffb0789a2021-12-22 11:46:12.197root 11241100x80000000000000003846766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b99952f43b23582021-12-22 11:46:12.197root 11241100x80000000000000003846767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c5483ca3351c2a2021-12-22 11:46:12.197root 11241100x80000000000000003846768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e0a14ccab7e2b02021-12-22 11:46:12.197root 11241100x80000000000000003846769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf17fecf5019b0d2021-12-22 11:46:12.198root 354300x80000000000000003846770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.248{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55428-false10.0.1.12-8000- 11241100x80000000000000003846771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a6b7b308704b782021-12-22 11:46:12.692root 11241100x80000000000000003846772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f3a2a73c3b692e2021-12-22 11:46:12.693root 11241100x80000000000000003846773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c228b80383e14ea02021-12-22 11:46:12.694root 11241100x80000000000000003846774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca5ba73113bd50a2021-12-22 11:46:12.694root 11241100x80000000000000003846775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2dcc7fbad039be62021-12-22 11:46:12.694root 11241100x80000000000000003846776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e742dd534a2b7afd2021-12-22 11:46:12.694root 11241100x80000000000000003846777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ac36da8fdf05612021-12-22 11:46:12.694root 11241100x80000000000000003846778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a583d90927c6642021-12-22 11:46:12.694root 11241100x80000000000000003846779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3224ad7c33b8616e2021-12-22 11:46:12.694root 11241100x80000000000000003846780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c669aec48ad7cc002021-12-22 11:46:12.695root 11241100x80000000000000003846781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eeab175b13843c92021-12-22 11:46:12.695root 11241100x80000000000000003846782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1d0993f0b4a7a32021-12-22 11:46:12.695root 11241100x80000000000000003846783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9cf7905d8f4de72021-12-22 11:46:12.695root 11241100x80000000000000003846784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc780db8f413c51e2021-12-22 11:46:12.695root 11241100x80000000000000003846785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799dc63871f3e1ef2021-12-22 11:46:12.695root 11241100x80000000000000003846786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ff942a219029692021-12-22 11:46:12.696root 11241100x80000000000000003846787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4697a89896f57d942021-12-22 11:46:12.696root 11241100x80000000000000003846788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05f58655acd1b8b2021-12-22 11:46:12.696root 11241100x80000000000000003846789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef4cfbda395b4432021-12-22 11:46:12.696root 11241100x80000000000000003846790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4483f18b3a987acb2021-12-22 11:46:12.696root 11241100x80000000000000003846791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669f1aec467582522021-12-22 11:46:12.696root 11241100x80000000000000003846792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41971fe294dd8872021-12-22 11:46:12.697root 11241100x80000000000000003846793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac0b23b96965d4f32021-12-22 11:46:12.697root 11241100x80000000000000003846794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e22318aa3dcedc2021-12-22 11:46:12.697root 11241100x80000000000000003846795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2084761480c075cc2021-12-22 11:46:12.697root 11241100x80000000000000003846796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919ac801382961ff2021-12-22 11:46:12.697root 11241100x80000000000000003846797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa5844f04e4588f2021-12-22 11:46:12.697root 11241100x80000000000000003846798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1be388e2cc57c082021-12-22 11:46:12.698root 11241100x80000000000000003846799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95dc795306b82212021-12-22 11:46:12.698root 11241100x80000000000000003846800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1690e0f5b49ea1a2021-12-22 11:46:13.193root 11241100x80000000000000003846801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0417dee88121e672021-12-22 11:46:13.193root 11241100x80000000000000003846802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822f57f5e3bc94312021-12-22 11:46:13.193root 11241100x80000000000000003846803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f954cf5f96901852021-12-22 11:46:13.193root 11241100x80000000000000003846804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8cd47a6991accbe2021-12-22 11:46:13.193root 11241100x80000000000000003846805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e76649144f0c3892021-12-22 11:46:13.193root 11241100x80000000000000003846806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c582dfab3fca49f22021-12-22 11:46:13.194root 11241100x80000000000000003846807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8d772da565ed442021-12-22 11:46:13.194root 11241100x80000000000000003846808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d139ff06a7e1e7e2021-12-22 11:46:13.194root 11241100x80000000000000003846809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89ab16debd50f852021-12-22 11:46:13.194root 11241100x80000000000000003846810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec35d48912d5799a2021-12-22 11:46:13.194root 11241100x80000000000000003846811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e6e56e22da5b572021-12-22 11:46:13.194root 11241100x80000000000000003846812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1b96f640475e0c2021-12-22 11:46:13.195root 11241100x80000000000000003846813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da917a9dd4c5883d2021-12-22 11:46:13.195root 11241100x80000000000000003846814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb90c35f1ffbc492021-12-22 11:46:13.195root 11241100x80000000000000003846815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d73e1a34ce298882021-12-22 11:46:13.195root 11241100x80000000000000003846816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82aa40117899c2602021-12-22 11:46:13.196root 11241100x80000000000000003846817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f33cd659bcba16c2021-12-22 11:46:13.196root 11241100x80000000000000003846818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55eb65788cc4d9202021-12-22 11:46:13.196root 11241100x80000000000000003846819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db859630a8842202021-12-22 11:46:13.197root 11241100x80000000000000003846820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f0119e4e41b3282021-12-22 11:46:13.197root 11241100x80000000000000003846821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dbefa4cff42ded32021-12-22 11:46:13.197root 11241100x80000000000000003846822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7dc4f66a50155112021-12-22 11:46:13.197root 11241100x80000000000000003846823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcdb50f35d2091042021-12-22 11:46:13.693root 11241100x80000000000000003846824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194209e25250ff8c2021-12-22 11:46:13.693root 11241100x80000000000000003846825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad5170b29d4e35f2021-12-22 11:46:13.694root 11241100x80000000000000003846826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b04d7e15fe805042021-12-22 11:46:13.694root 11241100x80000000000000003846827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176191480f4996862021-12-22 11:46:13.694root 11241100x80000000000000003846828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd3a7bc71e79fe32021-12-22 11:46:13.694root 11241100x80000000000000003846829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e478542de742272021-12-22 11:46:13.694root 11241100x80000000000000003846830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d238e98694933edf2021-12-22 11:46:13.694root 11241100x80000000000000003846831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5665bb606ab4e7c32021-12-22 11:46:13.694root 11241100x80000000000000003846832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709ccdcd2b1cb59c2021-12-22 11:46:13.695root 11241100x80000000000000003846833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aad80ade6601d892021-12-22 11:46:13.695root 11241100x80000000000000003846834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ac639feb5d1add2021-12-22 11:46:13.695root 11241100x80000000000000003846835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad4df416a93fd762021-12-22 11:46:13.695root 11241100x80000000000000003846836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a544a33c8d101a2021-12-22 11:46:13.695root 11241100x80000000000000003846837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a8a61fe220ac9e2021-12-22 11:46:13.695root 11241100x80000000000000003846838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317de89595aa5a432021-12-22 11:46:13.695root 11241100x80000000000000003846839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177c783e52b64cb92021-12-22 11:46:13.695root 11241100x80000000000000003846840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c577bcb62f690d2021-12-22 11:46:13.695root 11241100x80000000000000003846841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d19444ffccd2322021-12-22 11:46:13.695root 11241100x80000000000000003846842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213fdd710388cd7d2021-12-22 11:46:13.695root 11241100x80000000000000003846843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa90be3d7fb6f83e2021-12-22 11:46:13.696root 11241100x80000000000000003846844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f5b1c701abaeaf2021-12-22 11:46:13.696root 11241100x80000000000000003846845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e1c5ecad6f513e2021-12-22 11:46:14.193root 11241100x80000000000000003846846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cff3e54c11c73f02021-12-22 11:46:14.193root 11241100x80000000000000003846847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b06ddfb2444ca62021-12-22 11:46:14.193root 11241100x80000000000000003846848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff633842df7131a32021-12-22 11:46:14.194root 11241100x80000000000000003846849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4924debb12970f022021-12-22 11:46:14.194root 11241100x80000000000000003846850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f319993ee40abf2021-12-22 11:46:14.194root 11241100x80000000000000003846851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8314b72c4aae81002021-12-22 11:46:14.194root 11241100x80000000000000003846852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19cdd356d855b16f2021-12-22 11:46:14.194root 11241100x80000000000000003846853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97952ba65ef5a4dd2021-12-22 11:46:14.194root 11241100x80000000000000003846854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c23c1689e0989f2021-12-22 11:46:14.194root 11241100x80000000000000003846855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2974fdafa4a4e1452021-12-22 11:46:14.194root 11241100x80000000000000003846856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d96f63460834be2021-12-22 11:46:14.194root 11241100x80000000000000003846857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db08a13421b127af2021-12-22 11:46:14.194root 11241100x80000000000000003846858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc6cc3c094096f52021-12-22 11:46:14.195root 11241100x80000000000000003846859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11afdd8d6369ad62021-12-22 11:46:14.195root 11241100x80000000000000003846860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10203aee5539497f2021-12-22 11:46:14.195root 11241100x80000000000000003846861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bfaa41b6196ae912021-12-22 11:46:14.195root 11241100x80000000000000003846862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3287d5c551ad942021-12-22 11:46:14.195root 11241100x80000000000000003846863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848105649c2ea93c2021-12-22 11:46:14.196root 11241100x80000000000000003846864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ca17f3c8458d722021-12-22 11:46:14.196root 11241100x80000000000000003846865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682098d69f9613df2021-12-22 11:46:14.196root 11241100x80000000000000003846866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f39c5cd1dfbe912021-12-22 11:46:14.196root 11241100x80000000000000003846867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a48e7266e5851ea2021-12-22 11:46:14.693root 11241100x80000000000000003846868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8c4664fa7a8e5a2021-12-22 11:46:14.693root 11241100x80000000000000003846869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32f9673103396192021-12-22 11:46:14.693root 11241100x80000000000000003846870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eef55b27adda0ab2021-12-22 11:46:14.694root 11241100x80000000000000003846871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a6c2061ef95deb2021-12-22 11:46:14.694root 11241100x80000000000000003846872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f378023c402ac9962021-12-22 11:46:14.694root 11241100x80000000000000003846873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bdcff23da6f3652021-12-22 11:46:14.694root 11241100x80000000000000003846874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de72c1d2dfdc46b2021-12-22 11:46:14.694root 11241100x80000000000000003846875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd4c426dc08d5a92021-12-22 11:46:14.694root 11241100x80000000000000003846876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96dab9a2b898ebd82021-12-22 11:46:14.694root 11241100x80000000000000003846877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eec830f8225c20b2021-12-22 11:46:14.694root 11241100x80000000000000003846878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26af5d3625ef10732021-12-22 11:46:14.694root 11241100x80000000000000003846879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64af48be2d5a793d2021-12-22 11:46:14.694root 11241100x80000000000000003846880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3852cb7a01447422021-12-22 11:46:14.695root 11241100x80000000000000003846881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a665bd561c8d740c2021-12-22 11:46:14.695root 11241100x80000000000000003846882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f703c7f5031b28042021-12-22 11:46:14.695root 11241100x80000000000000003846883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa830f503273e272021-12-22 11:46:14.695root 11241100x80000000000000003846884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0dabd6f61185f6d2021-12-22 11:46:14.695root 11241100x80000000000000003846885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80cf6f29da1b8ce2021-12-22 11:46:14.695root 11241100x80000000000000003846886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3e1dd9c4efa6e02021-12-22 11:46:14.695root 11241100x80000000000000003846887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea92ba04cda47642021-12-22 11:46:14.695root 11241100x80000000000000003846888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2736d02b1f5296132021-12-22 11:46:14.695root 11241100x80000000000000003846889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73c3b85574670722021-12-22 11:46:15.193root 11241100x80000000000000003846890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a0a1ec5a6dcd322021-12-22 11:46:15.193root 11241100x80000000000000003846891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ead13b141d8fe12021-12-22 11:46:15.193root 11241100x80000000000000003846892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942b93d06814a8602021-12-22 11:46:15.193root 11241100x80000000000000003846893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc386c5b8346c292021-12-22 11:46:15.193root 11241100x80000000000000003846894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462e8d5fd50ca9772021-12-22 11:46:15.194root 11241100x80000000000000003846895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe1fd11d90853a32021-12-22 11:46:15.194root 11241100x80000000000000003846896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84d9c13d49571532021-12-22 11:46:15.194root 11241100x80000000000000003846897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99dbc5eac66db9b2021-12-22 11:46:15.194root 11241100x80000000000000003846898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5316108ca5fb6c432021-12-22 11:46:15.194root 11241100x80000000000000003846899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efcd656b94ce86ad2021-12-22 11:46:15.195root 11241100x80000000000000003846900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0d559af36de9772021-12-22 11:46:15.195root 11241100x80000000000000003846901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513a87cd548630862021-12-22 11:46:15.195root 11241100x80000000000000003846902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bebf4269971beb2021-12-22 11:46:15.195root 11241100x80000000000000003846903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a3f996f9cea0fc2021-12-22 11:46:15.196root 11241100x80000000000000003846904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f73222b6e31750c2021-12-22 11:46:15.196root 11241100x80000000000000003846905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2201ec9f60300ba2021-12-22 11:46:15.196root 11241100x80000000000000003846906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b57029f6c24f162021-12-22 11:46:15.196root 11241100x80000000000000003846907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2e3dd59a4472482021-12-22 11:46:15.197root 11241100x80000000000000003846908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3fc9e18b09b2eb72021-12-22 11:46:15.197root 11241100x80000000000000003846909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25359e0e19e72b0c2021-12-22 11:46:15.197root 11241100x80000000000000003846910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749c04c7b8cdbc822021-12-22 11:46:15.197root 11241100x80000000000000003846911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2c1305dbf1c0e42021-12-22 11:46:15.693root 11241100x80000000000000003846912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a440495b27dfb762021-12-22 11:46:15.694root 11241100x80000000000000003846913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d28752f9d845ceb2021-12-22 11:46:15.694root 11241100x80000000000000003846914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48a48217e1f73ed2021-12-22 11:46:15.694root 11241100x80000000000000003846915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce4c9b5bac633d52021-12-22 11:46:15.694root 11241100x80000000000000003846916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8452a6ff5b330212021-12-22 11:46:15.694root 11241100x80000000000000003846917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7102f1c7a2f5d5602021-12-22 11:46:15.694root 11241100x80000000000000003846918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a5ebab701d749652021-12-22 11:46:15.694root 11241100x80000000000000003846919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a049551541310b312021-12-22 11:46:15.694root 11241100x80000000000000003846920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36eb4cbb9b3b38a72021-12-22 11:46:15.694root 11241100x80000000000000003846921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047486ed04dfb3ac2021-12-22 11:46:15.695root 11241100x80000000000000003846922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d165cdb7e9a5f52021-12-22 11:46:15.695root 11241100x80000000000000003846923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabfa4b94a3fa3ed2021-12-22 11:46:15.695root 11241100x80000000000000003846924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6a3ad19ebf1e1f2021-12-22 11:46:15.695root 11241100x80000000000000003846925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7beb81691f25292c2021-12-22 11:46:15.695root 11241100x80000000000000003846926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73e029e722069a02021-12-22 11:46:15.695root 11241100x80000000000000003846927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce65035e323a8452021-12-22 11:46:15.695root 11241100x80000000000000003846928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9152d316ae43f6cd2021-12-22 11:46:15.695root 11241100x80000000000000003846929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf64a18b2c9d39d32021-12-22 11:46:15.695root 11241100x80000000000000003846930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8bf9b643ac47912021-12-22 11:46:15.695root 11241100x80000000000000003846931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9644919b3d3b7a212021-12-22 11:46:15.696root 11241100x80000000000000003846932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d8df75b35d65f12021-12-22 11:46:15.696root 11241100x80000000000000003846933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d5b3ab08239ef82021-12-22 11:46:16.193root 11241100x80000000000000003846934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659e15c76c2becf92021-12-22 11:46:16.193root 11241100x80000000000000003846935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a93ae4e4fabcf9d2021-12-22 11:46:16.193root 11241100x80000000000000003846936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0969c3baff9313922021-12-22 11:46:16.194root 11241100x80000000000000003846937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9eeab6f9a29a2132021-12-22 11:46:16.194root 11241100x80000000000000003846938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011fa7c6745554052021-12-22 11:46:16.194root 11241100x80000000000000003846939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45523eebad776e682021-12-22 11:46:16.194root 11241100x80000000000000003846940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b8c5405efd78272021-12-22 11:46:16.194root 11241100x80000000000000003846941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761a4279b2db61cc2021-12-22 11:46:16.194root 11241100x80000000000000003846942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b313e6f5cc99a12021-12-22 11:46:16.194root 11241100x80000000000000003846943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda7a40d223635a82021-12-22 11:46:16.194root 11241100x80000000000000003846944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a43d55f21ce06e42021-12-22 11:46:16.194root 11241100x80000000000000003846945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462afeaf44fbebe92021-12-22 11:46:16.195root 11241100x80000000000000003846946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36cd2638e96013202021-12-22 11:46:16.195root 11241100x80000000000000003846947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27af76cc84945f3c2021-12-22 11:46:16.195root 11241100x80000000000000003846948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f82e367bdbe0502021-12-22 11:46:16.195root 11241100x80000000000000003846949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e582ab057051b3e2021-12-22 11:46:16.195root 11241100x80000000000000003846950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f873290149f41e22021-12-22 11:46:16.195root 11241100x80000000000000003846951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b983f1fe4495f82021-12-22 11:46:16.195root 11241100x80000000000000003846952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeec7ac6877c53f42021-12-22 11:46:16.195root 11241100x80000000000000003846953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11524dbc3fc04de2021-12-22 11:46:16.195root 11241100x80000000000000003846954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1eaaeb3eade6ae2021-12-22 11:46:16.196root 11241100x80000000000000003846955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b583f0bfb55fe462021-12-22 11:46:16.692root 11241100x80000000000000003846956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18f9193f0babf772021-12-22 11:46:16.693root 11241100x80000000000000003846957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6980c382f65f37c82021-12-22 11:46:16.693root 11241100x80000000000000003846958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa70a15ef7df3822021-12-22 11:46:16.693root 11241100x80000000000000003846959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73fe2cd838bc08ca2021-12-22 11:46:16.693root 11241100x80000000000000003846960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a439f51e61b4f32021-12-22 11:46:16.694root 11241100x80000000000000003846961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdddb42cb967c1712021-12-22 11:46:16.694root 11241100x80000000000000003846962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ba346bea1c34292021-12-22 11:46:16.694root 11241100x80000000000000003846963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d55f6b397eb6be72021-12-22 11:46:16.695root 11241100x80000000000000003846964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c0a5cd720ef66e2021-12-22 11:46:16.695root 11241100x80000000000000003846965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2c23649eb35f952021-12-22 11:46:16.695root 11241100x80000000000000003846966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8653601f2fdc5b4a2021-12-22 11:46:16.695root 11241100x80000000000000003846967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e9048cb51e4a762021-12-22 11:46:16.695root 11241100x80000000000000003846968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d525d62dbb739b2021-12-22 11:46:16.695root 11241100x80000000000000003846969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ec5aa9474e96f32021-12-22 11:46:16.696root 11241100x80000000000000003846970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc723a8276b850532021-12-22 11:46:16.696root 11241100x80000000000000003846971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4832547237db26fe2021-12-22 11:46:16.697root 11241100x80000000000000003846972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941c5539a1a672d02021-12-22 11:46:16.697root 11241100x80000000000000003846973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a39346d33f5b3b2021-12-22 11:46:16.698root 11241100x80000000000000003846974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee62b5fcf11922942021-12-22 11:46:16.698root 11241100x80000000000000003846975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e28da5ccfa9e2c2021-12-22 11:46:16.698root 11241100x80000000000000003846976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb117755eb68e3a2021-12-22 11:46:16.698root 11241100x80000000000000003846977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23169a7ebd815ff32021-12-22 11:46:16.699root 11241100x80000000000000003846978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8195bfa83673940d2021-12-22 11:46:16.701root 11241100x80000000000000003846979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e9b0c2c248aa332021-12-22 11:46:17.193root 11241100x80000000000000003846980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bfa02ebca511202021-12-22 11:46:17.193root 11241100x80000000000000003846981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af391e69b4df88d22021-12-22 11:46:17.193root 11241100x80000000000000003846982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7722e7bfd77e0f622021-12-22 11:46:17.193root 11241100x80000000000000003846983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6fd93b1f7512dc2021-12-22 11:46:17.193root 11241100x80000000000000003846984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00edc9d2c4984d302021-12-22 11:46:17.194root 11241100x80000000000000003846985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52916c4b7a0bd14b2021-12-22 11:46:17.194root 11241100x80000000000000003846986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ba433431bb302b2021-12-22 11:46:17.194root 11241100x80000000000000003846987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154b6efc88e0796e2021-12-22 11:46:17.195root 11241100x80000000000000003846988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c616eeb1dbe061bd2021-12-22 11:46:17.195root 11241100x80000000000000003846989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481f9e02a07d973a2021-12-22 11:46:17.195root 11241100x80000000000000003846990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debd28a915db74db2021-12-22 11:46:17.195root 11241100x80000000000000003846991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b8519d89d66b1a2021-12-22 11:46:17.196root 11241100x80000000000000003846992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81b00cd79effb2e2021-12-22 11:46:17.196root 11241100x80000000000000003846993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25326cfc4f2e47ab2021-12-22 11:46:17.196root 11241100x80000000000000003846994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d598d361e6f06ec92021-12-22 11:46:17.196root 11241100x80000000000000003846995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8ac012a56ac01a2021-12-22 11:46:17.196root 11241100x80000000000000003846996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de504438dfea8ce2021-12-22 11:46:17.196root 11241100x80000000000000003846997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d6ce380e1208772021-12-22 11:46:17.196root 11241100x80000000000000003846998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b86109331633122021-12-22 11:46:17.196root 11241100x80000000000000003846999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b0cd0aa63a85382021-12-22 11:46:17.196root 11241100x80000000000000003847000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abe208213eaa7b02021-12-22 11:46:17.197root 11241100x80000000000000003847001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a8462bae2ee7de2021-12-22 11:46:17.197root 11241100x80000000000000003847002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9acc32805303dfb2021-12-22 11:46:17.693root 11241100x80000000000000003847003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c82bc9bfbc7ed772021-12-22 11:46:17.693root 11241100x80000000000000003847004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377019d338ff69052021-12-22 11:46:17.693root 11241100x80000000000000003847005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31c6c00beaf9d282021-12-22 11:46:17.693root 11241100x80000000000000003847006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ec76c2a93380f32021-12-22 11:46:17.694root 11241100x80000000000000003847007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d84bef139c4392a2021-12-22 11:46:17.694root 11241100x80000000000000003847008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ea6bb5347482052021-12-22 11:46:17.694root 11241100x80000000000000003847009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c262722222fffaf2021-12-22 11:46:17.694root 11241100x80000000000000003847010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378be8401957d5582021-12-22 11:46:17.695root 11241100x80000000000000003847011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff70417fde8fb5d2021-12-22 11:46:17.695root 11241100x80000000000000003847012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74250d3c42da286a2021-12-22 11:46:17.695root 11241100x80000000000000003847013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59716980cafef002021-12-22 11:46:17.695root 11241100x80000000000000003847014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd4da35562c46aa2021-12-22 11:46:17.695root 11241100x80000000000000003847015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff7a5f686887c262021-12-22 11:46:17.695root 11241100x80000000000000003847016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9319c72b34237b0a2021-12-22 11:46:17.696root 11241100x80000000000000003847017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc342d331f3513822021-12-22 11:46:17.696root 11241100x80000000000000003847018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4596ae053328672021-12-22 11:46:17.696root 11241100x80000000000000003847019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c92ea3d71f5dfa02021-12-22 11:46:17.696root 11241100x80000000000000003847020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25be96a23e474702021-12-22 11:46:17.697root 11241100x80000000000000003847021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd02fc70a67172f2021-12-22 11:46:17.697root 11241100x80000000000000003847022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba25f70562ee4b32021-12-22 11:46:17.697root 11241100x80000000000000003847023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04fe913aaf9f01932021-12-22 11:46:17.698root 11241100x80000000000000003847024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c2ef82ec2609d22021-12-22 11:46:17.699root 11241100x80000000000000003847025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33c88b3f187ba172021-12-22 11:46:17.699root 354300x80000000000000003847026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.141{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55430-false10.0.1.12-8000- 11241100x80000000000000003847027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd54f94c740284c2021-12-22 11:46:18.142root 11241100x80000000000000003847028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a84358f65999c82021-12-22 11:46:18.142root 11241100x80000000000000003847029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34a45e597ad11072021-12-22 11:46:18.142root 11241100x80000000000000003847030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3c9e702b5d4b9e2021-12-22 11:46:18.143root 11241100x80000000000000003847031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aee8308f42e7d3a2021-12-22 11:46:18.143root 11241100x80000000000000003847032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d47ac9a5bea9872021-12-22 11:46:18.143root 11241100x80000000000000003847033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ef74718f090c992021-12-22 11:46:18.143root 11241100x80000000000000003847034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa64504eb6099ba2021-12-22 11:46:18.143root 11241100x80000000000000003847035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd7a1bb143b50412021-12-22 11:46:18.143root 11241100x80000000000000003847036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af42cd3e2a560b262021-12-22 11:46:18.143root 11241100x80000000000000003847037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1aedbbaba7cabd2021-12-22 11:46:18.143root 11241100x80000000000000003847038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d2fcbf5e4a62412021-12-22 11:46:18.143root 11241100x80000000000000003847039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83c67cd2e6811c62021-12-22 11:46:18.143root 11241100x80000000000000003847040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76605820114626782021-12-22 11:46:18.143root 11241100x80000000000000003847041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5891e30385cb56dd2021-12-22 11:46:18.143root 11241100x80000000000000003847042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48fc76093b3915972021-12-22 11:46:18.144root 11241100x80000000000000003847043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff91448c5805214c2021-12-22 11:46:18.144root 11241100x80000000000000003847044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124b4315c70fc7112021-12-22 11:46:18.144root 11241100x80000000000000003847045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8754802630090642021-12-22 11:46:18.144root 11241100x80000000000000003847046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaea04be6abf23552021-12-22 11:46:18.144root 11241100x80000000000000003847047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c2af1673b214c52021-12-22 11:46:18.144root 11241100x80000000000000003847048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4178ff855cf7e0502021-12-22 11:46:18.144root 11241100x80000000000000003847049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f011916ea0ad1f2021-12-22 11:46:18.144root 11241100x80000000000000003847050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9853b0186340bd22021-12-22 11:46:18.145root 11241100x80000000000000003847051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93c395d398ac53a2021-12-22 11:46:18.145root 11241100x80000000000000003847052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c09c0d73303f9d92021-12-22 11:46:18.145root 11241100x80000000000000003847053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770f1ae80008697e2021-12-22 11:46:18.145root 11241100x80000000000000003847054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5db41b1d9987f02021-12-22 11:46:18.145root 11241100x80000000000000003847055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541ce131efd7b49e2021-12-22 11:46:18.145root 11241100x80000000000000003847056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.148{ec2b6afe-9233-61c1-c81a-006eee550000}454/lib/systemd/systemd-journald/var/log/journal/ec2b6afe52f9882cff7bf7f0661ea563/system.journal2021-12-22 11:46:18.148root 11241100x80000000000000003847057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2eeb015a49927a2021-12-22 11:46:18.149root 11241100x80000000000000003847058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e55f21a36638e7a2021-12-22 11:46:18.150root 11241100x80000000000000003847059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6e2db552447cbc2021-12-22 11:46:18.150root 11241100x80000000000000003847060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36059d173f62beb72021-12-22 11:46:18.150root 11241100x80000000000000003847061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e44e76d78302c942021-12-22 11:46:18.150root 11241100x80000000000000003847062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4d7d82add57fb32021-12-22 11:46:18.150root 11241100x80000000000000003847063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ccb9ecf5f32eb92021-12-22 11:46:18.150root 11241100x80000000000000003847064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5721f02c862db3492021-12-22 11:46:18.151root 11241100x80000000000000003847065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d760041baf270c302021-12-22 11:46:18.151root 11241100x80000000000000003847066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93839595fb658552021-12-22 11:46:18.151root 11241100x80000000000000003847067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278a77a0c1287b982021-12-22 11:46:18.151root 11241100x80000000000000003847068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6591ab990307e6e42021-12-22 11:46:18.151root 11241100x80000000000000003847069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fef675aeeb290be2021-12-22 11:46:18.151root 11241100x80000000000000003847070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606ed14c5a63758d2021-12-22 11:46:18.151root 11241100x80000000000000003847071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e94b714db05e7d2021-12-22 11:46:18.151root 11241100x80000000000000003847072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978c669f1e608ad12021-12-22 11:46:18.151root 11241100x80000000000000003847073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c31915907bfefe32021-12-22 11:46:18.151root 11241100x80000000000000003847074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641778ad2d1e78cc2021-12-22 11:46:18.151root 11241100x80000000000000003847075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4011e8e48c922d462021-12-22 11:46:18.151root 11241100x80000000000000003847076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.156{ec2b6afe-9233-61c1-c81a-006eee550000}454/lib/systemd/systemd-journald/var/log/journal/ec2b6afe52f9882cff7bf7f0661ea563/user-1000.journal2021-12-22 11:46:18.156root 23542300x80000000000000003847077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.170{ec2b6afe-9233-61c1-c81a-006eee550000}454root/lib/systemd/systemd-journald/var/log/journal/ec2b6afe52f9882cff7bf7f0661ea563/user-1000@23a4030a05c14f4487fe6448e1318b5d-0000000000000000-0000000000000000.journal--- 23542300x80000000000000003847078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.170{ec2b6afe-9233-61c1-c81a-006eee550000}454root/lib/systemd/systemd-journald/var/log/journal/ec2b6afe52f9882cff7bf7f0661ea563/system@4af434efcfd14cd9a23dd2a5a29b6b88-000000000031b7fe-0005d3b77108ddc6.journal--- 11241100x80000000000000003847079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.184{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65f2e07ce1d7f692021-12-22 11:46:18.184root 11241100x80000000000000003847080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.184{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f32736043cef1e02021-12-22 11:46:18.184root 11241100x80000000000000003847081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0a5dbdfcd162622021-12-22 11:46:18.185root 11241100x80000000000000003847082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4787fadf00702d12021-12-22 11:46:18.185root 11241100x80000000000000003847083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46bc947c36863a932021-12-22 11:46:18.185root 11241100x80000000000000003847084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3049b07f7d350ee82021-12-22 11:46:18.185root 11241100x80000000000000003847085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb81cdc9707cf8ea2021-12-22 11:46:18.185root 11241100x80000000000000003847086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05555105bc85362a2021-12-22 11:46:18.185root 11241100x80000000000000003847087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc346ae8556e515b2021-12-22 11:46:18.186root 11241100x80000000000000003847088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1397a0e924218d9a2021-12-22 11:46:18.186root 11241100x80000000000000003847089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8aa2b03acf7e2d2021-12-22 11:46:18.186root 11241100x80000000000000003847090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4673e10ba41e8e122021-12-22 11:46:18.186root 11241100x80000000000000003847091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe08822052b0ebe2021-12-22 11:46:18.186root 11241100x80000000000000003847092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12b5321a6a5f2542021-12-22 11:46:18.186root 11241100x80000000000000003847093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ce85f7de5c29092021-12-22 11:46:18.186root 11241100x80000000000000003847094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001c76ffe1ec53ed2021-12-22 11:46:18.186root 11241100x80000000000000003847095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c745acca862ab9f2021-12-22 11:46:18.186root 11241100x80000000000000003847096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17cc5c66916365e2021-12-22 11:46:18.186root 11241100x80000000000000003847097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a1fa0de309c4962021-12-22 11:46:18.187root 11241100x80000000000000003847098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585b9e016eafbf322021-12-22 11:46:18.187root 11241100x80000000000000003847099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356ba52bfb53a5872021-12-22 11:46:18.187root 11241100x80000000000000003847100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332f05c69e498ec92021-12-22 11:46:18.187root 11241100x80000000000000003847101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945bbf6b7f4f17402021-12-22 11:46:18.187root 11241100x80000000000000003847102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b0c6ef8839c4a62021-12-22 11:46:18.187root 11241100x80000000000000003847103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57cd55fa390b65232021-12-22 11:46:18.187root 11241100x80000000000000003847104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec1481cfb473e862021-12-22 11:46:18.187root 11241100x80000000000000003847105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437338ce819ea7ac2021-12-22 11:46:18.187root 11241100x80000000000000003847106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fcbb6150e5521c72021-12-22 11:46:18.187root 11241100x80000000000000003847107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7ea0b80a11bf322021-12-22 11:46:18.187root 534500x80000000000000003847108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.205{ec2b6afe-9233-61c1-c81a-006eee550000}454/lib/systemd/systemd-journaldroot 11241100x80000000000000003847109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216d1d78f3aab4332021-12-22 11:46:18.442root 11241100x80000000000000003847110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d4fe0c434d2a012021-12-22 11:46:18.443root 11241100x80000000000000003847111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744771d1e15414982021-12-22 11:46:18.443root 11241100x80000000000000003847112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40407b924aa97eda2021-12-22 11:46:18.443root 11241100x80000000000000003847113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da150ad13109a6e2021-12-22 11:46:18.443root 11241100x80000000000000003847114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bad01b60fa401992021-12-22 11:46:18.443root 11241100x80000000000000003847115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abd0ea09939d3ec2021-12-22 11:46:18.443root 11241100x80000000000000003847116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980f7d969dd514a02021-12-22 11:46:18.444root 11241100x80000000000000003847117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b265dac19ba33e082021-12-22 11:46:18.444root 11241100x80000000000000003847118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d94ae7144d75102021-12-22 11:46:18.444root 11241100x80000000000000003847119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad66ac82e8e8a532021-12-22 11:46:18.444root 11241100x80000000000000003847120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e74d43c97d250642021-12-22 11:46:18.444root 11241100x80000000000000003847121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6155278e19634a292021-12-22 11:46:18.445root 11241100x80000000000000003847122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2d03ea5d0e4d522021-12-22 11:46:18.445root 11241100x80000000000000003847123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef31cf0b6cab29562021-12-22 11:46:18.445root 11241100x80000000000000003847124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c971ce7d792e172021-12-22 11:46:18.445root 11241100x80000000000000003847125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec482bca319985f52021-12-22 11:46:18.445root 11241100x80000000000000003847126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a745cefa514fce2021-12-22 11:46:18.446root 11241100x80000000000000003847127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19e3c8bfcaf735f2021-12-22 11:46:18.446root 11241100x80000000000000003847128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e0998e8846e3002021-12-22 11:46:18.446root 11241100x80000000000000003847129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5a00c197c01e0d2021-12-22 11:46:18.446root 11241100x80000000000000003847130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b09a5dc5c77fd672021-12-22 11:46:18.446root 11241100x80000000000000003847131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8679c8ffb4334b2021-12-22 11:46:18.446root 11241100x80000000000000003847132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31dc46d25dd0a3f02021-12-22 11:46:18.446root 11241100x80000000000000003847133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714f38e50d02b3452021-12-22 11:46:18.447root 11241100x80000000000000003847134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb2d9a76289d2b52021-12-22 11:46:18.447root 11241100x80000000000000003847135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114f086f4f988c5b2021-12-22 11:46:18.447root 11241100x80000000000000003847136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028979eae65363432021-12-22 11:46:18.447root 11241100x80000000000000003847137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d35cfaa4c3a3c02021-12-22 11:46:18.447root 11241100x80000000000000003847138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692bc895f8e939df2021-12-22 11:46:18.447root 11241100x80000000000000003847139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5221387e543e1b2021-12-22 11:46:18.447root 11241100x80000000000000003847140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6c73f6ca9b516f2021-12-22 11:46:18.447root 11241100x80000000000000003847141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad384de3d9d96cdd2021-12-22 11:46:18.448root 11241100x80000000000000003847142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6080cee5f50543652021-12-22 11:46:18.448root 11241100x80000000000000003847143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40f10094af09d9d2021-12-22 11:46:18.448root 11241100x80000000000000003847144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37000a4fd17e68f22021-12-22 11:46:18.448root 11241100x80000000000000003847145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f584ce1c990abf82021-12-22 11:46:18.448root 11241100x80000000000000003847146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2021c2c49610d62021-12-22 11:46:18.448root 11241100x80000000000000003847147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b0898a5f0322bd2021-12-22 11:46:18.448root 11241100x80000000000000003847148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab3430b6da1c01d2021-12-22 11:46:18.448root 11241100x80000000000000003847149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f8c3006f95a48c2021-12-22 11:46:18.449root 11241100x80000000000000003847150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63501343a00228f2021-12-22 11:46:18.449root 11241100x80000000000000003847151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0adcaca84fc2589e2021-12-22 11:46:18.449root 11241100x80000000000000003847152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1926ea5f508425852021-12-22 11:46:18.449root 11241100x80000000000000003847153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51390e6c4095e4122021-12-22 11:46:18.449root 11241100x80000000000000003847154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633c463f4dbab3182021-12-22 11:46:18.449root 11241100x80000000000000003847155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b59457a6cba2ce2021-12-22 11:46:18.450root 11241100x80000000000000003847156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f11deba454e1ed22021-12-22 11:46:18.450root 11241100x80000000000000003847157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a1ff365e749a9e2021-12-22 11:46:18.450root 11241100x80000000000000003847158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d790f99437d0d9692021-12-22 11:46:18.450root 11241100x80000000000000003847159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529acc5093ab43f32021-12-22 11:46:18.450root 11241100x80000000000000003847160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609380f401a7ac0e2021-12-22 11:46:18.450root 11241100x80000000000000003847161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81110200b00bf5092021-12-22 11:46:18.450root 11241100x80000000000000003847162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf70a1724695c3b2021-12-22 11:46:18.451root 11241100x80000000000000003847163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172ab4d3ee0634b32021-12-22 11:46:18.451root 11241100x80000000000000003847164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca44abb5cecd8b302021-12-22 11:46:18.451root 11241100x80000000000000003847165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8502a549ee5a3adb2021-12-22 11:46:18.451root 11241100x80000000000000003847166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ecdcb15bcba6a552021-12-22 11:46:18.451root 11241100x80000000000000003847167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4a21a4d84c2c392021-12-22 11:46:18.451root 11241100x80000000000000003847168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5862fcec9d6d7d2021-12-22 11:46:18.451root 11241100x80000000000000003847169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b34bf4f2c7bf3972021-12-22 11:46:18.451root 11241100x80000000000000003847170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479c693f6530c7ba2021-12-22 11:46:18.451root 11241100x80000000000000003847171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b0c63a4be5f7972021-12-22 11:46:18.451root 11241100x80000000000000003847172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fba8c86986b1072021-12-22 11:46:18.451root 11241100x80000000000000003847173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1990166ac00240062021-12-22 11:46:18.451root 11241100x80000000000000003847174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fefc56591f963e612021-12-22 11:46:18.451root 11241100x80000000000000003847175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b687f0765970d2bb2021-12-22 11:46:18.451root 11241100x80000000000000003847176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538e0d62474cb0fe2021-12-22 11:46:18.451root 11241100x80000000000000003847177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f94bb9718ddefc2021-12-22 11:46:18.452root 11241100x80000000000000003847178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ee3dc936eb84022021-12-22 11:46:18.452root 11241100x80000000000000003847179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44ca7bb08d013c12021-12-22 11:46:18.452root 11241100x80000000000000003847180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1ef94581afb90d2021-12-22 11:46:18.452root 11241100x80000000000000003847181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f57a356f3788512021-12-22 11:46:18.452root 11241100x80000000000000003847182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2c984b4cdb43502021-12-22 11:46:18.452root 11241100x80000000000000003847183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f187048a96e15e8f2021-12-22 11:46:18.452root 11241100x80000000000000003847184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8533016a771fefb52021-12-22 11:46:18.452root 11241100x80000000000000003847185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8796289a48a80432021-12-22 11:46:18.452root 11241100x80000000000000003847186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1034d0fecb47dd2021-12-22 11:46:18.452root 11241100x80000000000000003847187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0409a6372c83b12021-12-22 11:46:18.452root 11241100x80000000000000003847188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a670a071fcd7b12021-12-22 11:46:18.453root 11241100x80000000000000003847189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc8c4083b3fa65f2021-12-22 11:46:18.453root 11241100x80000000000000003847190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d014788088c60e32021-12-22 11:46:18.453root 11241100x80000000000000003847191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c3fe1e21f6c9cd2021-12-22 11:46:18.453root 11241100x80000000000000003847192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae012cca20081b022021-12-22 11:46:18.453root 11241100x80000000000000003847193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f2858a04ff25d32021-12-22 11:46:18.453root 11241100x80000000000000003847194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b59d0e1ba99f162021-12-22 11:46:18.453root 11241100x80000000000000003847195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8025ca3a54ffbe182021-12-22 11:46:18.453root 11241100x80000000000000003847196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64b3f352e31156e2021-12-22 11:46:18.453root 11241100x80000000000000003847197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a30030eb4dc6d512021-12-22 11:46:18.454root 11241100x80000000000000003847198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0acff8ae4618c62021-12-22 11:46:18.454root 11241100x80000000000000003847199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b08d4ad08051292021-12-22 11:46:18.454root 11241100x80000000000000003847200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78391b331b9360a02021-12-22 11:46:18.943root 11241100x80000000000000003847201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa46e25e74d3cb822021-12-22 11:46:18.943root 11241100x80000000000000003847202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844d4731340fb57b2021-12-22 11:46:18.943root 11241100x80000000000000003847203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ebcf2b2229d04712021-12-22 11:46:18.943root 11241100x80000000000000003847204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872a6b8ad2fc30ff2021-12-22 11:46:18.943root 11241100x80000000000000003847205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4134e46055c2b8bd2021-12-22 11:46:18.943root 11241100x80000000000000003847206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f41cbeeb4d1b562021-12-22 11:46:18.943root 11241100x80000000000000003847207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23a2652e5d7ee752021-12-22 11:46:18.943root 11241100x80000000000000003847208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c819f9df750cf09a2021-12-22 11:46:18.944root 11241100x80000000000000003847209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66aa3306cd6c56432021-12-22 11:46:18.944root 11241100x80000000000000003847210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28eb87998adbc7952021-12-22 11:46:18.944root 11241100x80000000000000003847211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e27cc70ac044132021-12-22 11:46:18.944root 11241100x80000000000000003847212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc428f6fb97196aa2021-12-22 11:46:18.944root 11241100x80000000000000003847213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e14113b7fc0847c2021-12-22 11:46:18.944root 11241100x80000000000000003847214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8193a943f50d04d72021-12-22 11:46:18.944root 11241100x80000000000000003847215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f324d17fcf98722021-12-22 11:46:18.944root 11241100x80000000000000003847216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0769f1d5ea6ac9cd2021-12-22 11:46:18.944root 11241100x80000000000000003847217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158b8c2c2ed802f02021-12-22 11:46:18.944root 11241100x80000000000000003847218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8735c953cc50d53f2021-12-22 11:46:18.944root 11241100x80000000000000003847219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024e34fa74cc3a9f2021-12-22 11:46:18.944root 11241100x80000000000000003847220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b71d1cb7cee2ad2021-12-22 11:46:18.945root 11241100x80000000000000003847221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f4c359bc10d7ef2021-12-22 11:46:18.945root 11241100x80000000000000003847222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97883d2942a59cd32021-12-22 11:46:18.945root 11241100x80000000000000003847223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2450cb97cdfe20302021-12-22 11:46:18.945root 11241100x80000000000000003847224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24e477a4b2d0fcb2021-12-22 11:46:18.945root 11241100x80000000000000003847225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904180e957df4cd62021-12-22 11:46:18.945root 11241100x80000000000000003847226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245557c7ea11fff52021-12-22 11:46:18.945root 11241100x80000000000000003847227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b891b470e02873362021-12-22 11:46:18.945root 11241100x80000000000000003847228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50addcdea3fcbb472021-12-22 11:46:18.945root 11241100x80000000000000003847229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90617a8e9922c19e2021-12-22 11:46:19.443root 11241100x80000000000000003847230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9edd6bae2042242021-12-22 11:46:19.443root 11241100x80000000000000003847231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db6f511c0a97a632021-12-22 11:46:19.443root 11241100x80000000000000003847232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2151b6eb575ae7212021-12-22 11:46:19.443root 11241100x80000000000000003847233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0beaedade0e1ce2b2021-12-22 11:46:19.443root 11241100x80000000000000003847234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1afdc057c80e1f2021-12-22 11:46:19.443root 11241100x80000000000000003847235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d0e3a62624d31d2021-12-22 11:46:19.443root 11241100x80000000000000003847236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0049165d08fdb3622021-12-22 11:46:19.443root 11241100x80000000000000003847237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f3941afae660d12021-12-22 11:46:19.443root 11241100x80000000000000003847238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5724fe4c4f99d0b32021-12-22 11:46:19.444root 11241100x80000000000000003847239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ddd35ee1815f3de2021-12-22 11:46:19.444root 11241100x80000000000000003847240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e29ae02989c8c642021-12-22 11:46:19.444root 11241100x80000000000000003847241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27ec7a0ab5c59462021-12-22 11:46:19.444root 11241100x80000000000000003847242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6d2dc9b026d9692021-12-22 11:46:19.444root 11241100x80000000000000003847243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab452a2229561e42021-12-22 11:46:19.444root 11241100x80000000000000003847244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93497716b5fccce62021-12-22 11:46:19.444root 11241100x80000000000000003847245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ef1db273c4452a2021-12-22 11:46:19.444root 11241100x80000000000000003847246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c3a30ab5fe49f42021-12-22 11:46:19.444root 11241100x80000000000000003847247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cdc9cdd162c27412021-12-22 11:46:19.445root 11241100x80000000000000003847248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1be3800891274f42021-12-22 11:46:19.445root 11241100x80000000000000003847249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b0ce65701052bd2021-12-22 11:46:19.445root 11241100x80000000000000003847250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575c3b8a296d282e2021-12-22 11:46:19.445root 11241100x80000000000000003847251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53a22f505b1c7a32021-12-22 11:46:19.445root 11241100x80000000000000003847252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92722d44aaebea12021-12-22 11:46:19.445root 11241100x80000000000000003847253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d913be4b6ed73b2021-12-22 11:46:19.445root 11241100x80000000000000003847254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efcebab28221a52d2021-12-22 11:46:19.445root 11241100x80000000000000003847255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970c81944fb357cc2021-12-22 11:46:19.446root 11241100x80000000000000003847256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fbd60080b3986b72021-12-22 11:46:19.446root 11241100x80000000000000003847257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adff433dbb48b0542021-12-22 11:46:19.447root 11241100x80000000000000003847258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ee7a4b269309752021-12-22 11:46:19.447root 11241100x80000000000000003847259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa1244d2161b50e2021-12-22 11:46:19.447root 11241100x80000000000000003847260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69162a31e38482022021-12-22 11:46:19.943root 11241100x80000000000000003847261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc4c2acb1ab95122021-12-22 11:46:19.943root 11241100x80000000000000003847262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e462b38583b85c2021-12-22 11:46:19.943root 11241100x80000000000000003847263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c109837212b794b02021-12-22 11:46:19.943root 11241100x80000000000000003847264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31408c2f5d910a162021-12-22 11:46:19.943root 11241100x80000000000000003847265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35cd8d1c17cc4882021-12-22 11:46:19.943root 11241100x80000000000000003847266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b40e04b12ef8372021-12-22 11:46:19.943root 11241100x80000000000000003847267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9a2b7b2e46650e2021-12-22 11:46:19.944root 11241100x80000000000000003847268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6623df523dc91cc72021-12-22 11:46:19.944root 11241100x80000000000000003847269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401d5c61ad1843fd2021-12-22 11:46:19.944root 11241100x80000000000000003847270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16366ccf46e08bf52021-12-22 11:46:19.944root 11241100x80000000000000003847271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed496a3c348b3952021-12-22 11:46:19.944root 11241100x80000000000000003847272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e099f1b8c714262021-12-22 11:46:19.944root 11241100x80000000000000003847273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de7cfbac6c478992021-12-22 11:46:19.944root 11241100x80000000000000003847274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57774b10c73f7c872021-12-22 11:46:19.944root 11241100x80000000000000003847275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2c7d0fe3c86bdf2021-12-22 11:46:19.944root 11241100x80000000000000003847276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53946dde120fa982021-12-22 11:46:19.944root 11241100x80000000000000003847277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059c6db1613841792021-12-22 11:46:19.944root 11241100x80000000000000003847278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990010bc301f7a962021-12-22 11:46:19.945root 11241100x80000000000000003847279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab630a5a706707542021-12-22 11:46:19.945root 11241100x80000000000000003847280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d50af7feb4a5a242021-12-22 11:46:19.945root 11241100x80000000000000003847281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c48444f5eee0fd2021-12-22 11:46:19.945root 11241100x80000000000000003847282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed937f1d1ab7dda2021-12-22 11:46:19.945root 11241100x80000000000000003847283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7c4c549e989bde2021-12-22 11:46:19.945root 11241100x80000000000000003847284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24738994eb92c8922021-12-22 11:46:19.945root 11241100x80000000000000003847285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd173dade086c6a42021-12-22 11:46:19.945root 11241100x80000000000000003847286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d968e9b671129272021-12-22 11:46:19.945root 11241100x80000000000000003847287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714114372023d1f02021-12-22 11:46:19.946root 11241100x80000000000000003847288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95c8650eb3c10382021-12-22 11:46:20.443root 11241100x80000000000000003847289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f0169533bcd3cb2021-12-22 11:46:20.443root 11241100x80000000000000003847290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a90688a5d1a32e32021-12-22 11:46:20.443root 11241100x80000000000000003847291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4207ab39d1714f82021-12-22 11:46:20.443root 11241100x80000000000000003847292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a37c8513e1012ea2021-12-22 11:46:20.443root 11241100x80000000000000003847293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4100d2340fe2447f2021-12-22 11:46:20.443root 11241100x80000000000000003847294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d974d9acee5fba2021-12-22 11:46:20.444root 11241100x80000000000000003847295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965049f324ed22b92021-12-22 11:46:20.444root 11241100x80000000000000003847296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a70713e13000222021-12-22 11:46:20.444root 11241100x80000000000000003847297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8bb140803c2aad2021-12-22 11:46:20.444root 11241100x80000000000000003847298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1827c8b7d612a00f2021-12-22 11:46:20.444root 11241100x80000000000000003847299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fc99c8f34da2bc2021-12-22 11:46:20.444root 11241100x80000000000000003847300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ba584a62bbaa602021-12-22 11:46:20.444root 11241100x80000000000000003847301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4066584775da7b2021-12-22 11:46:20.444root 11241100x80000000000000003847302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8326ae51b4ff450e2021-12-22 11:46:20.444root 11241100x80000000000000003847303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12254c74beae6662021-12-22 11:46:20.444root 11241100x80000000000000003847304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7ecef09eb4c5222021-12-22 11:46:20.444root 11241100x80000000000000003847305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3f8654767435582021-12-22 11:46:20.445root 11241100x80000000000000003847306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5089f50d69381ad22021-12-22 11:46:20.445root 11241100x80000000000000003847307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b7482403b24f4902021-12-22 11:46:20.445root 11241100x80000000000000003847308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e834139c6a621a02021-12-22 11:46:20.445root 11241100x80000000000000003847309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a872459160f71cba2021-12-22 11:46:20.445root 11241100x80000000000000003847310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9508661a203468c22021-12-22 11:46:20.445root 11241100x80000000000000003847311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5edc38aed6ca689c2021-12-22 11:46:20.445root 11241100x80000000000000003847312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46e40cf893868a92021-12-22 11:46:20.445root 11241100x80000000000000003847313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0a132488113f802021-12-22 11:46:20.445root 11241100x80000000000000003847314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c64a38539c4bfd2021-12-22 11:46:20.446root 11241100x80000000000000003847315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba23f0b78d5c75e62021-12-22 11:46:20.446root 11241100x80000000000000003847316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7106f657cb9534992021-12-22 11:46:20.446root 11241100x80000000000000003847317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47476c2b9bc03d512021-12-22 11:46:20.446root 11241100x80000000000000003847318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcbd99830f940b92021-12-22 11:46:20.446root 11241100x80000000000000003847319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b19d54c04339b32021-12-22 11:46:20.943root 11241100x80000000000000003847320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5ce53818d615ff2021-12-22 11:46:20.943root 11241100x80000000000000003847321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f532fb52c7b4dc2021-12-22 11:46:20.943root 11241100x80000000000000003847322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6456baa13427642021-12-22 11:46:20.943root 11241100x80000000000000003847323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf2c32f54aaae6e2021-12-22 11:46:20.944root 11241100x80000000000000003847324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dadf4b28e3d17a82021-12-22 11:46:20.944root 11241100x80000000000000003847325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735ae8905ad904c42021-12-22 11:46:20.944root 11241100x80000000000000003847326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d8559052dc09b42021-12-22 11:46:20.944root 11241100x80000000000000003847327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106d15433c16b9512021-12-22 11:46:20.944root 11241100x80000000000000003847328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b44e2aed9bd90d02021-12-22 11:46:20.944root 11241100x80000000000000003847329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57dc648c579c7df2021-12-22 11:46:20.944root 11241100x80000000000000003847330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c453622089cd48a62021-12-22 11:46:20.944root 11241100x80000000000000003847331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54cdd0a103c0b3b42021-12-22 11:46:20.944root 11241100x80000000000000003847332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f191b9454d7c627e2021-12-22 11:46:20.944root 11241100x80000000000000003847333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9cb3623467c93502021-12-22 11:46:20.944root 11241100x80000000000000003847334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ebdee0da5cebc8d2021-12-22 11:46:20.944root 11241100x80000000000000003847335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d6637dd490e4392021-12-22 11:46:20.944root 11241100x80000000000000003847336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78554968bc55b6bc2021-12-22 11:46:20.945root 11241100x80000000000000003847337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8409ab26966100c22021-12-22 11:46:20.945root 11241100x80000000000000003847338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76c93d6c7ac6c312021-12-22 11:46:20.945root 11241100x80000000000000003847339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38d72cd5fb612c72021-12-22 11:46:20.945root 11241100x80000000000000003847340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b876bd85ee48679f2021-12-22 11:46:20.945root 11241100x80000000000000003847341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74c8433446dea442021-12-22 11:46:20.945root 11241100x80000000000000003847342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6acbc10a6354fc82021-12-22 11:46:20.945root 11241100x80000000000000003847343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aec67f36407c9fc2021-12-22 11:46:20.945root 11241100x80000000000000003847344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b293a68afa4c170e2021-12-22 11:46:20.945root 11241100x80000000000000003847345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0269e86f17232d2021-12-22 11:46:20.946root 11241100x80000000000000003847346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9737532f04d95ba2021-12-22 11:46:20.946root 11241100x80000000000000003847347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a635f6684c06a11d2021-12-22 11:46:21.443root 11241100x80000000000000003847348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1307e1dcd1f95e2021-12-22 11:46:21.443root 11241100x80000000000000003847349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b869a858a69ac3b2021-12-22 11:46:21.443root 11241100x80000000000000003847350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a9cce7660021952021-12-22 11:46:21.443root 11241100x80000000000000003847351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a49c30d7457963b2021-12-22 11:46:21.443root 11241100x80000000000000003847352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c69410ecbd000c2021-12-22 11:46:21.444root 11241100x80000000000000003847353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc411fcb435637fe2021-12-22 11:46:21.444root 11241100x80000000000000003847354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44313078ec89d2552021-12-22 11:46:21.444root 11241100x80000000000000003847355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db252cc1729bd0a72021-12-22 11:46:21.444root 11241100x80000000000000003847356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04be10bde24f020c2021-12-22 11:46:21.444root 11241100x80000000000000003847357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8bb4ffeaf907392021-12-22 11:46:21.444root 11241100x80000000000000003847358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a9a9bc241899082021-12-22 11:46:21.444root 11241100x80000000000000003847359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e13e6a65075d1d52021-12-22 11:46:21.444root 11241100x80000000000000003847360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b666952f5aaf3cf2021-12-22 11:46:21.445root 11241100x80000000000000003847361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c79d744ce9bb192021-12-22 11:46:21.445root 11241100x80000000000000003847362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79333ad2cef04d2b2021-12-22 11:46:21.445root 11241100x80000000000000003847363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680d5bf55e03919a2021-12-22 11:46:21.445root 11241100x80000000000000003847364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebded65df648f6232021-12-22 11:46:21.445root 11241100x80000000000000003847365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004873441bfd0dec2021-12-22 11:46:21.445root 11241100x80000000000000003847366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c688dd164945582021-12-22 11:46:21.445root 11241100x80000000000000003847367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7dd0790e091f082021-12-22 11:46:21.445root 11241100x80000000000000003847368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca1a9e91624bb842021-12-22 11:46:21.445root 11241100x80000000000000003847369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06719ca6737067982021-12-22 11:46:21.445root 11241100x80000000000000003847370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4b67f32c27878b2021-12-22 11:46:21.445root 11241100x80000000000000003847371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada59e64185f45612021-12-22 11:46:21.446root 11241100x80000000000000003847372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3480bd1c154dfbd2021-12-22 11:46:21.446root 11241100x80000000000000003847373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4de89c182b86b972021-12-22 11:46:21.446root 11241100x80000000000000003847374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd8b6246d5a1ae62021-12-22 11:46:21.446root 11241100x80000000000000003847375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af553374e23499e2021-12-22 11:46:21.943root 11241100x80000000000000003847376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b38bc3ec7d74c62021-12-22 11:46:21.943root 11241100x80000000000000003847377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1638d40543c671b42021-12-22 11:46:21.943root 11241100x80000000000000003847378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddc4e9ede2f112f2021-12-22 11:46:21.943root 11241100x80000000000000003847379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a4f666bde4facb2021-12-22 11:46:21.943root 11241100x80000000000000003847380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813745c6680be0cc2021-12-22 11:46:21.943root 11241100x80000000000000003847381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a149862ea610c6ae2021-12-22 11:46:21.943root 11241100x80000000000000003847382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e93aea773a35112021-12-22 11:46:21.943root 11241100x80000000000000003847383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb08e83670ddd8a2021-12-22 11:46:21.943root 11241100x80000000000000003847384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3969ad191bad8d2021-12-22 11:46:21.943root 11241100x80000000000000003847385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c32a9770ee2fe92021-12-22 11:46:21.944root 11241100x80000000000000003847386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc535f3d23cde532021-12-22 11:46:21.944root 11241100x80000000000000003847387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8c77b2ee691dc22021-12-22 11:46:21.944root 11241100x80000000000000003847388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8f13d51d3d27a32021-12-22 11:46:21.944root 11241100x80000000000000003847389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abda3b8ca43306b2021-12-22 11:46:21.944root 11241100x80000000000000003847390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8e35b8c99143132021-12-22 11:46:21.944root 11241100x80000000000000003847391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6cca008c9e001a2021-12-22 11:46:21.944root 11241100x80000000000000003847392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d80c74851acdbf02021-12-22 11:46:21.944root 11241100x80000000000000003847393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575cf93ea781dc122021-12-22 11:46:21.944root 11241100x80000000000000003847394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81934a08b230df982021-12-22 11:46:21.944root 11241100x80000000000000003847395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d436c9da4e766cb2021-12-22 11:46:21.945root 11241100x80000000000000003847396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf7eea8303541052021-12-22 11:46:21.945root 11241100x80000000000000003847397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9120ae8b26620172021-12-22 11:46:21.945root 11241100x80000000000000003847398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8326acfd3b912f2021-12-22 11:46:21.945root 11241100x80000000000000003847399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823f9cafafb8d0bf2021-12-22 11:46:21.945root 11241100x80000000000000003847400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a50dcebc49711c2021-12-22 11:46:21.945root 11241100x80000000000000003847401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50a76df07387f872021-12-22 11:46:21.945root 11241100x80000000000000003847402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f9fcfcdc8fbd1e2021-12-22 11:46:21.945root 11241100x80000000000000003847403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4faf7836b113c1572021-12-22 11:46:21.945root 11241100x80000000000000003847404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27ff1902d4fe3bc2021-12-22 11:46:21.945root 11241100x80000000000000003847405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc454b5e1cc6aaef2021-12-22 11:46:22.443root 11241100x80000000000000003847406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c15120bb08ceca2021-12-22 11:46:22.443root 11241100x80000000000000003847407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26ce841582b27642021-12-22 11:46:22.443root 11241100x80000000000000003847408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a08c3b7f459eaf62021-12-22 11:46:22.443root 11241100x80000000000000003847409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24624e9f6896a6b2021-12-22 11:46:22.444root 11241100x80000000000000003847410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46650d67738986b2021-12-22 11:46:22.444root 11241100x80000000000000003847411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f24197a41d8735d2021-12-22 11:46:22.444root 11241100x80000000000000003847412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc31fbba773e723d2021-12-22 11:46:22.444root 11241100x80000000000000003847413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4842f5c4cbd1d5772021-12-22 11:46:22.444root 11241100x80000000000000003847414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4258da9c75fd132021-12-22 11:46:22.444root 11241100x80000000000000003847415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d16519b3a73a8122021-12-22 11:46:22.444root 11241100x80000000000000003847416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1b6038d05665f02021-12-22 11:46:22.444root 11241100x80000000000000003847417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513a782fa92a430b2021-12-22 11:46:22.444root 11241100x80000000000000003847418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d038609609c8f242021-12-22 11:46:22.444root 11241100x80000000000000003847419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50906548124ae9522021-12-22 11:46:22.444root 11241100x80000000000000003847420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0868d91982e8a52021-12-22 11:46:22.444root 11241100x80000000000000003847421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30340005b4cee1d32021-12-22 11:46:22.444root 11241100x80000000000000003847422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44aba25620bea0282021-12-22 11:46:22.445root 11241100x80000000000000003847423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34c161d99d3f9af2021-12-22 11:46:22.445root 11241100x80000000000000003847424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e943c56616ff9d2021-12-22 11:46:22.445root 11241100x80000000000000003847425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1fe726977522162021-12-22 11:46:22.445root 11241100x80000000000000003847426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ec2c608bde07572021-12-22 11:46:22.445root 11241100x80000000000000003847427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82499d55187d681f2021-12-22 11:46:22.445root 11241100x80000000000000003847428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6477366656d63b32021-12-22 11:46:22.445root 11241100x80000000000000003847429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aebb33ed1a0b85f2021-12-22 11:46:22.445root 11241100x80000000000000003847430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f487b10f59e5c62021-12-22 11:46:22.445root 11241100x80000000000000003847431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf36f775494a011c2021-12-22 11:46:22.445root 11241100x80000000000000003847432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd28105a69bb9c8e2021-12-22 11:46:22.446root 11241100x80000000000000003847433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6baed11f7ad0f70f2021-12-22 11:46:22.446root 11241100x80000000000000003847434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa6acc7ad13b4ed2021-12-22 11:46:22.943root 11241100x80000000000000003847435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4787d0fe580a41f2021-12-22 11:46:22.943root 11241100x80000000000000003847436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fabdf92c9bf2f52021-12-22 11:46:22.943root 11241100x80000000000000003847437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4388487b4ef94d112021-12-22 11:46:22.943root 11241100x80000000000000003847438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1a82bea83a6dc42021-12-22 11:46:22.943root 11241100x80000000000000003847439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874f22e0b50baed32021-12-22 11:46:22.943root 11241100x80000000000000003847440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc895735c97af922021-12-22 11:46:22.943root 11241100x80000000000000003847441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b62a2d47447cf22021-12-22 11:46:22.943root 11241100x80000000000000003847442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e129c7c4d8b52d382021-12-22 11:46:22.943root 11241100x80000000000000003847443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378670e7a63c849e2021-12-22 11:46:22.943root 11241100x80000000000000003847444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6457db8bc313de62021-12-22 11:46:22.944root 11241100x80000000000000003847445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18a483d87022f6f2021-12-22 11:46:22.944root 11241100x80000000000000003847446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82aee583cb5f40ae2021-12-22 11:46:22.944root 11241100x80000000000000003847447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d63fb937f018092021-12-22 11:46:22.944root 11241100x80000000000000003847448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c30f030a0e98112021-12-22 11:46:22.944root 11241100x80000000000000003847449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37587e8e1f0438492021-12-22 11:46:22.944root 11241100x80000000000000003847450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f1d1e0fa91d0592021-12-22 11:46:22.944root 11241100x80000000000000003847451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aed97ad75a7afe42021-12-22 11:46:22.944root 11241100x80000000000000003847452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f7022e7f21c92c2021-12-22 11:46:22.944root 11241100x80000000000000003847453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c38dbb19ae9ac2b2021-12-22 11:46:22.944root 11241100x80000000000000003847454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113bd01ded82f1632021-12-22 11:46:22.944root 11241100x80000000000000003847455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ec0d742c8357702021-12-22 11:46:22.945root 11241100x80000000000000003847456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637b5f7218edac612021-12-22 11:46:22.945root 11241100x80000000000000003847457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2d4789c08bfa2b2021-12-22 11:46:22.945root 11241100x80000000000000003847458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e348a7a39667f8802021-12-22 11:46:22.945root 11241100x80000000000000003847459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2ef20c7e625e2e2021-12-22 11:46:22.945root 11241100x80000000000000003847460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3acf3793fc95e702021-12-22 11:46:22.945root 11241100x80000000000000003847461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a626adae2ad0c3e2021-12-22 11:46:22.945root 11241100x80000000000000003847462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d4734b88e1bf352021-12-22 11:46:22.945root 11241100x80000000000000003847463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00891ea460a167622021-12-22 11:46:22.945root 11241100x80000000000000003847464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a84f8c109a3094c2021-12-22 11:46:22.945root 11241100x80000000000000003847465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20233eb8b7df28a92021-12-22 11:46:22.946root 11241100x80000000000000003847466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31656315adbf62162021-12-22 11:46:22.946root 11241100x80000000000000003847467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e1bfd1530f0ab02021-12-22 11:46:22.946root 11241100x80000000000000003847468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9036b8814474be22021-12-22 11:46:22.946root 11241100x80000000000000003847469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca01f12071f4aba2021-12-22 11:46:22.946root 11241100x80000000000000003847470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2aa2a28697b10422021-12-22 11:46:22.946root 11241100x80000000000000003847471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c97a13685767792021-12-22 11:46:22.946root 11241100x80000000000000003847472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b74c4e0d6e39ac72021-12-22 11:46:22.946root 11241100x80000000000000003847473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ddcfa90ed3923122021-12-22 11:46:22.946root 11241100x80000000000000003847474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6459ad0b532a1e1b2021-12-22 11:46:22.946root 11241100x80000000000000003847475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a512229faff60232021-12-22 11:46:22.946root 11241100x80000000000000003847476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4524939ad4d33e712021-12-22 11:46:22.946root 11241100x80000000000000003847477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97833a3262cae16e2021-12-22 11:46:22.947root 11241100x80000000000000003847478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0c5bd3b09aadf82021-12-22 11:46:22.947root 11241100x80000000000000003847479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcafdb82a8af39e2021-12-22 11:46:22.947root 11241100x80000000000000003847480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e904942714f9cd2021-12-22 11:46:22.947root 11241100x80000000000000003847481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b053c1ce501dc6a2021-12-22 11:46:22.947root 11241100x80000000000000003847482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46fa3301ba04dba42021-12-22 11:46:22.947root 11241100x80000000000000003847483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc47801daeffc682021-12-22 11:46:22.947root 11241100x80000000000000003847484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0601dafe048cd662021-12-22 11:46:22.947root 11241100x80000000000000003847485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2677bccc157c0c2021-12-22 11:46:22.948root 11241100x80000000000000003847486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0d657228be17662021-12-22 11:46:22.948root 11241100x80000000000000003847487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24efd40e2209e1552021-12-22 11:46:22.948root 11241100x80000000000000003847488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53b6ea68f675f232021-12-22 11:46:22.948root 11241100x80000000000000003847489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e4be3d8ae4dfb92021-12-22 11:46:22.948root 11241100x80000000000000003847490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26eebbb3463fb2a62021-12-22 11:46:22.948root 11241100x80000000000000003847491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3ee4745d9f38f52021-12-22 11:46:22.948root 11241100x80000000000000003847492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871013aa264164c92021-12-22 11:46:22.948root 11241100x80000000000000003847493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2413dbffe24cbdcd2021-12-22 11:46:22.948root 11241100x80000000000000003847494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5f38730601e81e2021-12-22 11:46:22.948root 11241100x80000000000000003847495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9381d1b1db61c6cc2021-12-22 11:46:22.948root 11241100x80000000000000003847496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b526f4e3f164544b2021-12-22 11:46:22.949root 11241100x80000000000000003847497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6dedcc30383c672021-12-22 11:46:22.949root 11241100x80000000000000003847498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6840c367404a3152021-12-22 11:46:22.949root 11241100x80000000000000003847499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c4aa981c1fa8ca2021-12-22 11:46:22.949root 11241100x80000000000000003847500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2029f68b9d6a93ef2021-12-22 11:46:22.950root 11241100x80000000000000003847501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82bd6687b78206f2021-12-22 11:46:22.950root 11241100x80000000000000003847502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d46c91c09cb002d2021-12-22 11:46:22.950root 11241100x80000000000000003847503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0158baa4a784212021-12-22 11:46:22.950root 11241100x80000000000000003847504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa5728cd18666fc2021-12-22 11:46:22.950root 11241100x80000000000000003847505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78e3a86886fc52c2021-12-22 11:46:22.950root 11241100x80000000000000003847506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9e19fca52ca8ac2021-12-22 11:46:22.951root 11241100x80000000000000003847507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09b497ce81608ea2021-12-22 11:46:22.951root 11241100x80000000000000003847508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45379547f3632e1b2021-12-22 11:46:22.951root 11241100x80000000000000003847509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04882285f084a3902021-12-22 11:46:22.951root 11241100x80000000000000003847510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f378b81eef1849a2021-12-22 11:46:22.951root 11241100x80000000000000003847511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5376f62f293902062021-12-22 11:46:22.951root 11241100x80000000000000003847512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93594718ddeae0222021-12-22 11:46:22.951root 11241100x80000000000000003847513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357826f9200579ac2021-12-22 11:46:22.951root 11241100x80000000000000003847514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cce48ac6576fc402021-12-22 11:46:22.951root 11241100x80000000000000003847515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41715354e24dd66a2021-12-22 11:46:22.952root 11241100x80000000000000003847516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934785379dfd14bc2021-12-22 11:46:22.952root 11241100x80000000000000003847517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3387f413a3dd22922021-12-22 11:46:22.952root 11241100x80000000000000003847518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e727711ef92d2bc2021-12-22 11:46:22.952root 11241100x80000000000000003847519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a73a0e7ee1ea642021-12-22 11:46:22.952root 11241100x80000000000000003847520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89aca9948fbd63282021-12-22 11:46:22.952root 11241100x80000000000000003847521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74e25c614d3bf042021-12-22 11:46:22.952root 11241100x80000000000000003847522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d295624e2d8486dc2021-12-22 11:46:22.952root 11241100x80000000000000003847523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f44c9d3eb158df2021-12-22 11:46:22.953root 11241100x80000000000000003847524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de44c49911275052021-12-22 11:46:22.953root 11241100x80000000000000003847525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ee06d890f882e12021-12-22 11:46:22.953root 11241100x80000000000000003847526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a27149c237b7cf2021-12-22 11:46:22.954root 11241100x80000000000000003847527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3859c62fe7f7cec42021-12-22 11:46:22.954root 11241100x80000000000000003847528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c639c3bd84bb4afb2021-12-22 11:46:22.954root 11241100x80000000000000003847529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bcce4e5c74c4de72021-12-22 11:46:22.954root 11241100x80000000000000003847530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ec11ee9fc5694c2021-12-22 11:46:22.954root 11241100x80000000000000003847531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5a4056ef4771e42021-12-22 11:46:22.954root 11241100x80000000000000003847532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81988d990f7c41d12021-12-22 11:46:22.954root 11241100x80000000000000003847533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8fb87196a271d22021-12-22 11:46:22.954root 11241100x80000000000000003847534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66db6810e84409a2021-12-22 11:46:22.954root 11241100x80000000000000003847535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75cf0206f7ce2f32021-12-22 11:46:22.954root 11241100x80000000000000003847536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8da94fd762c16d2021-12-22 11:46:22.955root 11241100x80000000000000003847537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246131cb829620db2021-12-22 11:46:22.955root 11241100x80000000000000003847538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c21ead604f2507a2021-12-22 11:46:22.955root 11241100x80000000000000003847539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5dd05592d9afdbe2021-12-22 11:46:22.955root 11241100x80000000000000003847540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9977374066393a6f2021-12-22 11:46:22.955root 11241100x80000000000000003847541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677666a55799a11a2021-12-22 11:46:22.955root 11241100x80000000000000003847542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c709db8daefc08f2021-12-22 11:46:22.955root 11241100x80000000000000003847543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523bac6d315787b72021-12-22 11:46:22.955root 11241100x80000000000000003847544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e64901e3608d612021-12-22 11:46:22.955root 11241100x80000000000000003847545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f101fd220804162021-12-22 11:46:22.955root 11241100x80000000000000003847546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19e1e881ada76d82021-12-22 11:46:22.956root 11241100x80000000000000003847547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934f872942e11a5e2021-12-22 11:46:22.956root 11241100x80000000000000003847548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b00e2be2e94b192021-12-22 11:46:22.956root 11241100x80000000000000003847549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12cf592d7c8b7ba2021-12-22 11:46:22.956root 11241100x80000000000000003847550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17056fdaf79700112021-12-22 11:46:22.956root 11241100x80000000000000003847551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e4552119ae24f32021-12-22 11:46:22.956root 11241100x80000000000000003847552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd8a94ac9f1f1862021-12-22 11:46:22.956root 11241100x80000000000000003847553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa6adc369f2cc452021-12-22 11:46:22.956root 11241100x80000000000000003847554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871a18cc1568e3af2021-12-22 11:46:22.956root 11241100x80000000000000003847555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd141a9d5ec9294e2021-12-22 11:46:22.956root 11241100x80000000000000003847556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763a19e8a56585cd2021-12-22 11:46:22.956root 11241100x80000000000000003847557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f89dd5b1f3943b82021-12-22 11:46:22.957root 11241100x80000000000000003847558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641c9d6a65028cb92021-12-22 11:46:22.957root 11241100x80000000000000003847559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10bc4ae0973a0b772021-12-22 11:46:22.957root 11241100x80000000000000003847560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36321fd7267a84922021-12-22 11:46:23.442root 11241100x80000000000000003847561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ddc0cef126288f2021-12-22 11:46:23.443root 11241100x80000000000000003847562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ce881b0bf612942021-12-22 11:46:23.443root 11241100x80000000000000003847563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4932196b08d5557b2021-12-22 11:46:23.443root 11241100x80000000000000003847564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d576682b5c18572021-12-22 11:46:23.443root 11241100x80000000000000003847565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c8e60a30dbf7b12021-12-22 11:46:23.443root 11241100x80000000000000003847566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22bc7184c5d416d2021-12-22 11:46:23.443root 11241100x80000000000000003847567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c17f0991c94a722021-12-22 11:46:23.443root 11241100x80000000000000003847568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a6a1e7ec45f2942021-12-22 11:46:23.444root 11241100x80000000000000003847569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d739b4e67f8ba4872021-12-22 11:46:23.444root 11241100x80000000000000003847570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5166fbcd011c8da2021-12-22 11:46:23.444root 11241100x80000000000000003847571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab269598477a2f962021-12-22 11:46:23.444root 11241100x80000000000000003847572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26091429dd632342021-12-22 11:46:23.444root 11241100x80000000000000003847573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773d034141d3f1b72021-12-22 11:46:23.444root 11241100x80000000000000003847574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0459bf387e3357f32021-12-22 11:46:23.444root 11241100x80000000000000003847575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0de1f046eb04472021-12-22 11:46:23.444root 11241100x80000000000000003847576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9139398e5da99912021-12-22 11:46:23.444root 11241100x80000000000000003847577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b95bbf665843c02021-12-22 11:46:23.444root 11241100x80000000000000003847578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3f6f0aae6edb452021-12-22 11:46:23.445root 11241100x80000000000000003847579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2806fd9174498ffd2021-12-22 11:46:23.445root 11241100x80000000000000003847580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566260c2592bd9c32021-12-22 11:46:23.445root 11241100x80000000000000003847581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85d1ffd2c7d5bae2021-12-22 11:46:23.445root 11241100x80000000000000003847582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8772acf278392512021-12-22 11:46:23.445root 11241100x80000000000000003847583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3d951bf34c18582021-12-22 11:46:23.445root 11241100x80000000000000003847584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b8d9c1a7bc43522021-12-22 11:46:23.445root 11241100x80000000000000003847585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfaaceabeed697972021-12-22 11:46:23.445root 11241100x80000000000000003847586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4355867007e6df2021-12-22 11:46:23.445root 11241100x80000000000000003847587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b29ca06c3de2eb92021-12-22 11:46:23.445root 11241100x80000000000000003847588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64c35a0bba1c1452021-12-22 11:46:23.446root 11241100x80000000000000003847589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626cce460599625c2021-12-22 11:46:23.446root 11241100x80000000000000003847590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd7db658c22cbd32021-12-22 11:46:23.446root 11241100x80000000000000003847591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5970b30024a070712021-12-22 11:46:23.446root 11241100x80000000000000003847592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f43937af3ddb202021-12-22 11:46:23.446root 11241100x80000000000000003847593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0071b5d438b26ccf2021-12-22 11:46:23.446root 11241100x80000000000000003847594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dba361b2eeabbe62021-12-22 11:46:23.447root 11241100x80000000000000003847595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e9aef2d6fb82252021-12-22 11:46:23.447root 11241100x80000000000000003847596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e87786fa4b82712021-12-22 11:46:23.447root 11241100x80000000000000003847597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334fbc194c0876b52021-12-22 11:46:23.448root 11241100x80000000000000003847598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55886d80333362f32021-12-22 11:46:23.448root 11241100x80000000000000003847599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024f445ec5ec09122021-12-22 11:46:23.448root 11241100x80000000000000003847600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153dee923aa3b2992021-12-22 11:46:23.448root 11241100x80000000000000003847601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8a1a38a13fdb4d2021-12-22 11:46:23.448root 11241100x80000000000000003847602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05b391e0e28040e2021-12-22 11:46:23.448root 11241100x80000000000000003847603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93276167adc829682021-12-22 11:46:23.448root 11241100x80000000000000003847604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e8b57b7da4fed42021-12-22 11:46:23.448root 11241100x80000000000000003847605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06d486091edbf562021-12-22 11:46:23.449root 11241100x80000000000000003847606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d35d568ca53149e2021-12-22 11:46:23.449root 11241100x80000000000000003847607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eabb2d82262099df2021-12-22 11:46:23.449root 11241100x80000000000000003847608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7c3d7e2be999342021-12-22 11:46:23.449root 11241100x80000000000000003847609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99329c0296825df12021-12-22 11:46:23.449root 11241100x80000000000000003847610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1a263c86cbcfc22021-12-22 11:46:23.449root 11241100x80000000000000003847611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33504684f67e0212021-12-22 11:46:23.450root 11241100x80000000000000003847612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8186bddcd64f34052021-12-22 11:46:23.450root 11241100x80000000000000003847613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa8bf514606fe142021-12-22 11:46:23.451root 11241100x80000000000000003847614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453ba4d5f2763b622021-12-22 11:46:23.451root 11241100x80000000000000003847615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc57ed4462c1e2e2021-12-22 11:46:23.452root 11241100x80000000000000003847616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819f05c9b5d7c1c82021-12-22 11:46:23.452root 11241100x80000000000000003847617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abf8395808c1cb92021-12-22 11:46:23.452root 11241100x80000000000000003847618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985c2312466bd6a72021-12-22 11:46:23.943root 11241100x80000000000000003847619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faba0375ab8c79d12021-12-22 11:46:23.943root 11241100x80000000000000003847620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01e885723eff0902021-12-22 11:46:23.943root 11241100x80000000000000003847621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9d9e315e6fdf492021-12-22 11:46:23.943root 11241100x80000000000000003847622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b168ecec378d5942021-12-22 11:46:23.943root 11241100x80000000000000003847623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7190e38fb3c4972021-12-22 11:46:23.943root 11241100x80000000000000003847624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f47564dbedae102021-12-22 11:46:23.943root 11241100x80000000000000003847625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d629570dcd4e0d32021-12-22 11:46:23.944root 11241100x80000000000000003847626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61cfc1721cc1f82b2021-12-22 11:46:23.945root 11241100x80000000000000003847627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79cc88c5884705252021-12-22 11:46:23.945root 11241100x80000000000000003847628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa0808155daa2de2021-12-22 11:46:23.945root 11241100x80000000000000003847629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80164af6460fa4932021-12-22 11:46:23.945root 11241100x80000000000000003847630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36056c500baef83b2021-12-22 11:46:23.946root 11241100x80000000000000003847631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b548e1b86e946bdc2021-12-22 11:46:23.946root 11241100x80000000000000003847632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90bddf92aff03fef2021-12-22 11:46:23.946root 11241100x80000000000000003847633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5b184c29bd815d2021-12-22 11:46:23.946root 11241100x80000000000000003847634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9d1b2f062d6d982021-12-22 11:46:23.946root 11241100x80000000000000003847635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3100e07fba4b781e2021-12-22 11:46:23.946root 11241100x80000000000000003847636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35227a09c33604622021-12-22 11:46:23.946root 11241100x80000000000000003847637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb97ea4fe706b322021-12-22 11:46:23.946root 11241100x80000000000000003847638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49dca0a4acfb3ea22021-12-22 11:46:23.946root 11241100x80000000000000003847639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b608df114ee8e22021-12-22 11:46:23.946root 11241100x80000000000000003847640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c5afda7dd9d5962021-12-22 11:46:23.947root 11241100x80000000000000003847641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc49e10ee9e66122021-12-22 11:46:23.947root 11241100x80000000000000003847642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d3f5cb3d378edb2021-12-22 11:46:23.947root 11241100x80000000000000003847643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a375271000298a362021-12-22 11:46:23.947root 11241100x80000000000000003847644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5220a49c892baaa2021-12-22 11:46:23.947root 11241100x80000000000000003847645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc183a8a4ab652532021-12-22 11:46:23.947root 11241100x80000000000000003847646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a21c02740868222021-12-22 11:46:23.947root 11241100x80000000000000003847647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7695aa1968cae352021-12-22 11:46:23.947root 11241100x80000000000000003847648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932c6b897e6cf5172021-12-22 11:46:23.947root 11241100x80000000000000003847649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dcfea817479918a2021-12-22 11:46:23.948root 11241100x80000000000000003847650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c2489282c5edda2021-12-22 11:46:23.948root 354300x80000000000000003847651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.055{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55432-false10.0.1.12-8000- 11241100x80000000000000003847652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52373a482e78fd682021-12-22 11:46:24.443root 11241100x80000000000000003847653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32eb9a9e1df2c7af2021-12-22 11:46:24.443root 11241100x80000000000000003847654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39510629cd3dfdfe2021-12-22 11:46:24.444root 11241100x80000000000000003847655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73f4b56f8a56ed02021-12-22 11:46:24.444root 11241100x80000000000000003847656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74e72a4de240d292021-12-22 11:46:24.445root 11241100x80000000000000003847657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f853478532ade652021-12-22 11:46:24.445root 11241100x80000000000000003847658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44202f33c9c71c652021-12-22 11:46:24.445root 11241100x80000000000000003847659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e66553030c8dcce2021-12-22 11:46:24.446root 11241100x80000000000000003847660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15dd5ade0d5d36f32021-12-22 11:46:24.446root 11241100x80000000000000003847661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914bfe71e37a5e9c2021-12-22 11:46:24.446root 11241100x80000000000000003847662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56dfabca6b3f01fe2021-12-22 11:46:24.447root 11241100x80000000000000003847663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9603bfae3adcdfdd2021-12-22 11:46:24.447root 11241100x80000000000000003847664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05f3b2ab81671892021-12-22 11:46:24.447root 11241100x80000000000000003847665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e293ee1787605212021-12-22 11:46:24.448root 11241100x80000000000000003847666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e180511adabb54b2021-12-22 11:46:24.448root 11241100x80000000000000003847667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b23dab7d8b71e662021-12-22 11:46:24.448root 11241100x80000000000000003847668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b44676c377d2812021-12-22 11:46:24.448root 11241100x80000000000000003847669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d896348e9c83b32021-12-22 11:46:24.448root 11241100x80000000000000003847670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c3852273521eaf2021-12-22 11:46:24.448root 11241100x80000000000000003847671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74652896c237ed472021-12-22 11:46:24.449root 11241100x80000000000000003847672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c732a882ac914192021-12-22 11:46:24.449root 11241100x80000000000000003847673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc378f8bae30345c2021-12-22 11:46:24.449root 11241100x80000000000000003847674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a50a6971eb9f5ec2021-12-22 11:46:24.449root 11241100x80000000000000003847675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4173af6d3e7456e42021-12-22 11:46:24.449root 11241100x80000000000000003847676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd7d6e2fb09f5c72021-12-22 11:46:24.450root 11241100x80000000000000003847677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4c4aa0499d81562021-12-22 11:46:24.450root 11241100x80000000000000003847678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c1c1a3ca17182a2021-12-22 11:46:24.450root 11241100x80000000000000003847679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c82918daccf12a2021-12-22 11:46:24.450root 11241100x80000000000000003847680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8115ad1cc2bd19bb2021-12-22 11:46:24.450root 11241100x80000000000000003847681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec9549bec6522632021-12-22 11:46:24.450root 11241100x80000000000000003847682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f9ee09e54616c62021-12-22 11:46:24.943root 11241100x80000000000000003847683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cb13a15990fd942021-12-22 11:46:24.943root 11241100x80000000000000003847684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912cca336ff80ef62021-12-22 11:46:24.943root 11241100x80000000000000003847685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97408d7aa2f966632021-12-22 11:46:24.943root 11241100x80000000000000003847686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccc3382dffe98472021-12-22 11:46:24.944root 11241100x80000000000000003847687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a053b8b31add32f2021-12-22 11:46:24.944root 11241100x80000000000000003847688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37407d065d3f99a02021-12-22 11:46:24.944root 11241100x80000000000000003847689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3369abd9f8d6fd182021-12-22 11:46:24.944root 11241100x80000000000000003847690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09515b7d3e861af2021-12-22 11:46:24.944root 11241100x80000000000000003847691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28ecf61fa62d4912021-12-22 11:46:24.944root 11241100x80000000000000003847692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a228e010833039cd2021-12-22 11:46:24.944root 11241100x80000000000000003847693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25aed49f8d44dbb22021-12-22 11:46:24.944root 11241100x80000000000000003847694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217ec0b32965aa722021-12-22 11:46:24.944root 11241100x80000000000000003847695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33994fabfec647932021-12-22 11:46:24.944root 11241100x80000000000000003847696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653867aa8c730a852021-12-22 11:46:24.945root 11241100x80000000000000003847697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889435847c2615b62021-12-22 11:46:24.945root 11241100x80000000000000003847698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b178a97f8bd51b02021-12-22 11:46:24.945root 11241100x80000000000000003847699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eabd807a93586c352021-12-22 11:46:24.945root 11241100x80000000000000003847700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ce9e41bc62de582021-12-22 11:46:24.945root 11241100x80000000000000003847701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c39ff8c3e2079802021-12-22 11:46:24.945root 11241100x80000000000000003847702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca38e1fe8442c2ee2021-12-22 11:46:24.946root 11241100x80000000000000003847703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d6290eb9b7e11b2021-12-22 11:46:24.946root 11241100x80000000000000003847704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5ab8780cd8d9ee2021-12-22 11:46:24.946root 11241100x80000000000000003847705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c65ed01aae9d1342021-12-22 11:46:24.946root 11241100x80000000000000003847706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05d6e33e220a98a2021-12-22 11:46:24.946root 11241100x80000000000000003847707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccba7ca67f36f81e2021-12-22 11:46:24.946root 11241100x80000000000000003847708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07bf9f8e765fc43c2021-12-22 11:46:24.946root 11241100x80000000000000003847709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775f0bb567e4513f2021-12-22 11:46:24.946root 11241100x80000000000000003847710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb0c60cc518f7252021-12-22 11:46:24.946root 11241100x80000000000000003847711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e208487df7d879522021-12-22 11:46:24.947root 11241100x80000000000000003847712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb730c232a1d05b32021-12-22 11:46:24.947root 11241100x80000000000000003847713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7e56af7b2c3f8a2021-12-22 11:46:24.947root 11241100x80000000000000003847714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c0bec50bb336b92021-12-22 11:46:25.443root 11241100x80000000000000003847715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b2f069502986892021-12-22 11:46:25.443root 11241100x80000000000000003847716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee15625a55b0c702021-12-22 11:46:25.443root 11241100x80000000000000003847717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1898715b7507260e2021-12-22 11:46:25.443root 11241100x80000000000000003847718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cd20e25453a3c72021-12-22 11:46:25.443root 11241100x80000000000000003847719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b33c32e603d88a2021-12-22 11:46:25.443root 11241100x80000000000000003847720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc03c8c18c31d7f2021-12-22 11:46:25.444root 11241100x80000000000000003847721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed9f5d98b6082932021-12-22 11:46:25.444root 11241100x80000000000000003847722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939a621f573364ae2021-12-22 11:46:25.444root 11241100x80000000000000003847723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d73bcba38b0aba2021-12-22 11:46:25.444root 11241100x80000000000000003847724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8a181bf1f5fa662021-12-22 11:46:25.444root 11241100x80000000000000003847725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76dbb591f0f7e41d2021-12-22 11:46:25.444root 11241100x80000000000000003847726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7642dde4bdb1516a2021-12-22 11:46:25.444root 11241100x80000000000000003847727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fac8c98f0b7664b2021-12-22 11:46:25.444root 11241100x80000000000000003847728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84809b3fac5aa04b2021-12-22 11:46:25.444root 11241100x80000000000000003847729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d575984180bc082021-12-22 11:46:25.444root 11241100x80000000000000003847730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65df511d6845c9822021-12-22 11:46:25.445root 11241100x80000000000000003847731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252f815e44413ed12021-12-22 11:46:25.445root 11241100x80000000000000003847732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b376d52a496fc4f22021-12-22 11:46:25.445root 11241100x80000000000000003847733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742ddae7151c53d02021-12-22 11:46:25.445root 11241100x80000000000000003847734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d7bb664a2991ee2021-12-22 11:46:25.445root 11241100x80000000000000003847735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f28a93358d0fde2021-12-22 11:46:25.445root 11241100x80000000000000003847736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065bac2b85a89af42021-12-22 11:46:25.445root 11241100x80000000000000003847737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ecc9d8ba32588662021-12-22 11:46:25.446root 11241100x80000000000000003847738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81571715547b8782021-12-22 11:46:25.446root 11241100x80000000000000003847739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ba813e91064fce2021-12-22 11:46:25.446root 11241100x80000000000000003847740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d165dbd6b33cdc2021-12-22 11:46:25.446root 11241100x80000000000000003847741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b5db4389724f272021-12-22 11:46:25.446root 11241100x80000000000000003847742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833ea1c15fd889c22021-12-22 11:46:25.446root 11241100x80000000000000003847743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a58b67e79182222021-12-22 11:46:25.446root 11241100x80000000000000003847744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fce204e1e9c4602021-12-22 11:46:25.446root 11241100x80000000000000003847745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726755787bcefad12021-12-22 11:46:25.446root 11241100x80000000000000003847746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b8c1d90c8c25dd2021-12-22 11:46:25.446root 11241100x80000000000000003847747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78f8707deecee4d2021-12-22 11:46:25.943root 11241100x80000000000000003847748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d33e258de7ee4b72021-12-22 11:46:25.943root 11241100x80000000000000003847749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af631110aa24006f2021-12-22 11:46:25.943root 11241100x80000000000000003847750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa61dbfa983342e2021-12-22 11:46:25.943root 11241100x80000000000000003847751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505abb81beb692352021-12-22 11:46:25.943root 11241100x80000000000000003847752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb65c86f12accd82021-12-22 11:46:25.943root 11241100x80000000000000003847753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e35c4ee9f198c42021-12-22 11:46:25.943root 11241100x80000000000000003847754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89cdc3e0df2524302021-12-22 11:46:25.943root 11241100x80000000000000003847755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b597ee4d329e41b2021-12-22 11:46:25.943root 11241100x80000000000000003847756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5dde3eb0b7dacf72021-12-22 11:46:25.943root 11241100x80000000000000003847757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd7c35a7b4e7d4e2021-12-22 11:46:25.944root 11241100x80000000000000003847758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2ada3ebf8f4c9f2021-12-22 11:46:25.944root 11241100x80000000000000003847759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d89b61003067742021-12-22 11:46:25.944root 11241100x80000000000000003847760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c53270be048d0db2021-12-22 11:46:25.944root 11241100x80000000000000003847761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72bc91bc5a0f90472021-12-22 11:46:25.944root 11241100x80000000000000003847762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286572c12d3ac6fd2021-12-22 11:46:25.944root 11241100x80000000000000003847763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0bfdbdbc2bf0f0b2021-12-22 11:46:25.944root 11241100x80000000000000003847764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9709bde69cf0cf42021-12-22 11:46:25.944root 11241100x80000000000000003847765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de94d9d3bc141f02021-12-22 11:46:25.944root 11241100x80000000000000003847766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c436b41ebdb140722021-12-22 11:46:25.945root 11241100x80000000000000003847767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28148692a2bfcdf82021-12-22 11:46:25.945root 11241100x80000000000000003847768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d03186a89c46ae2021-12-22 11:46:25.945root 11241100x80000000000000003847769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435053bbfcd81bd12021-12-22 11:46:25.945root 11241100x80000000000000003847770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2a51c626c2b80c2021-12-22 11:46:25.945root 11241100x80000000000000003847771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5edace4515dce8a2021-12-22 11:46:25.945root 11241100x80000000000000003847772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e681b364d2c95332021-12-22 11:46:25.945root 11241100x80000000000000003847773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b0cada7b6a0b302021-12-22 11:46:25.945root 11241100x80000000000000003847774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8f30eb4dfcd8152021-12-22 11:46:25.945root 11241100x80000000000000003847775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7bc38825c1a9802021-12-22 11:46:25.945root 11241100x80000000000000003847776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca6658269390c412021-12-22 11:46:25.946root 11241100x80000000000000003847777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d4bb8d157fdd8b2021-12-22 11:46:25.946root 11241100x80000000000000003847778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c2846f302012702021-12-22 11:46:25.946root 11241100x80000000000000003847779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea58a8c54eb1fd92021-12-22 11:46:25.946root 11241100x80000000000000003847780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b5a755ef381ab42021-12-22 11:46:25.946root 11241100x80000000000000003847781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0389278125f23e92021-12-22 11:46:25.946root 11241100x80000000000000003847782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a9737c56385c392021-12-22 11:46:25.946root 11241100x80000000000000003847783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f253cf15dc134d82021-12-22 11:46:26.443root 11241100x80000000000000003847784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e9806869e97aa72021-12-22 11:46:26.443root 11241100x80000000000000003847785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8998d7086fb2b34a2021-12-22 11:46:26.443root 11241100x80000000000000003847786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ed406ce6468f032021-12-22 11:46:26.443root 11241100x80000000000000003847787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b79a833abea5032021-12-22 11:46:26.443root 11241100x80000000000000003847788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5a04bc804c3c4d2021-12-22 11:46:26.443root 11241100x80000000000000003847789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae9b35026b0b0352021-12-22 11:46:26.444root 11241100x80000000000000003847790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301a3e5c900921032021-12-22 11:46:26.444root 11241100x80000000000000003847791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572d861a77f2d0f22021-12-22 11:46:26.444root 11241100x80000000000000003847792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779bafe79f8976602021-12-22 11:46:26.444root 11241100x80000000000000003847793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f6e02153c27d1d2021-12-22 11:46:26.445root 11241100x80000000000000003847794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9dce6a679793b882021-12-22 11:46:26.445root 11241100x80000000000000003847795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf653e131c2fca52021-12-22 11:46:26.445root 11241100x80000000000000003847796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b0ff0d085d4d252021-12-22 11:46:26.445root 11241100x80000000000000003847797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6c3b31ec0ccccf2021-12-22 11:46:26.445root 11241100x80000000000000003847798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e22bbea644911392021-12-22 11:46:26.446root 11241100x80000000000000003847799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec84cdc8546870aa2021-12-22 11:46:26.446root 11241100x80000000000000003847800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4668368d063559a42021-12-22 11:46:26.446root 11241100x80000000000000003847801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473ae10c8c637f012021-12-22 11:46:26.446root 11241100x80000000000000003847802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548c46f094fe4fd42021-12-22 11:46:26.446root 11241100x80000000000000003847803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbedc67975afdda62021-12-22 11:46:26.446root 11241100x80000000000000003847804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d34a6ad10243e472021-12-22 11:46:26.447root 11241100x80000000000000003847805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91348127eb2be8842021-12-22 11:46:26.447root 11241100x80000000000000003847806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c3f8064876a9ac2021-12-22 11:46:26.447root 11241100x80000000000000003847807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b18ea2be52783bc2021-12-22 11:46:26.447root 11241100x80000000000000003847808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86153d26cb521862021-12-22 11:46:26.447root 11241100x80000000000000003847809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76dae6d1bd1d50592021-12-22 11:46:26.447root 11241100x80000000000000003847810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ff6a9c103e69882021-12-22 11:46:26.447root 11241100x80000000000000003847811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df82f266a0e0d3112021-12-22 11:46:26.447root 11241100x80000000000000003847812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2180414b4ce38b2021-12-22 11:46:26.447root 11241100x80000000000000003847813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9435e669347ddb362021-12-22 11:46:26.448root 11241100x80000000000000003847814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2bc97e45e83e5e2021-12-22 11:46:26.448root 11241100x80000000000000003847815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543fb8dc514d6a522021-12-22 11:46:26.448root 11241100x80000000000000003847816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a79806e6e14b8222021-12-22 11:46:26.448root 11241100x80000000000000003847817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbf13b60ef1098d2021-12-22 11:46:26.448root 11241100x80000000000000003847818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bcd52489b144e632021-12-22 11:46:26.943root 11241100x80000000000000003847819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0defa9022fbf9ee2021-12-22 11:46:26.943root 11241100x80000000000000003847820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5306c4952079bca2021-12-22 11:46:26.943root 11241100x80000000000000003847821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dcb143861cabe5d2021-12-22 11:46:26.943root 11241100x80000000000000003847822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f8448a3c3b022c2021-12-22 11:46:26.944root 11241100x80000000000000003847823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac310a98ef40926c2021-12-22 11:46:26.944root 11241100x80000000000000003847824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7595b08afa2506ea2021-12-22 11:46:26.944root 11241100x80000000000000003847825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780c9b7a6df729832021-12-22 11:46:26.944root 11241100x80000000000000003847826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c886d1daf3b41aa62021-12-22 11:46:26.944root 11241100x80000000000000003847827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394040be164ddc222021-12-22 11:46:26.944root 11241100x80000000000000003847828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7af3309c9cc8b52021-12-22 11:46:26.944root 11241100x80000000000000003847829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc43d6e4816c31702021-12-22 11:46:26.944root 11241100x80000000000000003847830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29da6899fcd82182021-12-22 11:46:26.945root 11241100x80000000000000003847831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3d6cf75d9074812021-12-22 11:46:26.945root 11241100x80000000000000003847832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5d17e53d8a0c062021-12-22 11:46:26.945root 11241100x80000000000000003847833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392d38dd025466982021-12-22 11:46:26.945root 11241100x80000000000000003847834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee821ae54c406fad2021-12-22 11:46:26.945root 11241100x80000000000000003847835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a4915c906d07232021-12-22 11:46:26.945root 11241100x80000000000000003847836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211ed16dd9862c872021-12-22 11:46:26.945root 11241100x80000000000000003847837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b993b055a4104bc62021-12-22 11:46:26.946root 11241100x80000000000000003847838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c2929ae5dbbc062021-12-22 11:46:26.946root 11241100x80000000000000003847839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55746dbb73a6f2d22021-12-22 11:46:26.946root 11241100x80000000000000003847840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3c4868b1067d292021-12-22 11:46:26.946root 11241100x80000000000000003847841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00bcea930fc2ea242021-12-22 11:46:26.946root 11241100x80000000000000003847842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4481aeb8415cccd22021-12-22 11:46:26.946root 11241100x80000000000000003847843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953864dbd64834572021-12-22 11:46:26.947root 11241100x80000000000000003847844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72c5923ccd7a3112021-12-22 11:46:26.947root 11241100x80000000000000003847845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4faa3b6f79645112021-12-22 11:46:26.947root 11241100x80000000000000003847846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3eea2cf42fe100c2021-12-22 11:46:26.947root 11241100x80000000000000003847847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee9119a8934ff902021-12-22 11:46:27.443root 11241100x80000000000000003847848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da2726a690377fb2021-12-22 11:46:27.443root 11241100x80000000000000003847849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a66cf2653a605d2021-12-22 11:46:27.443root 11241100x80000000000000003847850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae2e4dc0071981d2021-12-22 11:46:27.443root 11241100x80000000000000003847851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69c9dffc02461ea2021-12-22 11:46:27.443root 11241100x80000000000000003847852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59668e4f61ff2add2021-12-22 11:46:27.443root 11241100x80000000000000003847853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ab8904fa69e2f52021-12-22 11:46:27.443root 11241100x80000000000000003847854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f48c9e9adcc4f32021-12-22 11:46:27.443root 11241100x80000000000000003847855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adca911909df7c632021-12-22 11:46:27.443root 11241100x80000000000000003847856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575c93ee241f76c12021-12-22 11:46:27.444root 11241100x80000000000000003847857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615b9e0f350103172021-12-22 11:46:27.444root 11241100x80000000000000003847858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af134a56a701947e2021-12-22 11:46:27.444root 11241100x80000000000000003847859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1354be0fc7aaa322021-12-22 11:46:27.444root 11241100x80000000000000003847860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e21d2a7773e1ee92021-12-22 11:46:27.444root 11241100x80000000000000003847861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420c95e02365dac42021-12-22 11:46:27.444root 11241100x80000000000000003847862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1909a0d48761bb2021-12-22 11:46:27.444root 11241100x80000000000000003847863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bab9c4d68070f5c2021-12-22 11:46:27.444root 11241100x80000000000000003847864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4f5951e35cef8e2021-12-22 11:46:27.444root 11241100x80000000000000003847865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c5a874571d5f712021-12-22 11:46:27.444root 11241100x80000000000000003847866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a144f589e93b06b92021-12-22 11:46:27.445root 11241100x80000000000000003847867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253bbbf37f73c03c2021-12-22 11:46:27.445root 11241100x80000000000000003847868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a978e1aaf01077542021-12-22 11:46:27.445root 11241100x80000000000000003847869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c166441f3bdf2a2021-12-22 11:46:27.445root 11241100x80000000000000003847870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70bdc6b4f1f69bf62021-12-22 11:46:27.445root 11241100x80000000000000003847871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16191e569f6e73e2021-12-22 11:46:27.445root 11241100x80000000000000003847872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1d50d57f9d51d72021-12-22 11:46:27.445root 11241100x80000000000000003847873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee6f2ffc516e4992021-12-22 11:46:27.445root 11241100x80000000000000003847874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2bc3f9c53ae7cd42021-12-22 11:46:27.445root 11241100x80000000000000003847875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2e58323ebe211b2021-12-22 11:46:27.445root 11241100x80000000000000003847876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a34451db88ef452021-12-22 11:46:27.446root 11241100x80000000000000003847877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b08151ada80cca42021-12-22 11:46:27.446root 11241100x80000000000000003847878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1101c536a3d6b5fd2021-12-22 11:46:27.446root 11241100x80000000000000003847879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95e2a47d8ed29752021-12-22 11:46:27.446root 11241100x80000000000000003847880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b6d235b1a30bbd2021-12-22 11:46:27.446root 11241100x80000000000000003847881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390ef02e820cbf132021-12-22 11:46:27.943root 11241100x80000000000000003847882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0261a5d3dfee96602021-12-22 11:46:27.943root 11241100x80000000000000003847883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f941aaf4baf69c12021-12-22 11:46:27.943root 11241100x80000000000000003847884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7828a8cc93a1792021-12-22 11:46:27.943root 11241100x80000000000000003847885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527d83d129f570072021-12-22 11:46:27.943root 11241100x80000000000000003847886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d126b5c324dd00512021-12-22 11:46:27.943root 11241100x80000000000000003847887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0843e0389c8b352021-12-22 11:46:27.943root 11241100x80000000000000003847888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48ec740cd112fac2021-12-22 11:46:27.944root 11241100x80000000000000003847889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6706fc630a11dd462021-12-22 11:46:27.944root 11241100x80000000000000003847890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3b5dd251e46a602021-12-22 11:46:27.944root 11241100x80000000000000003847891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ec5809fb5fa9c92021-12-22 11:46:27.944root 11241100x80000000000000003847892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438ac1ff3c2934f42021-12-22 11:46:27.944root 11241100x80000000000000003847893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f08b9018a3cab872021-12-22 11:46:27.944root 11241100x80000000000000003847894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2912f1dd714dff2b2021-12-22 11:46:27.944root 11241100x80000000000000003847895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03f13bd39be086a2021-12-22 11:46:27.944root 11241100x80000000000000003847896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69dc61a0ac472f22021-12-22 11:46:27.945root 11241100x80000000000000003847897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5200118b0a5ba4f02021-12-22 11:46:27.945root 11241100x80000000000000003847898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc84ae2b2e900102021-12-22 11:46:27.945root 11241100x80000000000000003847899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5ab6ea9c4f36632021-12-22 11:46:27.945root 11241100x80000000000000003847900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b286c4f7fc95d02021-12-22 11:46:27.945root 11241100x80000000000000003847901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11a153e8942a4e22021-12-22 11:46:27.945root 11241100x80000000000000003847902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62160a0107807fb2021-12-22 11:46:27.945root 11241100x80000000000000003847903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9e910b48fc7de32021-12-22 11:46:27.945root 11241100x80000000000000003847904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1642d5ab3f3b4e7e2021-12-22 11:46:27.945root 11241100x80000000000000003847905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4dfde1c20884682021-12-22 11:46:27.946root 11241100x80000000000000003847906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9888e485f5821fbd2021-12-22 11:46:27.946root 11241100x80000000000000003847907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1de0ce9e4b18d02021-12-22 11:46:27.946root 11241100x80000000000000003847908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1382a1f267bd3d992021-12-22 11:46:27.946root 11241100x80000000000000003847909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc99d9211c407a202021-12-22 11:46:27.946root 11241100x80000000000000003847910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faca7e1180c4b62c2021-12-22 11:46:27.946root 11241100x80000000000000003847911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b44ad2ff3e5098a2021-12-22 11:46:27.946root 11241100x80000000000000003847912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989125a6f12b136d2021-12-22 11:46:27.946root 11241100x80000000000000003847913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bdf236e20187bd92021-12-22 11:46:27.946root 11241100x80000000000000003847914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97bb0089e63a8a242021-12-22 11:46:28.443root 11241100x80000000000000003847915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0dae79eeafacdb2021-12-22 11:46:28.443root 11241100x80000000000000003847916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f189b70d7eef99992021-12-22 11:46:28.443root 11241100x80000000000000003847917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0706fcb32edb572021-12-22 11:46:28.443root 11241100x80000000000000003847918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53eea734df53d5b22021-12-22 11:46:28.444root 11241100x80000000000000003847919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b76db11796fbb182021-12-22 11:46:28.444root 11241100x80000000000000003847920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317dcddd50c4cdfc2021-12-22 11:46:28.444root 11241100x80000000000000003847921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcd287b5224e6c92021-12-22 11:46:28.444root 11241100x80000000000000003847922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e397c01b46a5af2021-12-22 11:46:28.444root 11241100x80000000000000003847923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb7e959d3a881cd2021-12-22 11:46:28.444root 11241100x80000000000000003847924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4c011bef76857d2021-12-22 11:46:28.444root 11241100x80000000000000003847925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415adaaf7bab8d9e2021-12-22 11:46:28.444root 11241100x80000000000000003847926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce1ea88c23e74c72021-12-22 11:46:28.444root 11241100x80000000000000003847927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b20c557002b54d2021-12-22 11:46:28.444root 11241100x80000000000000003847928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e30097fa793de402021-12-22 11:46:28.444root 11241100x80000000000000003847929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6e243f8bd0f8812021-12-22 11:46:28.444root 11241100x80000000000000003847930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864b00a725ec32872021-12-22 11:46:28.444root 11241100x80000000000000003847931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e09022c9157ada92021-12-22 11:46:28.445root 11241100x80000000000000003847932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca0b6a544d2288b2021-12-22 11:46:28.445root 11241100x80000000000000003847933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59fc3ab79275d8d82021-12-22 11:46:28.445root 11241100x80000000000000003847934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7998488e66c311fd2021-12-22 11:46:28.445root 11241100x80000000000000003847935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd0a267c546bb792021-12-22 11:46:28.445root 11241100x80000000000000003847936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426a9090fe38cc052021-12-22 11:46:28.445root 11241100x80000000000000003847937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f855b8d7e74a842021-12-22 11:46:28.445root 11241100x80000000000000003847938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a090ba83cae93db62021-12-22 11:46:28.445root 11241100x80000000000000003847939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01445f7ec7d76c82021-12-22 11:46:28.445root 11241100x80000000000000003847940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c306862dbec749122021-12-22 11:46:28.445root 11241100x80000000000000003847941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32bdd4d877527eea2021-12-22 11:46:28.446root 11241100x80000000000000003847942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d20f288a1ada8a2021-12-22 11:46:28.446root 11241100x80000000000000003847943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a6c25c9a32865b2021-12-22 11:46:28.446root 11241100x80000000000000003847944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ccc5f734a63e712021-12-22 11:46:28.942root 11241100x80000000000000003847945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b368a8b3d247de862021-12-22 11:46:28.943root 11241100x80000000000000003847946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824de984991a87de2021-12-22 11:46:28.943root 11241100x80000000000000003847947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0a5dfe82d674692021-12-22 11:46:28.943root 11241100x80000000000000003847948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a9fe70ff56b6bf2021-12-22 11:46:28.943root 11241100x80000000000000003847949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d654d497a6e875a72021-12-22 11:46:28.943root 11241100x80000000000000003847950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67351741924d1d312021-12-22 11:46:28.943root 11241100x80000000000000003847951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d923652ab5a91232021-12-22 11:46:28.943root 11241100x80000000000000003847952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc512312f7b9369f2021-12-22 11:46:28.943root 11241100x80000000000000003847953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45745b1291fa9ceb2021-12-22 11:46:28.944root 11241100x80000000000000003847954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11a0df1097d8e982021-12-22 11:46:28.944root 11241100x80000000000000003847955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949778c0c0236b962021-12-22 11:46:28.944root 11241100x80000000000000003847956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de906f121500d7652021-12-22 11:46:28.944root 11241100x80000000000000003847957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6247e3e993f788692021-12-22 11:46:28.944root 11241100x80000000000000003847958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782a9591f70a16a12021-12-22 11:46:28.944root 11241100x80000000000000003847959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bd30ee17f83f452021-12-22 11:46:28.944root 11241100x80000000000000003847960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2af8949bc8fe8962021-12-22 11:46:28.944root 11241100x80000000000000003847961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8f6b066f25c0c12021-12-22 11:46:28.944root 11241100x80000000000000003847962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e72ece94e5c94fb2021-12-22 11:46:28.944root 11241100x80000000000000003847963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f164e54083055e382021-12-22 11:46:28.944root 11241100x80000000000000003847964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c10491c521d1012021-12-22 11:46:28.945root 11241100x80000000000000003847965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e760b4652e5cbbb2021-12-22 11:46:28.945root 11241100x80000000000000003847966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed3c5a78d3d4b9a2021-12-22 11:46:28.945root 11241100x80000000000000003847967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5341ccfd13ad0452021-12-22 11:46:28.945root 11241100x80000000000000003847968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdfa637a0598b0e2021-12-22 11:46:28.945root 11241100x80000000000000003847969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c9ade7b82311cb2021-12-22 11:46:28.945root 11241100x80000000000000003847970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460bfb9e49b8beb92021-12-22 11:46:28.945root 11241100x80000000000000003847971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8285fed43d9fe582021-12-22 11:46:28.945root 11241100x80000000000000003847972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80774ddce5503bc62021-12-22 11:46:28.945root 11241100x80000000000000003847973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977c8d49945cd2f42021-12-22 11:46:28.945root 11241100x80000000000000003847974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7022ecae72ab49952021-12-22 11:46:28.946root 11241100x80000000000000003847975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfe69facccd29272021-12-22 11:46:28.946root 354300x80000000000000003847976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.142{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55434-false10.0.1.12-8000- 11241100x80000000000000003847977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6244920d2c570e2021-12-22 11:46:29.443root 11241100x80000000000000003847978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9440b6240a63832021-12-22 11:46:29.443root 11241100x80000000000000003847979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040e133667d6da042021-12-22 11:46:29.443root 11241100x80000000000000003847980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d768dbb3de173132021-12-22 11:46:29.444root 11241100x80000000000000003847981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f143db1768bd712021-12-22 11:46:29.444root 11241100x80000000000000003847982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d833cbc9b796622021-12-22 11:46:29.444root 11241100x80000000000000003847983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a30af959db13a82021-12-22 11:46:29.444root 11241100x80000000000000003847984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97dbadeabef619f2021-12-22 11:46:29.444root 11241100x80000000000000003847985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a8f8c401e581b92021-12-22 11:46:29.444root 11241100x80000000000000003847986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703a406c02fa768a2021-12-22 11:46:29.444root 11241100x80000000000000003847987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22131b5ec691ebf2021-12-22 11:46:29.444root 11241100x80000000000000003847988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040152426e94fd642021-12-22 11:46:29.444root 11241100x80000000000000003847989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c35dbca46018ee2021-12-22 11:46:29.445root 11241100x80000000000000003847990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deabb5f174b28d8c2021-12-22 11:46:29.445root 11241100x80000000000000003847991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc3b1c563357f172021-12-22 11:46:29.445root 11241100x80000000000000003847992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3182fa75784b04032021-12-22 11:46:29.445root 11241100x80000000000000003847993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dcacb1f3d01359b2021-12-22 11:46:29.445root 11241100x80000000000000003847994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f5473dc57a4cf02021-12-22 11:46:29.445root 11241100x80000000000000003847995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a107c9db441ada3a2021-12-22 11:46:29.445root 11241100x80000000000000003847996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ed5d2133b77bc72021-12-22 11:46:29.445root 11241100x80000000000000003847997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b97aceedf5279152021-12-22 11:46:29.446root 11241100x80000000000000003847998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b40ec610f40a6ab2021-12-22 11:46:29.446root 11241100x80000000000000003847999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8c6d06f171918a2021-12-22 11:46:29.446root 11241100x80000000000000003848000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19531c98cb7f8b302021-12-22 11:46:29.446root 11241100x80000000000000003848001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16b6c9eb2c0a5e62021-12-22 11:46:29.446root 11241100x80000000000000003848002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e62ff7677b4188b2021-12-22 11:46:29.446root 11241100x80000000000000003848003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07426be7d0ace8962021-12-22 11:46:29.446root 11241100x80000000000000003848004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb894e32475bd0a2021-12-22 11:46:29.447root 11241100x80000000000000003848005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667ae6d928ce66c32021-12-22 11:46:29.447root 11241100x80000000000000003848006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f01227d54d9b71c2021-12-22 11:46:29.447root 11241100x80000000000000003848007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2bbeaf103c8e76e2021-12-22 11:46:29.942root 11241100x80000000000000003848008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce5f07f6765b0432021-12-22 11:46:29.943root 11241100x80000000000000003848009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73eb53758ad0b882021-12-22 11:46:29.943root 11241100x80000000000000003848010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e1168105914ec12021-12-22 11:46:29.943root 11241100x80000000000000003848011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feec4a720a0f15202021-12-22 11:46:29.943root 11241100x80000000000000003848012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb48aa4222107f952021-12-22 11:46:29.943root 11241100x80000000000000003848013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70afe23e2b8bef3f2021-12-22 11:46:29.943root 11241100x80000000000000003848014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06621628265cde92021-12-22 11:46:29.943root 11241100x80000000000000003848015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66842ab93613b67f2021-12-22 11:46:29.944root 11241100x80000000000000003848016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ecb68937186ac12021-12-22 11:46:29.944root 11241100x80000000000000003848017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7f511982eb4d5c2021-12-22 11:46:29.944root 11241100x80000000000000003848018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da4e09428ca2bb4b2021-12-22 11:46:29.944root 11241100x80000000000000003848019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc61ad34a92ebb82021-12-22 11:46:29.945root 11241100x80000000000000003848020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8290572a31971532021-12-22 11:46:29.945root 11241100x80000000000000003848021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1c1105ba56f0292021-12-22 11:46:29.945root 11241100x80000000000000003848022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd008fb6dba3b992021-12-22 11:46:29.945root 11241100x80000000000000003848023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa602c56b9a4b4642021-12-22 11:46:29.946root 11241100x80000000000000003848024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919fc3eb3b15083f2021-12-22 11:46:29.946root 11241100x80000000000000003848025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b812aab09c556fec2021-12-22 11:46:29.946root 11241100x80000000000000003848026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235bb43a8ea117a42021-12-22 11:46:29.946root 11241100x80000000000000003848027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a3573e12db0cb42021-12-22 11:46:29.947root 11241100x80000000000000003848028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b338b4dc3c16216c2021-12-22 11:46:29.947root 11241100x80000000000000003848029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278e4b101aa1ec4e2021-12-22 11:46:29.947root 11241100x80000000000000003848030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aba7e486fa6fd612021-12-22 11:46:29.947root 11241100x80000000000000003848031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51d0bcd8c868a852021-12-22 11:46:29.947root 11241100x80000000000000003848032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee30430195f594502021-12-22 11:46:29.947root 11241100x80000000000000003848033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7e39bf6ac32a772021-12-22 11:46:29.947root 11241100x80000000000000003848034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9860c3f88f5e142021-12-22 11:46:29.948root 11241100x80000000000000003848035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42444173151d989a2021-12-22 11:46:29.948root 11241100x80000000000000003848036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4d40b7e5e607552021-12-22 11:46:29.948root 11241100x80000000000000003848037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570bd57368d2142e2021-12-22 11:46:29.948root 11241100x80000000000000003848038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4285cbb01b3d262021-12-22 11:46:29.948root 11241100x80000000000000003848039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0865497a6ccc2a662021-12-22 11:46:29.948root 11241100x80000000000000003848040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ecb6b03b7a07bc2021-12-22 11:46:29.948root 11241100x80000000000000003848041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3acb022284d30e2021-12-22 11:46:29.948root 11241100x80000000000000003848042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4540fbfb9c7146e2021-12-22 11:46:29.948root 11241100x80000000000000003848043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2089472f126e36e2021-12-22 11:46:29.949root 11241100x80000000000000003848044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f4fbbf814094662021-12-22 11:46:29.949root 11241100x80000000000000003848045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c920db4dd50ca2652021-12-22 11:46:30.443root 11241100x80000000000000003848046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a4a37751724e8d2021-12-22 11:46:30.443root 11241100x80000000000000003848047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db6164cda1065fb2021-12-22 11:46:30.443root 11241100x80000000000000003848048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc5431398a3a4942021-12-22 11:46:30.443root 11241100x80000000000000003848049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472b8a80445bc63c2021-12-22 11:46:30.443root 11241100x80000000000000003848050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e226bacc7147482021-12-22 11:46:30.443root 11241100x80000000000000003848051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f1fa3a24b5a1ab2021-12-22 11:46:30.443root 11241100x80000000000000003848052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042b68ad6533a0512021-12-22 11:46:30.444root 11241100x80000000000000003848053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d55a609349142f2021-12-22 11:46:30.444root 11241100x80000000000000003848054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab34037548f67c7a2021-12-22 11:46:30.444root 11241100x80000000000000003848055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3936e27746b746d72021-12-22 11:46:30.444root 11241100x80000000000000003848056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee543fe536e181c2021-12-22 11:46:30.444root 11241100x80000000000000003848057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538f1aa2df3c7cff2021-12-22 11:46:30.444root 11241100x80000000000000003848058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050e5f4d0eab8ad82021-12-22 11:46:30.444root 11241100x80000000000000003848059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cefd963102af701f2021-12-22 11:46:30.444root 11241100x80000000000000003848060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd385bbc4b4fe68e2021-12-22 11:46:30.444root 11241100x80000000000000003848061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea91b12aba333f292021-12-22 11:46:30.444root 11241100x80000000000000003848062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a942e39e330bee982021-12-22 11:46:30.445root 11241100x80000000000000003848063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c304bb6543e7eb2021-12-22 11:46:30.445root 11241100x80000000000000003848064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa38af525c0bdfd2021-12-22 11:46:30.445root 11241100x80000000000000003848065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2a4f5a42bf6a8d2021-12-22 11:46:30.445root 11241100x80000000000000003848066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e263a271a2b9eb2021-12-22 11:46:30.445root 11241100x80000000000000003848067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297abaca02af1fd12021-12-22 11:46:30.445root 11241100x80000000000000003848068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07b0fa126fb12ff2021-12-22 11:46:30.445root 11241100x80000000000000003848069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8142becf43cbb5c2021-12-22 11:46:30.445root 11241100x80000000000000003848070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d61a7d94475df172021-12-22 11:46:30.447root 11241100x80000000000000003848071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4cc22d32aa36a32021-12-22 11:46:30.447root 11241100x80000000000000003848072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7135c8fe21f013a2021-12-22 11:46:30.447root 11241100x80000000000000003848073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee922b68d0f166bf2021-12-22 11:46:30.448root 11241100x80000000000000003848074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd254113ceab0b882021-12-22 11:46:30.448root 11241100x80000000000000003848075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6443f0db3d3783af2021-12-22 11:46:30.448root 11241100x80000000000000003848076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400c8077d943e65f2021-12-22 11:46:30.448root 11241100x80000000000000003848077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31cd9305a30e7922021-12-22 11:46:30.448root 11241100x80000000000000003848078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5135db713800aeb2021-12-22 11:46:30.448root 154100x80000000000000003848079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.596{ec2b6afe-1016-61c3-6834-c550f1550000}19056/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x80000000000000003848080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.606{ec2b6afe-1016-61c3-6834-c550f1550000}19056/bin/psroot 11241100x80000000000000003848081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2dee3f2228628382021-12-22 11:46:30.943root 11241100x80000000000000003848082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd0c8c295aae4672021-12-22 11:46:30.943root 11241100x80000000000000003848083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57bc9268fe1546b02021-12-22 11:46:30.943root 11241100x80000000000000003848084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f541f5f2f1b9f52021-12-22 11:46:30.943root 11241100x80000000000000003848085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d422cbfd2cc47c292021-12-22 11:46:30.943root 11241100x80000000000000003848086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7d2d5ae78d1e7a2021-12-22 11:46:30.943root 11241100x80000000000000003848087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6985a2a7312bd4e02021-12-22 11:46:30.943root 11241100x80000000000000003848088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111e8b85541333a12021-12-22 11:46:30.944root 11241100x80000000000000003848089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb596e60c89123f52021-12-22 11:46:30.944root 11241100x80000000000000003848090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84a3d9ede21606e2021-12-22 11:46:30.944root 11241100x80000000000000003848091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191af02233c09c0c2021-12-22 11:46:30.944root 11241100x80000000000000003848092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb34aa107e500792021-12-22 11:46:30.944root 11241100x80000000000000003848093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce356b94cd12f23d2021-12-22 11:46:30.944root 11241100x80000000000000003848094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6081c6d65bb75be82021-12-22 11:46:30.944root 11241100x80000000000000003848095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1c6c30d5f10b622021-12-22 11:46:30.944root 11241100x80000000000000003848096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d450c524826b223f2021-12-22 11:46:30.944root 11241100x80000000000000003848097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c58e51ff04044b2021-12-22 11:46:30.944root 11241100x80000000000000003848098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3f5be79d36e2ed2021-12-22 11:46:30.945root 11241100x80000000000000003848099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8eb2e69a134115f2021-12-22 11:46:30.945root 11241100x80000000000000003848100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f795718f85baecd2021-12-22 11:46:30.945root 11241100x80000000000000003848101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43ee1692162926e2021-12-22 11:46:30.945root 11241100x80000000000000003848102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6fdc5a781320c422021-12-22 11:46:30.945root 11241100x80000000000000003848103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6fbd51c585b6292021-12-22 11:46:30.945root 11241100x80000000000000003848104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043212c4a656f7442021-12-22 11:46:30.945root 11241100x80000000000000003848105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2dfb4775dfd56e2021-12-22 11:46:30.945root 11241100x80000000000000003848106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3552695c68b876252021-12-22 11:46:30.945root 11241100x80000000000000003848107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b72f826a7ecf7d72021-12-22 11:46:30.945root 11241100x80000000000000003848108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eae160ea051f5462021-12-22 11:46:30.946root 11241100x80000000000000003848109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b69dd28d4daa5312021-12-22 11:46:30.946root 11241100x80000000000000003848110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa12a30e9a75dd02021-12-22 11:46:30.946root 11241100x80000000000000003848111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43198b3d21c8d612021-12-22 11:46:30.946root 11241100x80000000000000003848112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d097f4ca93ac1eb12021-12-22 11:46:30.946root 11241100x80000000000000003848113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8ded43188301232021-12-22 11:46:30.946root 11241100x80000000000000003848114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6a06d51b2420ed2021-12-22 11:46:30.946root 11241100x80000000000000003848115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da510fff9a34f54b2021-12-22 11:46:30.946root 11241100x80000000000000003848116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f36668cb176ea522021-12-22 11:46:30.946root 11241100x80000000000000003848117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829f2b1865b8c0e02021-12-22 11:46:30.946root 11241100x80000000000000003848118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9515e3c949879332021-12-22 11:46:30.947root 154100x80000000000000003848119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.266{ec2b6afe-1017-61c3-10b0-092b5f550000}19057/bin/touch-----touch evil_preload.c/home/ubuntuubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 11241100x80000000000000003848120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.267{ec2b6afe-1017-61c3-10b0-092b5f550000}19057/bin/touch/home/ubuntu/evil_preload.c2021-12-22 11:46:31.267ubuntu 11241100x80000000000000003848121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.267{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6abd53a9a899932021-12-22 11:46:31.267root 534500x80000000000000003848122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.267{ec2b6afe-1017-61c3-10b0-092b5f550000}19057/bin/touchubuntu 11241100x80000000000000003848123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.267{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578b6f8240f684ca2021-12-22 11:46:31.267root 11241100x80000000000000003848124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.267{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8923466f8ecfb8902021-12-22 11:46:31.267root 11241100x80000000000000003848125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.267{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc2c183c72dc7592021-12-22 11:46:31.267root 11241100x80000000000000003848126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.267{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea9cda71f980d7d2021-12-22 11:46:31.267root 11241100x80000000000000003848127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.268{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62c62724558eccf2021-12-22 11:46:31.268root 11241100x80000000000000003848128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.268{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442cbd1995f577652021-12-22 11:46:31.268root 11241100x80000000000000003848129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.268{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c39e2c62d3149a92021-12-22 11:46:31.268root 11241100x80000000000000003848130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.268{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ef8daaaa43d2712021-12-22 11:46:31.268root 11241100x80000000000000003848131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.268{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7607a4901579049e2021-12-22 11:46:31.268root 11241100x80000000000000003848132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.268{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc570f527ca13202021-12-22 11:46:31.268root 11241100x80000000000000003848133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.268{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878eceb9144c36b92021-12-22 11:46:31.268root 11241100x80000000000000003848134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.268{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95b25aba12aa2d42021-12-22 11:46:31.268root 11241100x80000000000000003848135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.268{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae204a9593215d62021-12-22 11:46:31.268root 11241100x80000000000000003848136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.268{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631d2627d733bd4f2021-12-22 11:46:31.268root 11241100x80000000000000003848137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.268{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b041a1844d09712021-12-22 11:46:31.268root 11241100x80000000000000003848138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.268{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4edd23eafbacb40d2021-12-22 11:46:31.268root 11241100x80000000000000003848139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.269{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67877f6774fe8fbb2021-12-22 11:46:31.269root 11241100x80000000000000003848140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.269{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88bdf1ed916d0322021-12-22 11:46:31.269root 11241100x80000000000000003848141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.269{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2bbb2d0935adc32021-12-22 11:46:31.269root 11241100x80000000000000003848142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.269{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae82898404272462021-12-22 11:46:31.269root 11241100x80000000000000003848143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.269{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ec02ab3983cbb72021-12-22 11:46:31.269root 11241100x80000000000000003848144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.269{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8127fdb721b2b81f2021-12-22 11:46:31.269root 11241100x80000000000000003848145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.269{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a261c3a0d039db82021-12-22 11:46:31.269root 11241100x80000000000000003848146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.269{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b580aa3b539d5d2021-12-22 11:46:31.269root 11241100x80000000000000003848147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.269{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ddec21ce79fbeec2021-12-22 11:46:31.269root 11241100x80000000000000003848148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.269{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330d2d59d18c63c32021-12-22 11:46:31.269root 11241100x80000000000000003848149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.269{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a1de15819859762021-12-22 11:46:31.269root 11241100x80000000000000003848150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.270{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a49500466d1f682021-12-22 11:46:31.270root 11241100x80000000000000003848151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.270{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4171fbe5cd6cc4f12021-12-22 11:46:31.270root 11241100x80000000000000003848152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.270{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d87eac0fefe784b2021-12-22 11:46:31.270root 11241100x80000000000000003848153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.270{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0b41757ae822612021-12-22 11:46:31.270root 11241100x80000000000000003848154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.270{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f4bb59e5ad78bf2021-12-22 11:46:31.270root 11241100x80000000000000003848155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.270{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6393ed8ffdeba17d2021-12-22 11:46:31.270root 11241100x80000000000000003848156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.270{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e7f48ff6b4a8452021-12-22 11:46:31.270root 11241100x80000000000000003848157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.271{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b413349a68628aa2021-12-22 11:46:31.271root 11241100x80000000000000003848158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.271{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bb95e77796f4342021-12-22 11:46:31.271root 11241100x80000000000000003848159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.271{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ef42f833470e582021-12-22 11:46:31.271root 11241100x80000000000000003848160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.271{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9ce102de8c36512021-12-22 11:46:31.271root 11241100x80000000000000003848161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.271{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32bb43c643762f212021-12-22 11:46:31.271root 11241100x80000000000000003848162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.271{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842914612243ac5a2021-12-22 11:46:31.271root 11241100x80000000000000003848163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.271{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab278e0195720dc2021-12-22 11:46:31.271root 11241100x80000000000000003848164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.271{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2e004f6af9a66d2021-12-22 11:46:31.271root 11241100x80000000000000003848165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.271{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f9f9a520cfa1b82021-12-22 11:46:31.271root 11241100x80000000000000003848166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.271{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9102e55e5234d12021-12-22 11:46:31.271root 11241100x80000000000000003848167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.271{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46fa39401bdc0422021-12-22 11:46:31.271root 11241100x80000000000000003848168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.271{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6305a71b5dd3ca582021-12-22 11:46:31.271root 11241100x80000000000000003848169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.272{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735833e6379107d82021-12-22 11:46:31.272root 11241100x80000000000000003848170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.272{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2e41b5578600342021-12-22 11:46:31.272root 11241100x80000000000000003848171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.272{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0742af625d32d2322021-12-22 11:46:31.272root 11241100x80000000000000003848172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.272{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a119532f70386bd82021-12-22 11:46:31.272root 11241100x80000000000000003848173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.272{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c7c2f5f259a5f412021-12-22 11:46:31.272root 11241100x80000000000000003848174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.272{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12091c473e59f1232021-12-22 11:46:31.272root 11241100x80000000000000003848175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.272{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb3da603ce4d9772021-12-22 11:46:31.272root 11241100x80000000000000003848176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.272{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea447106cc662172021-12-22 11:46:31.272root 11241100x80000000000000003848177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.272{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38fccbcd598edc922021-12-22 11:46:31.272root 11241100x80000000000000003848178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.272{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035f73c9c196e0ea2021-12-22 11:46:31.272root 11241100x80000000000000003848179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.272{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ece928dc05da5d72021-12-22 11:46:31.272root 11241100x80000000000000003848180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.273{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5096cd2f7d24dc92021-12-22 11:46:31.273root 11241100x80000000000000003848181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.273{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1587230ef8d708da2021-12-22 11:46:31.273root 11241100x80000000000000003848182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.273{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5439913c21566f32021-12-22 11:46:31.273root 11241100x80000000000000003848183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.273{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c1defde30ae3ad2021-12-22 11:46:31.273root 11241100x80000000000000003848184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.273{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3ac9a206481d8d2021-12-22 11:46:31.273root 11241100x80000000000000003848185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.273{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a44348a40d70872021-12-22 11:46:31.273root 11241100x80000000000000003848186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.273{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f9d67a86595d5a2021-12-22 11:46:31.273root 11241100x80000000000000003848187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.273{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c6765708f691312021-12-22 11:46:31.273root 11241100x80000000000000003848188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.273{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2305ba22770740012021-12-22 11:46:31.273root 11241100x80000000000000003848189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.273{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e40ea2892e77542021-12-22 11:46:31.273root 11241100x80000000000000003848190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.274{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922b6b7f54d1f2182021-12-22 11:46:31.274root 11241100x80000000000000003848191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.274{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d655ba872ca48222021-12-22 11:46:31.274root 11241100x80000000000000003848192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.274{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a80217dd57116e62021-12-22 11:46:31.274root 11241100x80000000000000003848193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.274{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc0b1ff8dcff26f2021-12-22 11:46:31.274root 11241100x80000000000000003848194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.274{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc83fac274933252021-12-22 11:46:31.274root 11241100x80000000000000003848195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.274{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0600ec26f8504dcc2021-12-22 11:46:31.274root 11241100x80000000000000003848196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.274{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380a14a9014b56e92021-12-22 11:46:31.274root 11241100x80000000000000003848197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.275{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673880280ad3ef1a2021-12-22 11:46:31.275root 11241100x80000000000000003848198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.275{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486a4e15d876f2692021-12-22 11:46:31.275root 11241100x80000000000000003848199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.275{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52b4a131300c08f2021-12-22 11:46:31.275root 11241100x80000000000000003848200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.275{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3670add28c74d72021-12-22 11:46:31.275root 11241100x80000000000000003848201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.275{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ce3319293e99f22021-12-22 11:46:31.275root 11241100x80000000000000003848202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.275{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c373fde0d9961552021-12-22 11:46:31.275root 11241100x80000000000000003848203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.275{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d21279a5b00076e2021-12-22 11:46:31.275root 11241100x80000000000000003848204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.275{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065670754bf38c562021-12-22 11:46:31.275root 11241100x80000000000000003848205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.275{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c0ec1e59c2c6952021-12-22 11:46:31.275root 11241100x80000000000000003848206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.275{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b58cc65cfd104d2021-12-22 11:46:31.275root 11241100x80000000000000003848207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.276{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726d1fcc0904c5992021-12-22 11:46:31.276root 11241100x80000000000000003848208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.276{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecba1cebff153d8c2021-12-22 11:46:31.276root 11241100x80000000000000003848209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.276{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda9c0a4b7c32f6c2021-12-22 11:46:31.276root 11241100x80000000000000003848210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.276{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96707b8fe68d227d2021-12-22 11:46:31.276root 11241100x80000000000000003848211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.276{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86a03c27127ae3a2021-12-22 11:46:31.276root 11241100x80000000000000003848212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.276{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114263d3419c36002021-12-22 11:46:31.276root 11241100x80000000000000003848213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.276{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076d464668df5bd92021-12-22 11:46:31.276root 11241100x80000000000000003848214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.276{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d591cea37010cc62021-12-22 11:46:31.276root 11241100x80000000000000003848215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.276{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3e38292003c2ee2021-12-22 11:46:31.276root 11241100x80000000000000003848216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.276{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0ee5e6b1dd131a2021-12-22 11:46:31.276root 11241100x80000000000000003848217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.277{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252777526f8bea5e2021-12-22 11:46:31.277root 11241100x80000000000000003848218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.277{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e37fc5ce0bedd52021-12-22 11:46:31.277root 11241100x80000000000000003848219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.277{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c03afaad56555152021-12-22 11:46:31.277root 11241100x80000000000000003848220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.277{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2f53522b4e10dd2021-12-22 11:46:31.277root 11241100x80000000000000003848221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.277{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee710580428f3b32021-12-22 11:46:31.277root 11241100x80000000000000003848222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.277{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8acc1af535bf782021-12-22 11:46:31.277root 11241100x80000000000000003848223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.277{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0122bb47f77bd46e2021-12-22 11:46:31.277root 11241100x80000000000000003848224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.277{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea52d31a8ff2d652021-12-22 11:46:31.277root 11241100x80000000000000003848225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.278{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5525358906442df2021-12-22 11:46:31.278root 11241100x80000000000000003848226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.278{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae906bcf8d2e50b2021-12-22 11:46:31.278root 11241100x80000000000000003848227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.278{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4101226544a77c2c2021-12-22 11:46:31.278root 11241100x80000000000000003848228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.278{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270aa6c14e34a7292021-12-22 11:46:31.278root 11241100x80000000000000003848229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.278{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4caaa65cbe9d682021-12-22 11:46:31.278root 11241100x80000000000000003848230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.278{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01624594141598a42021-12-22 11:46:31.278root 11241100x80000000000000003848231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.278{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90d0de5c20529db2021-12-22 11:46:31.278root 11241100x80000000000000003848232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.278{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f23cce1fe4289e2021-12-22 11:46:31.278root 11241100x80000000000000003848233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.278{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85a613b56aa28df2021-12-22 11:46:31.278root 11241100x80000000000000003848234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.278{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3e9aa89835c3c62021-12-22 11:46:31.278root 11241100x80000000000000003848235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.279{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb60a05be081ecc02021-12-22 11:46:31.279root 11241100x80000000000000003848236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.279{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c903e49c8397212021-12-22 11:46:31.279root 11241100x80000000000000003848237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.279{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ce0602a60f06c22021-12-22 11:46:31.279root 11241100x80000000000000003848238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.279{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b057b661be9d6032021-12-22 11:46:31.279root 11241100x80000000000000003848239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.279{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88363202505f9ed52021-12-22 11:46:31.279root 11241100x80000000000000003848240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.279{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7bc3487c0c51b22021-12-22 11:46:31.279root 11241100x80000000000000003848241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.279{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f7e6a1777c6ee22021-12-22 11:46:31.279root 11241100x80000000000000003848242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.279{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55469790167e7b7d2021-12-22 11:46:31.279root 11241100x80000000000000003848243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.279{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa048b469a3a79312021-12-22 11:46:31.279root 11241100x80000000000000003848244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9743eb89417920682021-12-22 11:46:31.280root 11241100x80000000000000003848245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0ef1cc0eec94102021-12-22 11:46:31.280root 11241100x80000000000000003848246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba21c4bb8b33f9182021-12-22 11:46:31.280root 11241100x80000000000000003848247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5d8e8b60ef7fc92021-12-22 11:46:31.280root 11241100x80000000000000003848248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f462d6987ab731a2021-12-22 11:46:31.280root 11241100x80000000000000003848249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64aa3616568d9bc82021-12-22 11:46:31.280root 11241100x80000000000000003848250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52257d82291623a12021-12-22 11:46:31.280root 11241100x80000000000000003848251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3021c7540da75a2021-12-22 11:46:31.280root 11241100x80000000000000003848252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ce82ec7511bbaa2021-12-22 11:46:31.280root 11241100x80000000000000003848253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2b2349fe5857ed2021-12-22 11:46:31.280root 11241100x80000000000000003848254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ae5151dc138af52021-12-22 11:46:31.280root 11241100x80000000000000003848255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2752032c8309b22021-12-22 11:46:31.280root 11241100x80000000000000003848256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797ab22abccf158d2021-12-22 11:46:31.280root 11241100x80000000000000003848257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520a69c8e2d362a82021-12-22 11:46:31.281root 11241100x80000000000000003848258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4a031be98b91252021-12-22 11:46:31.281root 11241100x80000000000000003848259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7ce2067decb6e62021-12-22 11:46:31.281root 11241100x80000000000000003848260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb755d465ddbf1c2021-12-22 11:46:31.281root 11241100x80000000000000003848261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcefa830412691502021-12-22 11:46:31.281root 11241100x80000000000000003848262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d3e6ff720188772021-12-22 11:46:31.281root 11241100x80000000000000003848263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1127071cc2fc5c7f2021-12-22 11:46:31.281root 11241100x80000000000000003848264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d18dc906a65b1c02021-12-22 11:46:31.281root 11241100x80000000000000003848265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae9947487a1fa0b2021-12-22 11:46:31.281root 11241100x80000000000000003848266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1490e73704ed7e2021-12-22 11:46:31.281root 11241100x80000000000000003848267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212c873cdd343e802021-12-22 11:46:31.281root 11241100x80000000000000003848268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666b929801962bea2021-12-22 11:46:31.281root 11241100x80000000000000003848269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa274b82767ad6072021-12-22 11:46:31.281root 11241100x80000000000000003848270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d1089de06b8c602021-12-22 11:46:31.281root 11241100x80000000000000003848271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886ea4ec37f76a632021-12-22 11:46:31.281root 11241100x80000000000000003848272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27cea77a23b6ce72021-12-22 11:46:31.281root 11241100x80000000000000003848273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec74e1ecd0521442021-12-22 11:46:31.281root 11241100x80000000000000003848274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.282{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253623aa1cfc028e2021-12-22 11:46:31.282root 11241100x80000000000000003848275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.282{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa6b47bae01fd3a2021-12-22 11:46:31.282root 11241100x80000000000000003848276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a492b996b614bb982021-12-22 11:46:31.693root 11241100x80000000000000003848277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5185efcb5b16d8322021-12-22 11:46:31.694root 11241100x80000000000000003848278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2427f3a2beb96bb52021-12-22 11:46:31.694root 11241100x80000000000000003848279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c0ee79e8f9f7d52021-12-22 11:46:31.694root 11241100x80000000000000003848280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10243a43a4548882021-12-22 11:46:31.694root 11241100x80000000000000003848281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5ef1cb58f548f62021-12-22 11:46:31.694root 11241100x80000000000000003848282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95c122406df84742021-12-22 11:46:31.694root 11241100x80000000000000003848283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1307ea81f24b00672021-12-22 11:46:31.694root 11241100x80000000000000003848284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97511eb372a045f92021-12-22 11:46:31.694root 11241100x80000000000000003848285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5cefb43f8dcc6942021-12-22 11:46:31.694root 11241100x80000000000000003848286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d248881afa5ea4a2021-12-22 11:46:31.694root 11241100x80000000000000003848287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ce28f3996852ca2021-12-22 11:46:31.695root 11241100x80000000000000003848288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2cd6c1bbfc2fc62021-12-22 11:46:31.695root 11241100x80000000000000003848289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772098ea173cf9142021-12-22 11:46:31.695root 11241100x80000000000000003848290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16aa11340ddb43502021-12-22 11:46:31.695root 11241100x80000000000000003848291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee53b2aac82bb5e2021-12-22 11:46:31.695root 11241100x80000000000000003848292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc49631cf67b3ade2021-12-22 11:46:31.695root 11241100x80000000000000003848293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6b4c6dbaa634cd2021-12-22 11:46:31.695root 11241100x80000000000000003848294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b716b95d7d1560e2021-12-22 11:46:31.695root 11241100x80000000000000003848295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c87702738ca09f42021-12-22 11:46:31.695root 11241100x80000000000000003848296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f011e9052c219222021-12-22 11:46:31.696root 11241100x80000000000000003848297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6ecf11b5ce3f092021-12-22 11:46:31.696root 11241100x80000000000000003848298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b784f03b27536e2021-12-22 11:46:31.696root 11241100x80000000000000003848299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76e0438466350392021-12-22 11:46:31.696root 11241100x80000000000000003848300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672435ce00b0d2d42021-12-22 11:46:31.696root 11241100x80000000000000003848301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801fb8d188d294f52021-12-22 11:46:31.696root 11241100x80000000000000003848302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b4801ac30406612021-12-22 11:46:31.696root 11241100x80000000000000003848303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c3bb04a9a373ef2021-12-22 11:46:31.696root 11241100x80000000000000003848304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c826281f284f392021-12-22 11:46:31.696root 11241100x80000000000000003848305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc96719f0179dfd2021-12-22 11:46:31.696root 11241100x80000000000000003848306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e8f2c5e0a67f652021-12-22 11:46:31.697root 11241100x80000000000000003848307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4362b839d49d5a362021-12-22 11:46:31.697root 11241100x80000000000000003848308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac10303ae8fa6602021-12-22 11:46:31.697root 11241100x80000000000000003848309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b8b2d0e30477622021-12-22 11:46:31.697root 11241100x80000000000000003848310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbbc94c9823aca92021-12-22 11:46:31.697root 11241100x80000000000000003848311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d983e07ba431e5822021-12-22 11:46:32.193root 11241100x80000000000000003848312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7dc9786562ba8e22021-12-22 11:46:32.193root 11241100x80000000000000003848313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dbcfdf395f97b882021-12-22 11:46:32.193root 11241100x80000000000000003848314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f323fce562e253bd2021-12-22 11:46:32.193root 11241100x80000000000000003848315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27d8ac986da2ea62021-12-22 11:46:32.193root 11241100x80000000000000003848316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f591398f04f95ec12021-12-22 11:46:32.193root 11241100x80000000000000003848317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb8ddd67f17c77b2021-12-22 11:46:32.194root 11241100x80000000000000003848318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6c8833b3437f812021-12-22 11:46:32.194root 11241100x80000000000000003848319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee15f1a2b2f89fba2021-12-22 11:46:32.194root 11241100x80000000000000003848320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7646c7195ec50282021-12-22 11:46:32.194root 11241100x80000000000000003848321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acda989a8a31a4362021-12-22 11:46:32.194root 11241100x80000000000000003848322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493a3d28d33b01b62021-12-22 11:46:32.194root 11241100x80000000000000003848323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7bbe98f66c26e282021-12-22 11:46:32.194root 11241100x80000000000000003848324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186ab1b8a84d606c2021-12-22 11:46:32.194root 11241100x80000000000000003848325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccbf772d92a4013c2021-12-22 11:46:32.194root 11241100x80000000000000003848326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d352fa0b22e2df2021-12-22 11:46:32.195root 11241100x80000000000000003848327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6efe3a05e5c09c2021-12-22 11:46:32.195root 11241100x80000000000000003848328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a777384d7181ace2021-12-22 11:46:32.195root 11241100x80000000000000003848329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca6026f9e88d3a62021-12-22 11:46:32.195root 11241100x80000000000000003848330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a36ad1288dfd3b2021-12-22 11:46:32.195root 11241100x80000000000000003848331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bbb36d9c5e8a65e2021-12-22 11:46:32.195root 11241100x80000000000000003848332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00a08c6dce433492021-12-22 11:46:32.195root 11241100x80000000000000003848333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c346a6b7ae028d32021-12-22 11:46:32.195root 11241100x80000000000000003848334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690c410fb98fea092021-12-22 11:46:32.195root 11241100x80000000000000003848335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6e884210e2e57f2021-12-22 11:46:32.196root 11241100x80000000000000003848336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5478540d31e611a42021-12-22 11:46:32.196root 11241100x80000000000000003848337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3b1f3aa88febef2021-12-22 11:46:32.196root 11241100x80000000000000003848338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8add104f3e5e05042021-12-22 11:46:32.196root 11241100x80000000000000003848339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72c8ad21fb936242021-12-22 11:46:32.196root 11241100x80000000000000003848340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86accb30d4ddea6a2021-12-22 11:46:32.196root 11241100x80000000000000003848341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa60f22832f8a9722021-12-22 11:46:32.196root 11241100x80000000000000003848342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a93298d6c94ca232021-12-22 11:46:32.196root 11241100x80000000000000003848343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec599dbebe0846492021-12-22 11:46:32.196root 11241100x80000000000000003848344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091850e3fcdc55132021-12-22 11:46:32.197root 11241100x80000000000000003848345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2addfe5711a6ee2021-12-22 11:46:32.197root 11241100x80000000000000003848346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d26cc48b311d282021-12-22 11:46:32.197root 11241100x80000000000000003848347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60808f67aa2b2c42021-12-22 11:46:32.197root 11241100x80000000000000003848348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b823debba5e7ebd2021-12-22 11:46:32.197root 11241100x80000000000000003848349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abca59a5a12bedbd2021-12-22 11:46:32.197root 11241100x80000000000000003848350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c393f11d1e8d1f2021-12-22 11:46:32.197root 11241100x80000000000000003848351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3ed352028cf7602021-12-22 11:46:32.197root 11241100x80000000000000003848352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634032a29fe5847e2021-12-22 11:46:32.197root 11241100x80000000000000003848353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c84ce6d207a7a32021-12-22 11:46:32.198root 11241100x80000000000000003848354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21300d6ca863b7d02021-12-22 11:46:32.198root 11241100x80000000000000003848355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176efce95660e31d2021-12-22 11:46:32.198root 11241100x80000000000000003848356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0252f2638103ab062021-12-22 11:46:32.198root 11241100x80000000000000003848357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370af4398c8bf2d32021-12-22 11:46:32.693root 11241100x80000000000000003848358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5bbfdc980ada072021-12-22 11:46:32.693root 11241100x80000000000000003848359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5399173552dfec662021-12-22 11:46:32.694root 11241100x80000000000000003848360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.befac5e8c533ed3c2021-12-22 11:46:32.694root 11241100x80000000000000003848361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ee1e52ce65ed1b2021-12-22 11:46:32.694root 11241100x80000000000000003848362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbee3a65518b2192021-12-22 11:46:32.694root 11241100x80000000000000003848363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa41bc79492669862021-12-22 11:46:32.694root 11241100x80000000000000003848364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1163b012bd100012021-12-22 11:46:32.694root 11241100x80000000000000003848365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360ed5a8b4f664a52021-12-22 11:46:32.694root 11241100x80000000000000003848366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746d87ffaee284b62021-12-22 11:46:32.694root 11241100x80000000000000003848367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802b4f11669ae86c2021-12-22 11:46:32.694root 11241100x80000000000000003848368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132b6b74834277542021-12-22 11:46:32.694root 11241100x80000000000000003848369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4023c548d5e4f62021-12-22 11:46:32.695root 11241100x80000000000000003848370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1737cc8f255df0992021-12-22 11:46:32.695root 11241100x80000000000000003848371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642628d68c6be1422021-12-22 11:46:32.695root 11241100x80000000000000003848372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26d5a0b11ae493b2021-12-22 11:46:32.695root 11241100x80000000000000003848373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476fc7c0366c42de2021-12-22 11:46:32.695root 11241100x80000000000000003848374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c46a95295106142021-12-22 11:46:32.695root 11241100x80000000000000003848375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416a7cdd78edd37c2021-12-22 11:46:32.695root 11241100x80000000000000003848376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6147d28f50852a642021-12-22 11:46:32.695root 11241100x80000000000000003848377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ddacf979e119be02021-12-22 11:46:32.696root 11241100x80000000000000003848378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0a667b2d1d1e132021-12-22 11:46:32.696root 11241100x80000000000000003848379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc80e26276a62e82021-12-22 11:46:32.696root 11241100x80000000000000003848380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6835d81bf8bc1b532021-12-22 11:46:32.696root 11241100x80000000000000003848381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7e0d2117fcabd82021-12-22 11:46:32.696root 11241100x80000000000000003848382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b5d9488390dc172021-12-22 11:46:32.696root 11241100x80000000000000003848383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6341682cf811d152021-12-22 11:46:32.696root 11241100x80000000000000003848384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433d8439d99646002021-12-22 11:46:32.696root 11241100x80000000000000003848385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083d96ef6e44bcbc2021-12-22 11:46:32.696root 11241100x80000000000000003848386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98a9ec061f43a2a2021-12-22 11:46:32.697root 11241100x80000000000000003848387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f599f89d22896d52021-12-22 11:46:32.697root 11241100x80000000000000003848388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef108bb1d79417ba2021-12-22 11:46:32.697root 11241100x80000000000000003848389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b747fda7b331946e2021-12-22 11:46:32.697root 11241100x80000000000000003848390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ee4044584fe6d72021-12-22 11:46:32.697root 11241100x80000000000000003848391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e28145fc12998f2021-12-22 11:46:32.697root 11241100x80000000000000003848392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3588a5b6494e655a2021-12-22 11:46:32.697root 11241100x80000000000000003848393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e1ddb42e2bf3d12021-12-22 11:46:32.697root 11241100x80000000000000003848394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4e16d622c5b5192021-12-22 11:46:32.697root 11241100x80000000000000003848395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66a86bc6dcfef7d2021-12-22 11:46:32.697root 11241100x80000000000000003848396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.144{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-22 11:46:33.144root 11241100x80000000000000003848397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d066b799fe73952021-12-22 11:46:33.145root 11241100x80000000000000003848398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25f8dc55195c9e02021-12-22 11:46:33.145root 11241100x80000000000000003848399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1daca94119fde96c2021-12-22 11:46:33.145root 11241100x80000000000000003848400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19ee1523a8b9de82021-12-22 11:46:33.145root 11241100x80000000000000003848401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4edced6cd73bb3732021-12-22 11:46:33.146root 11241100x80000000000000003848402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78b1d1633ace35d2021-12-22 11:46:33.146root 11241100x80000000000000003848403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b190a715df67482021-12-22 11:46:33.146root 11241100x80000000000000003848404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc96c814c8133b22021-12-22 11:46:33.146root 11241100x80000000000000003848405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68bd3aaa6e3cd052021-12-22 11:46:33.146root 11241100x80000000000000003848406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5641fc4f37dd56db2021-12-22 11:46:33.146root 11241100x80000000000000003848407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75ec5b3e9c1d8362021-12-22 11:46:33.146root 11241100x80000000000000003848408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0425930a4f88196f2021-12-22 11:46:33.147root 11241100x80000000000000003848409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6419dca45ed3e32021-12-22 11:46:33.147root 11241100x80000000000000003848410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4fb667ee6df7552021-12-22 11:46:33.147root 11241100x80000000000000003848411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f68f0336ea651d62021-12-22 11:46:33.147root 11241100x80000000000000003848412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244e180a7eb60c1c2021-12-22 11:46:33.147root 11241100x80000000000000003848413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce40e588d8fa63922021-12-22 11:46:33.147root 11241100x80000000000000003848414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a886fe28b5e0f542021-12-22 11:46:33.147root 11241100x80000000000000003848415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b462ef2eb6d328b32021-12-22 11:46:33.147root 11241100x80000000000000003848416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d7938b0b99bd572021-12-22 11:46:33.148root 11241100x80000000000000003848417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5c6eddda1a0f502021-12-22 11:46:33.148root 11241100x80000000000000003848418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eade311a93d527032021-12-22 11:46:33.148root 11241100x80000000000000003848419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b97ad3797a2c9e2021-12-22 11:46:33.149root 11241100x80000000000000003848420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b3422a0b0efc492021-12-22 11:46:33.149root 11241100x80000000000000003848421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e65ccc9eb498c92021-12-22 11:46:33.149root 11241100x80000000000000003848422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd6af546d724ae02021-12-22 11:46:33.149root 11241100x80000000000000003848423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1132322939ffd3e92021-12-22 11:46:33.149root 11241100x80000000000000003848424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad7432e927bc4112021-12-22 11:46:33.149root 11241100x80000000000000003848425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7dc4382945d1132021-12-22 11:46:33.149root 11241100x80000000000000003848426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0625d2014b1ffa392021-12-22 11:46:33.149root 11241100x80000000000000003848427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfbfdc3293568802021-12-22 11:46:33.149root 11241100x80000000000000003848428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9afd5188ec5014e2021-12-22 11:46:33.150root 11241100x80000000000000003848429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a6bc48f2c9b85b2021-12-22 11:46:33.150root 11241100x80000000000000003848430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35df61a2d4ff1242021-12-22 11:46:33.150root 11241100x80000000000000003848431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f5ba380b984ed82021-12-22 11:46:33.150root 11241100x80000000000000003848432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2738448e5e2159e72021-12-22 11:46:33.150root 11241100x80000000000000003848433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03105cb73180a1212021-12-22 11:46:33.150root 11241100x80000000000000003848434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a304beb10fd1db32021-12-22 11:46:33.150root 11241100x80000000000000003848435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a252261b509b682021-12-22 11:46:33.151root 11241100x80000000000000003848436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb7eb855c31aaf02021-12-22 11:46:33.151root 11241100x80000000000000003848437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a139a077047f7a772021-12-22 11:46:33.151root 11241100x80000000000000003848438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018e6aa3cee0d4cc2021-12-22 11:46:33.151root 11241100x80000000000000003848439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c5f1429c53af8f2021-12-22 11:46:33.151root 11241100x80000000000000003848440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a7523ae13705e82021-12-22 11:46:33.151root 11241100x80000000000000003848441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c957757544740642021-12-22 11:46:33.151root 11241100x80000000000000003848442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4ef5c788c1040d2021-12-22 11:46:33.151root 11241100x80000000000000003848443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3a43f1f17bf0362021-12-22 11:46:33.151root 11241100x80000000000000003848444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e1fd013c87dccc2021-12-22 11:46:33.444root 11241100x80000000000000003848445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa54c2a8c6a8c9a52021-12-22 11:46:33.444root 11241100x80000000000000003848446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190376a68742796a2021-12-22 11:46:33.445root 11241100x80000000000000003848447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7f43786438cca72021-12-22 11:46:33.445root 11241100x80000000000000003848448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69da11bef86ee9272021-12-22 11:46:33.445root 11241100x80000000000000003848449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4732b8fbc28182fe2021-12-22 11:46:33.445root 11241100x80000000000000003848450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861bb3904767d1602021-12-22 11:46:33.446root 11241100x80000000000000003848451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda41ca7f61a15462021-12-22 11:46:33.446root 11241100x80000000000000003848452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969bfc442e09ed852021-12-22 11:46:33.446root 11241100x80000000000000003848453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a06f40f246323a62021-12-22 11:46:33.446root 11241100x80000000000000003848454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fdd004841eeabd2021-12-22 11:46:33.447root 11241100x80000000000000003848455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36828f7cee8d55112021-12-22 11:46:33.447root 11241100x80000000000000003848456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9bbcf6b85bfc682021-12-22 11:46:33.447root 11241100x80000000000000003848457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a7d5c1de060c2a2021-12-22 11:46:33.447root 11241100x80000000000000003848458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6fb50c1c110b1632021-12-22 11:46:33.448root 11241100x80000000000000003848459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7fc50f89d4626532021-12-22 11:46:33.448root 11241100x80000000000000003848460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa1cff8bcb1464e2021-12-22 11:46:33.448root 11241100x80000000000000003848461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a6b64d7a9a37ba2021-12-22 11:46:33.448root 11241100x80000000000000003848462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3c664dee34ec722021-12-22 11:46:33.449root 11241100x80000000000000003848463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a96259111ba4fa12021-12-22 11:46:33.449root 11241100x80000000000000003848464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a57bbf5978253f02021-12-22 11:46:33.449root 11241100x80000000000000003848465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdf72531075f9aa2021-12-22 11:46:33.449root 11241100x80000000000000003848466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55f0294a4633e552021-12-22 11:46:33.449root 11241100x80000000000000003848467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86169f1dab482cf22021-12-22 11:46:33.449root 11241100x80000000000000003848468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb0e4aabb8630ff2021-12-22 11:46:33.450root 11241100x80000000000000003848469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2501e42cb8a8222021-12-22 11:46:33.450root 11241100x80000000000000003848470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb9f895c0166f9a2021-12-22 11:46:33.450root 11241100x80000000000000003848471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5eb9ccf09473262021-12-22 11:46:33.450root 11241100x80000000000000003848472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217b76a98bd5970d2021-12-22 11:46:33.450root 11241100x80000000000000003848473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd4011527b3c1c12021-12-22 11:46:33.450root 11241100x80000000000000003848474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7b248bdb0e86232021-12-22 11:46:33.450root 11241100x80000000000000003848475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e10f612fbbad542021-12-22 11:46:33.450root 11241100x80000000000000003848476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e637a7e0368b032021-12-22 11:46:33.450root 11241100x80000000000000003848477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a94486e20a8e9b2021-12-22 11:46:33.451root 11241100x80000000000000003848478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c98b9b9a5cd9642021-12-22 11:46:33.451root 11241100x80000000000000003848479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45169dbf50dab1202021-12-22 11:46:33.451root 11241100x80000000000000003848480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc4e82e29149e702021-12-22 11:46:33.943root 11241100x80000000000000003848481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245b3dbbf32982262021-12-22 11:46:33.943root 11241100x80000000000000003848482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337eecf701eb569d2021-12-22 11:46:33.943root 11241100x80000000000000003848483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7412fe245fc93e912021-12-22 11:46:33.943root 11241100x80000000000000003848484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec429b10945387d2021-12-22 11:46:33.944root 11241100x80000000000000003848485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9b1a912c7cc0712021-12-22 11:46:33.944root 11241100x80000000000000003848486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa031c33cf4218ab2021-12-22 11:46:33.944root 11241100x80000000000000003848487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4519ba785750a27d2021-12-22 11:46:33.944root 11241100x80000000000000003848488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d89d81499dff0882021-12-22 11:46:33.944root 11241100x80000000000000003848489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5ebef5a112e11b2021-12-22 11:46:33.944root 11241100x80000000000000003848490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ab61010b1118ca2021-12-22 11:46:33.944root 11241100x80000000000000003848491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677569885654ef6b2021-12-22 11:46:33.944root 11241100x80000000000000003848492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e000a94d53afdca2021-12-22 11:46:33.944root 11241100x80000000000000003848493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14809fd0ec8a6df82021-12-22 11:46:33.944root 11241100x80000000000000003848494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a319ded4951b9662021-12-22 11:46:33.944root 11241100x80000000000000003848495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603d8a55d4ebe6192021-12-22 11:46:33.944root 11241100x80000000000000003848496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962e349d7aea7a672021-12-22 11:46:33.944root 11241100x80000000000000003848497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1830ca08cdde2c6b2021-12-22 11:46:33.944root 11241100x80000000000000003848498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cda92c8a5b288332021-12-22 11:46:33.944root 11241100x80000000000000003848499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5d19af4576129d2021-12-22 11:46:33.944root 11241100x80000000000000003848500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35859ba1960932c92021-12-22 11:46:33.945root 11241100x80000000000000003848501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911035442b7bbb5c2021-12-22 11:46:33.945root 11241100x80000000000000003848502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b5c1c14cb9ae252021-12-22 11:46:33.945root 11241100x80000000000000003848503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498b3cb6731e1a4a2021-12-22 11:46:33.945root 11241100x80000000000000003848504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59597acc289f76af2021-12-22 11:46:33.945root 11241100x80000000000000003848505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91db4d85b1ba65ce2021-12-22 11:46:33.945root 11241100x80000000000000003848506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9084c8bc2de9172021-12-22 11:46:33.945root 11241100x80000000000000003848507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db90caf50b9af3c72021-12-22 11:46:33.945root 11241100x80000000000000003848508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89dda63a91fbed2f2021-12-22 11:46:33.946root 11241100x80000000000000003848509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7514b61f56a010f42021-12-22 11:46:33.946root 11241100x80000000000000003848510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2282d0e8812024e02021-12-22 11:46:33.946root 11241100x80000000000000003848511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671c736d31989f212021-12-22 11:46:33.946root 11241100x80000000000000003848512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76839e3cc5e646e2021-12-22 11:46:33.946root 11241100x80000000000000003848513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef1d9c906414cec2021-12-22 11:46:33.946root 11241100x80000000000000003848514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc0288a0d15880b2021-12-22 11:46:33.946root 11241100x80000000000000003848515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e82d42afcc794b62021-12-22 11:46:33.946root 354300x80000000000000003848516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.954{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-42500-false10.0.1.12-8089- 11241100x80000000000000003848517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e1332e87afdb3a2021-12-22 11:46:34.443root 11241100x80000000000000003848518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cefc5107272a8292021-12-22 11:46:34.443root 11241100x80000000000000003848519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb736669f8006de22021-12-22 11:46:34.443root 11241100x80000000000000003848520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f3155401f3df0b2021-12-22 11:46:34.443root 11241100x80000000000000003848521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63113b9c729efe22021-12-22 11:46:34.444root 11241100x80000000000000003848522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc2a41afae3493e2021-12-22 11:46:34.444root 11241100x80000000000000003848523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937e68788eb604202021-12-22 11:46:34.444root 11241100x80000000000000003848524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994b27834e37bd822021-12-22 11:46:34.444root 11241100x80000000000000003848525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5365102bd4295b462021-12-22 11:46:34.444root 11241100x80000000000000003848526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1096c44e2a1d233b2021-12-22 11:46:34.444root 11241100x80000000000000003848527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8af8c236e08c6e2021-12-22 11:46:34.444root 11241100x80000000000000003848528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65439845aa9434652021-12-22 11:46:34.444root 11241100x80000000000000003848529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfaf7938808db132021-12-22 11:46:34.444root 11241100x80000000000000003848530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a6fa17f4c370de2021-12-22 11:46:34.444root 11241100x80000000000000003848531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81cd95329c088f42021-12-22 11:46:34.444root 11241100x80000000000000003848532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f225c135581b812021-12-22 11:46:34.444root 11241100x80000000000000003848533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef4fdf8418aed2b2021-12-22 11:46:34.444root 11241100x80000000000000003848534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48282530a015ddd2021-12-22 11:46:34.444root 11241100x80000000000000003848535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d6a06c953902682021-12-22 11:46:34.444root 11241100x80000000000000003848536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbfd238a74ff9c42021-12-22 11:46:34.444root 11241100x80000000000000003848537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aefe9e6529a06912021-12-22 11:46:34.445root 11241100x80000000000000003848538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f5e4ab7da5b6292021-12-22 11:46:34.445root 11241100x80000000000000003848539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0aa516ff62178a02021-12-22 11:46:34.445root 11241100x80000000000000003848540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e397f556ba27ef2021-12-22 11:46:34.445root 11241100x80000000000000003848541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b114861c0f9b53982021-12-22 11:46:34.445root 11241100x80000000000000003848542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882415ef068352f92021-12-22 11:46:34.445root 11241100x80000000000000003848543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c8c27f787d40fc2021-12-22 11:46:34.445root 11241100x80000000000000003848544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b1d71fd76720362021-12-22 11:46:34.445root 11241100x80000000000000003848545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd34435ec02c270a2021-12-22 11:46:34.445root 11241100x80000000000000003848546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0875ca71dc4f322021-12-22 11:46:34.445root 11241100x80000000000000003848547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7411427afec11a962021-12-22 11:46:34.445root 11241100x80000000000000003848548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0732e717e3df897c2021-12-22 11:46:34.445root 11241100x80000000000000003848549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ae99d7bcda9ffd2021-12-22 11:46:34.445root 11241100x80000000000000003848550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518521cae1d3aaf32021-12-22 11:46:34.445root 11241100x80000000000000003848551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d93b2ec02a7b982021-12-22 11:46:34.445root 11241100x80000000000000003848552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f477336a62cf94042021-12-22 11:46:34.446root 11241100x80000000000000003848553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf7803a51c06b812021-12-22 11:46:34.446root 11241100x80000000000000003848554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f8a2be2741957f2021-12-22 11:46:34.446root 11241100x80000000000000003848555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ef8dc7b19e7be42021-12-22 11:46:34.446root 11241100x80000000000000003848556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fea3c9be74d4012021-12-22 11:46:34.446root 11241100x80000000000000003848557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba10cdd6e18b3482021-12-22 11:46:34.446root 11241100x80000000000000003848558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45036dfe242fa23e2021-12-22 11:46:34.446root 11241100x80000000000000003848559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e248660bea4075da2021-12-22 11:46:34.446root 11241100x80000000000000003848560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45b1cd35493c8b32021-12-22 11:46:34.446root 11241100x80000000000000003848561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6b623fdd5485c22021-12-22 11:46:34.446root 534500x80000000000000003848562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.571{00000000-0000-0000-0000-000000000000}19058<unknown process>ubuntu 534500x80000000000000003848563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.572{00000000-0000-0000-0000-000000000000}19059<unknown process>ubuntu 11241100x80000000000000003848564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.573{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash/tmp/sh-thd.opOcgu2021-12-22 11:46:34.573ubuntu 23542300x80000000000000003848565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.573{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702ubuntu/bin/bash/tmp/sh-thd.opOcgu--- 11241100x80000000000000003848566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9dc0b3e6fd1af4b2021-12-22 11:46:34.943root 11241100x80000000000000003848567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0c1bc2587108752021-12-22 11:46:34.943root 11241100x80000000000000003848568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b0c5036999160c2021-12-22 11:46:34.944root 11241100x80000000000000003848569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323b41007f19d46d2021-12-22 11:46:34.944root 11241100x80000000000000003848570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08b870bdea1da652021-12-22 11:46:34.944root 11241100x80000000000000003848571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d424e3fa2c248012021-12-22 11:46:34.944root 11241100x80000000000000003848572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e4a5295747a5e12021-12-22 11:46:34.944root 11241100x80000000000000003848573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c930e5d337d09742021-12-22 11:46:34.944root 11241100x80000000000000003848574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71c783a965d7dbc2021-12-22 11:46:34.944root 11241100x80000000000000003848575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2d1f2390061fa52021-12-22 11:46:34.944root 11241100x80000000000000003848576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb48fa738acb492c2021-12-22 11:46:34.944root 11241100x80000000000000003848577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486b3640dcb9f9f42021-12-22 11:46:34.944root 11241100x80000000000000003848578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe70800716131152021-12-22 11:46:34.944root 11241100x80000000000000003848579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a1981911aa5e082021-12-22 11:46:34.944root 11241100x80000000000000003848580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2912cd46c34622682021-12-22 11:46:34.945root 11241100x80000000000000003848581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168fbb6a7f1927cb2021-12-22 11:46:34.945root 11241100x80000000000000003848582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f76647fc068c7ac2021-12-22 11:46:34.945root 11241100x80000000000000003848583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9693b9d1a54e86a2021-12-22 11:46:34.945root 11241100x80000000000000003848584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86f8609a6b92d452021-12-22 11:46:34.945root 11241100x80000000000000003848585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ec4c555b38f4ad2021-12-22 11:46:34.945root 11241100x80000000000000003848586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19c832f2b83da322021-12-22 11:46:34.945root 11241100x80000000000000003848587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a689dd178a150482021-12-22 11:46:34.945root 11241100x80000000000000003848588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae0b9ef645cdba82021-12-22 11:46:34.945root 11241100x80000000000000003848589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34f6a3c4b9e0cdd2021-12-22 11:46:34.945root 11241100x80000000000000003848590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34350ac2271b690c2021-12-22 11:46:34.945root 11241100x80000000000000003848591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8553303a447d2b2021-12-22 11:46:34.945root 11241100x80000000000000003848592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f4158e2fcab25b2021-12-22 11:46:34.945root 11241100x80000000000000003848593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a9dbeb3f8bce0c2021-12-22 11:46:34.945root 11241100x80000000000000003848594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8088c0abb2266d42021-12-22 11:46:34.945root 11241100x80000000000000003848595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc9a13cdeadc3f72021-12-22 11:46:34.945root 11241100x80000000000000003848596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533116d5f2200f352021-12-22 11:46:34.946root 11241100x80000000000000003848597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc9dc0990f35d752021-12-22 11:46:34.946root 11241100x80000000000000003848598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fe79a3ff7bde042021-12-22 11:46:34.946root 11241100x80000000000000003848599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef9b24d6d18cd232021-12-22 11:46:34.947root 11241100x80000000000000003848600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028e9953d5b6b28a2021-12-22 11:46:34.947root 11241100x80000000000000003848601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a30b41aa43e21d2021-12-22 11:46:34.947root 11241100x80000000000000003848602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05054bdad4bdb7e2021-12-22 11:46:34.947root 11241100x80000000000000003848603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391960c46d3033612021-12-22 11:46:34.947root 11241100x80000000000000003848604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8654cb21813980522021-12-22 11:46:34.947root 11241100x80000000000000003848605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76356646124ddbf2021-12-22 11:46:34.947root 11241100x80000000000000003848606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da3c11359a97db72021-12-22 11:46:34.947root 11241100x80000000000000003848607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d848ba023db7b2312021-12-22 11:46:34.948root 11241100x80000000000000003848608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7866b1bb920e06a12021-12-22 11:46:34.948root 11241100x80000000000000003848609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d37afb1cd23828b2021-12-22 11:46:34.948root 11241100x80000000000000003848610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dcd1915e8f242ed2021-12-22 11:46:34.948root 11241100x80000000000000003848611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa96a6e742ffa84d2021-12-22 11:46:34.948root 11241100x80000000000000003848612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e769b98b5aecc492021-12-22 11:46:34.948root 11241100x80000000000000003848613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8625cc86422786b22021-12-22 11:46:34.948root 11241100x80000000000000003848614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6899bc6c45fcd52021-12-22 11:46:34.949root 11241100x80000000000000003848615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3aaeb3e412c397b2021-12-22 11:46:34.949root 11241100x80000000000000003848616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65dd30714875c8c2021-12-22 11:46:34.949root 11241100x80000000000000003848617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444c1778d02b75882021-12-22 11:46:34.949root 11241100x80000000000000003848618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2816a3dac91e532c2021-12-22 11:46:34.949root 11241100x80000000000000003848619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694118fa9704fe2b2021-12-22 11:46:34.949root 11241100x80000000000000003848620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bee611a61d650e2021-12-22 11:46:34.949root 11241100x80000000000000003848621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a317e34199bf9512021-12-22 11:46:34.950root 11241100x80000000000000003848622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257a62ec1fc6b9cf2021-12-22 11:46:34.950root 11241100x80000000000000003848623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8a00f30dfa96402021-12-22 11:46:34.950root 11241100x80000000000000003848624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2616fbaef7d0522021-12-22 11:46:34.950root 11241100x80000000000000003848625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4cf8bd8bd002f522021-12-22 11:46:34.950root 11241100x80000000000000003848626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d4465e8fad69b92021-12-22 11:46:34.950root 11241100x80000000000000003848627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ecb345fad9624e2021-12-22 11:46:34.950root 11241100x80000000000000003848628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37400417c7d9bf662021-12-22 11:46:34.950root 11241100x80000000000000003848629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5665219e249e2662021-12-22 11:46:34.951root 11241100x80000000000000003848630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b48678bafe242f2021-12-22 11:46:34.951root 11241100x80000000000000003848631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de08f0a3cca105f02021-12-22 11:46:34.951root 11241100x80000000000000003848632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d935b59ecb1e58112021-12-22 11:46:34.951root 11241100x80000000000000003848633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ff89acb67cb7a22021-12-22 11:46:34.951root 11241100x80000000000000003848634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13dc9811c794fc22021-12-22 11:46:34.951root 11241100x80000000000000003848635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e0198930b47af82021-12-22 11:46:34.951root 11241100x80000000000000003848636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d56796af47051942021-12-22 11:46:34.951root 354300x80000000000000003848637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.115{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55438-false10.0.1.12-8000- 11241100x80000000000000003848638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939b561975314f412021-12-22 11:46:35.443root 11241100x80000000000000003848639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795a852c7a348b2a2021-12-22 11:46:35.443root 11241100x80000000000000003848640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f87d60a9b2b4cc2021-12-22 11:46:35.443root 11241100x80000000000000003848641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0124b85e7df1e63e2021-12-22 11:46:35.443root 11241100x80000000000000003848642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3370642c93e8cb2021-12-22 11:46:35.444root 11241100x80000000000000003848643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7231405a5afe3fb22021-12-22 11:46:35.444root 11241100x80000000000000003848644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc678a0f262bcc952021-12-22 11:46:35.444root 11241100x80000000000000003848645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb34ffba39a4f4d2021-12-22 11:46:35.444root 11241100x80000000000000003848646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e84af452bd7b712021-12-22 11:46:35.444root 11241100x80000000000000003848647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c74bf51508639b72021-12-22 11:46:35.444root 11241100x80000000000000003848648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b3e7fea5b107f82021-12-22 11:46:35.444root 11241100x80000000000000003848649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895786c12c1538242021-12-22 11:46:35.444root 11241100x80000000000000003848650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68c07d4d74084972021-12-22 11:46:35.444root 11241100x80000000000000003848651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14fc2a5fbb8ee1592021-12-22 11:46:35.444root 11241100x80000000000000003848652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06a414654dff9dc2021-12-22 11:46:35.444root 11241100x80000000000000003848653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc641ee8643962d2021-12-22 11:46:35.444root 11241100x80000000000000003848654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04c86718ac6d2b42021-12-22 11:46:35.444root 11241100x80000000000000003848655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea79ba92a2b45e142021-12-22 11:46:35.445root 11241100x80000000000000003848656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef9ac9153ce43562021-12-22 11:46:35.445root 11241100x80000000000000003848657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c0dedb13f9f0532021-12-22 11:46:35.445root 11241100x80000000000000003848658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738f9ebb4ecfec082021-12-22 11:46:35.445root 11241100x80000000000000003848659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc7afcbec3a34c42021-12-22 11:46:35.445root 11241100x80000000000000003848660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f045957060330d12021-12-22 11:46:35.445root 11241100x80000000000000003848661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76cd8589ce5883352021-12-22 11:46:35.446root 11241100x80000000000000003848662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6f1fd01c8f15232021-12-22 11:46:35.446root 11241100x80000000000000003848663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a73c073d859514a2021-12-22 11:46:35.446root 11241100x80000000000000003848664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac50ab800f31d4b52021-12-22 11:46:35.446root 11241100x80000000000000003848665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47899f4908da2282021-12-22 11:46:35.446root 11241100x80000000000000003848666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572711769cd6cbb92021-12-22 11:46:35.446root 11241100x80000000000000003848667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79fa56469e80a172021-12-22 11:46:35.446root 11241100x80000000000000003848668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796fdb8023ed9e9f2021-12-22 11:46:35.447root 11241100x80000000000000003848669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7a43c777a7e1cc2021-12-22 11:46:35.447root 11241100x80000000000000003848670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5098e31e27649c2021-12-22 11:46:35.447root 11241100x80000000000000003848671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f047794e14c0c62021-12-22 11:46:35.448root 11241100x80000000000000003848672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be1aa973b7d10652021-12-22 11:46:35.448root 11241100x80000000000000003848673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056191140d2574ba2021-12-22 11:46:35.448root 11241100x80000000000000003848674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbe2faa61f3c3772021-12-22 11:46:35.448root 11241100x80000000000000003848675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274ca7325529136c2021-12-22 11:46:35.449root 11241100x80000000000000003848676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d392254f73ac10aa2021-12-22 11:46:35.449root 11241100x80000000000000003848677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503a12bac6ab9a112021-12-22 11:46:35.449root 11241100x80000000000000003848678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e588b681e1136d7e2021-12-22 11:46:35.449root 11241100x80000000000000003848679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c45c575940e67e2021-12-22 11:46:35.449root 11241100x80000000000000003848680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9efe323d4fb2d52021-12-22 11:46:35.449root 11241100x80000000000000003848681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6625efe1e1e49a2021-12-22 11:46:35.449root 11241100x80000000000000003848682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89688820809c21772021-12-22 11:46:35.450root 11241100x80000000000000003848683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde9a1b536eec53d2021-12-22 11:46:35.450root 11241100x80000000000000003848684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f99c6287c96b5d92021-12-22 11:46:35.450root 11241100x80000000000000003848685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd3407f397e98f62021-12-22 11:46:35.450root 11241100x80000000000000003848686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de2f5d350be71772021-12-22 11:46:35.450root 11241100x80000000000000003848687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb424c75a7cff5b82021-12-22 11:46:35.450root 11241100x80000000000000003848688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73acac3128ce6802021-12-22 11:46:35.451root 11241100x80000000000000003848689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa430b445096a472021-12-22 11:46:35.451root 11241100x80000000000000003848690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f8683f2930feb02021-12-22 11:46:35.452root 11241100x80000000000000003848691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3940450b28b74e2c2021-12-22 11:46:35.452root 11241100x80000000000000003848692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c17a5d44656f35a2021-12-22 11:46:35.452root 11241100x80000000000000003848693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e4bc6b31a71d5c2021-12-22 11:46:35.452root 11241100x80000000000000003848694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473b6ad517a9b5762021-12-22 11:46:35.453root 11241100x80000000000000003848695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f50d71933dcfc42021-12-22 11:46:35.453root 11241100x80000000000000003848696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5518825df27fa4282021-12-22 11:46:35.453root 11241100x80000000000000003848697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9cf7327a99b26962021-12-22 11:46:35.454root 11241100x80000000000000003848698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10830a908884f8c2021-12-22 11:46:35.454root 11241100x80000000000000003848699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d739f2273cd24cb82021-12-22 11:46:35.454root 11241100x80000000000000003848700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120e2c2d150d6f892021-12-22 11:46:35.454root 11241100x80000000000000003848701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33307f73b0474432021-12-22 11:46:35.454root 11241100x80000000000000003848702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c75437450ce3182021-12-22 11:46:35.454root 11241100x80000000000000003848703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661d8d3eddc846012021-12-22 11:46:35.455root 11241100x80000000000000003848704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c65f3725ff47392021-12-22 11:46:35.455root 11241100x80000000000000003848705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39da58cf24555ba32021-12-22 11:46:35.455root 11241100x80000000000000003848706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0375ab4fc882c7c2021-12-22 11:46:35.455root 11241100x80000000000000003848707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a542da228e210d6f2021-12-22 11:46:35.455root 11241100x80000000000000003848708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173de3ffaf9aea7e2021-12-22 11:46:35.456root 11241100x80000000000000003848709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540c302d6c2c4ee22021-12-22 11:46:35.456root 11241100x80000000000000003848710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3319fb7e9d2286662021-12-22 11:46:35.456root 11241100x80000000000000003848711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb7e6fbbe1b240f2021-12-22 11:46:35.456root 11241100x80000000000000003848712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af714a6be07a2842021-12-22 11:46:35.456root 11241100x80000000000000003848713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa4aa8a9830bc802021-12-22 11:46:35.457root 11241100x80000000000000003848714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a330f10b99181d152021-12-22 11:46:35.457root 11241100x80000000000000003848715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a4e55cebabeada2021-12-22 11:46:35.457root 11241100x80000000000000003848716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac28d86c59123adb2021-12-22 11:46:35.457root 11241100x80000000000000003848717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7884ca36c8cad48b2021-12-22 11:46:35.457root 11241100x80000000000000003848718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6316d462abb61f2021-12-22 11:46:35.457root 11241100x80000000000000003848719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5921610f9b49d3d72021-12-22 11:46:35.457root 11241100x80000000000000003848720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa336d3074c2c7c32021-12-22 11:46:35.457root 11241100x80000000000000003848721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dee4e8d25ef8f7d2021-12-22 11:46:35.457root 11241100x80000000000000003848722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eedb68cdc50ea752021-12-22 11:46:35.458root 11241100x80000000000000003848723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530a4af004f0e4592021-12-22 11:46:35.458root 11241100x80000000000000003848724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6813c0c6721a8c2021-12-22 11:46:35.458root 11241100x80000000000000003848725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849d26ec4f93d8202021-12-22 11:46:35.458root 11241100x80000000000000003848726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a768d1473dd7b02021-12-22 11:46:35.459root 11241100x80000000000000003848727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855adb74daa6175a2021-12-22 11:46:35.459root 11241100x80000000000000003848728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9d074f4f8ab8532021-12-22 11:46:35.459root 11241100x80000000000000003848729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8727a0df89ae5b722021-12-22 11:46:35.459root 11241100x80000000000000003848730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66dd9d19557835892021-12-22 11:46:35.459root 11241100x80000000000000003848731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f74134443e1178a2021-12-22 11:46:35.459root 11241100x80000000000000003848732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf787affe75a7a972021-12-22 11:46:35.459root 11241100x80000000000000003848733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545801a104761e7c2021-12-22 11:46:35.459root 11241100x80000000000000003848734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f6a4e13a94d3342021-12-22 11:46:35.460root 11241100x80000000000000003848735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3d2e9217ecec892021-12-22 11:46:35.460root 11241100x80000000000000003848736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f1a2e57d9273f22021-12-22 11:46:35.460root 11241100x80000000000000003848737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d44d2a5b8551b552021-12-22 11:46:35.460root 11241100x80000000000000003848738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0315f2232e08b6112021-12-22 11:46:35.460root 11241100x80000000000000003848739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334f1b678222e8ed2021-12-22 11:46:35.460root 11241100x80000000000000003848740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20522ca142103d862021-12-22 11:46:35.460root 11241100x80000000000000003848741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504438e83b3e64a62021-12-22 11:46:35.460root 11241100x80000000000000003848742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb38515a38b13e682021-12-22 11:46:35.460root 11241100x80000000000000003848743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2c9763efe2a18b2021-12-22 11:46:35.460root 11241100x80000000000000003848744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac43d79bd784e06c2021-12-22 11:46:35.460root 11241100x80000000000000003848745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85592d5bde2183f52021-12-22 11:46:35.461root 11241100x80000000000000003848746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbdf40b2b561831c2021-12-22 11:46:35.461root 11241100x80000000000000003848747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8ed73aa7a635102021-12-22 11:46:35.461root 11241100x80000000000000003848748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833583b839b50b412021-12-22 11:46:35.461root 11241100x80000000000000003848749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a01f466deac55d2021-12-22 11:46:35.461root 11241100x80000000000000003848750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85cde4f6c19ff5362021-12-22 11:46:35.461root 11241100x80000000000000003848751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee385f8a12287012021-12-22 11:46:35.461root 11241100x80000000000000003848752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5d1fc776fed04f2021-12-22 11:46:35.461root 11241100x80000000000000003848753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558327d6d4cae5112021-12-22 11:46:35.461root 11241100x80000000000000003848754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d8efcfd2ea0f672021-12-22 11:46:35.461root 11241100x80000000000000003848755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c0c55cafda1e1c2021-12-22 11:46:35.461root 11241100x80000000000000003848756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a246691c16319812021-12-22 11:46:35.461root 11241100x80000000000000003848757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59e4ef06a2c729a2021-12-22 11:46:35.462root 11241100x80000000000000003848758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5c355872db6a4d2021-12-22 11:46:35.462root 11241100x80000000000000003848759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9daf0a5c7c7a67ed2021-12-22 11:46:35.462root 11241100x80000000000000003848760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc6f9f3b02ef4e42021-12-22 11:46:35.462root 11241100x80000000000000003848761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9372242b798391e02021-12-22 11:46:35.462root 11241100x80000000000000003848762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ffd2861cee6dafe2021-12-22 11:46:35.463root 11241100x80000000000000003848763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2382e4e611c78a752021-12-22 11:46:35.463root 11241100x80000000000000003848764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c36fd3b4c6a1f5852021-12-22 11:46:35.463root 11241100x80000000000000003848765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b64ac3ab3febf32021-12-22 11:46:35.463root 11241100x80000000000000003848766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94ff1ba2f406cde2021-12-22 11:46:35.463root 11241100x80000000000000003848767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf00c7f9d119ac302021-12-22 11:46:35.463root 11241100x80000000000000003848768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e5033f931793ad2021-12-22 11:46:35.463root 11241100x80000000000000003848769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924ab2838f1587182021-12-22 11:46:35.463root 11241100x80000000000000003848770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe96af1eff1c8792021-12-22 11:46:35.463root 11241100x80000000000000003848771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541d733689f2bec62021-12-22 11:46:35.464root 11241100x80000000000000003848772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd9d142eedd91ab2021-12-22 11:46:35.464root 11241100x80000000000000003848773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b336a230ed45bfee2021-12-22 11:46:35.464root 11241100x80000000000000003848774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a389f66cb6f36f2021-12-22 11:46:35.464root 11241100x80000000000000003848775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23f649428988cf12021-12-22 11:46:35.464root 11241100x80000000000000003848776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192cdb5f8e21f5c62021-12-22 11:46:35.464root 11241100x80000000000000003848777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2151a8f3967aee42021-12-22 11:46:35.464root 11241100x80000000000000003848778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d471dd8f463da82021-12-22 11:46:35.464root 11241100x80000000000000003848779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81271deae991b9692021-12-22 11:46:35.465root 11241100x80000000000000003848780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49642e949bc5892f2021-12-22 11:46:35.465root 11241100x80000000000000003848781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d084302983ea9682021-12-22 11:46:35.465root 11241100x80000000000000003848782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6adf94545b04062021-12-22 11:46:35.465root 11241100x80000000000000003848783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a653af42e2e6f92021-12-22 11:46:35.465root 11241100x80000000000000003848784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca307b8f140b85c2021-12-22 11:46:35.465root 11241100x80000000000000003848785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79882f5e4f2c30e72021-12-22 11:46:35.465root 11241100x80000000000000003848786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c4592d8671fd6b2021-12-22 11:46:35.465root 11241100x80000000000000003848787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da028075a5177bbd2021-12-22 11:46:35.465root 11241100x80000000000000003848788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182ea9fd155076d12021-12-22 11:46:35.466root 11241100x80000000000000003848789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04fddff56e6215692021-12-22 11:46:35.466root 11241100x80000000000000003848790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1847ce712742d8f2021-12-22 11:46:35.466root 11241100x80000000000000003848791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb328f947abc75ef2021-12-22 11:46:35.466root 11241100x80000000000000003848792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc550985aa0827c52021-12-22 11:46:35.466root 11241100x80000000000000003848793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf7ad9067f88d3c2021-12-22 11:46:35.466root 11241100x80000000000000003848794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f345609a2955793b2021-12-22 11:46:35.466root 11241100x80000000000000003848795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9882e2062114da22021-12-22 11:46:35.466root 11241100x80000000000000003848796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3c24cf1e942eb52021-12-22 11:46:35.467root 11241100x80000000000000003848797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722543d6adc68cc82021-12-22 11:46:35.467root 11241100x80000000000000003848798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f1819f25a905362021-12-22 11:46:35.467root 11241100x80000000000000003848799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f06a1239459b992021-12-22 11:46:35.467root 11241100x80000000000000003848800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c5d37c5e9c63862021-12-22 11:46:35.467root 11241100x80000000000000003848801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72248c38252c9712021-12-22 11:46:35.467root 11241100x80000000000000003848802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc182a1623fc691c2021-12-22 11:46:35.467root 11241100x80000000000000003848803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2413744cb7f4ec2021-12-22 11:46:35.468root 11241100x80000000000000003848804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a978095eb958acd2021-12-22 11:46:35.468root 11241100x80000000000000003848805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cfae700861973122021-12-22 11:46:35.468root 11241100x80000000000000003848806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae8b325de50cc7d2021-12-22 11:46:35.468root 11241100x80000000000000003848807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d38b11a14f947b72021-12-22 11:46:35.468root 11241100x80000000000000003848808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c708a4432be08f282021-12-22 11:46:35.468root 11241100x80000000000000003848809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6665340e06a39a6c2021-12-22 11:46:35.468root 11241100x80000000000000003848810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ef9b43c1d662a32021-12-22 11:46:35.469root 11241100x80000000000000003848811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8779683fc14af82021-12-22 11:46:35.469root 11241100x80000000000000003848812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86c0529bfec7b312021-12-22 11:46:35.469root 11241100x80000000000000003848813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d421bbd76b7a9d602021-12-22 11:46:35.469root 11241100x80000000000000003848814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8520d2c4ee240062021-12-22 11:46:35.469root 11241100x80000000000000003848815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b50a70d2a1cc2b2021-12-22 11:46:35.469root 11241100x80000000000000003848816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede857cb3f77042b2021-12-22 11:46:35.469root 11241100x80000000000000003848817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e6659c722dbcac2021-12-22 11:46:35.469root 11241100x80000000000000003848818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45742bf33abcc3232021-12-22 11:46:35.469root 11241100x80000000000000003848819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ca3d460adf27bd2021-12-22 11:46:35.470root 11241100x80000000000000003848820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ee86aaec3995162021-12-22 11:46:35.470root 11241100x80000000000000003848821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfcc0c4a1cd1ca82021-12-22 11:46:35.470root 11241100x80000000000000003848822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bdb5d8ac3ba5822021-12-22 11:46:35.470root 11241100x80000000000000003848823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3335e4aa70003c942021-12-22 11:46:35.470root 11241100x80000000000000003848824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c79d6bb98469e22021-12-22 11:46:35.470root 11241100x80000000000000003848825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc03859d90b13a4f2021-12-22 11:46:35.470root 11241100x80000000000000003848826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52bf5062dc4b09b82021-12-22 11:46:35.471root 11241100x80000000000000003848827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f769704c5be1b4372021-12-22 11:46:35.471root 11241100x80000000000000003848828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3400753ec041d8a2021-12-22 11:46:35.471root 11241100x80000000000000003848829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff9979391ed1c6f2021-12-22 11:46:35.471root 11241100x80000000000000003848830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36df02900d65d4152021-12-22 11:46:35.471root 11241100x80000000000000003848831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.473{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef63001f37e9eb82021-12-22 11:46:35.473root 11241100x80000000000000003848832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.473{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d6643b081f8ab62021-12-22 11:46:35.473root 11241100x80000000000000003848833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.473{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d685752ac5e6802021-12-22 11:46:35.473root 11241100x80000000000000003848834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.473{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73bf248c0a01835f2021-12-22 11:46:35.473root 11241100x80000000000000003848835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.473{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4d791df934024c2021-12-22 11:46:35.473root 11241100x80000000000000003848836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a4f5b4462a228b2021-12-22 11:46:35.474root 11241100x80000000000000003848837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79adfb84acbddb522021-12-22 11:46:35.474root 11241100x80000000000000003848838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb84b2257bc550b2021-12-22 11:46:35.474root 11241100x80000000000000003848839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f220d50dca68ac172021-12-22 11:46:35.474root 11241100x80000000000000003848840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3814ad8ee431fc4d2021-12-22 11:46:35.474root 11241100x80000000000000003848841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d255791c0844081e2021-12-22 11:46:35.474root 11241100x80000000000000003848842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14ddca666c7df7c2021-12-22 11:46:35.475root 11241100x80000000000000003848843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbfda1df226c4162021-12-22 11:46:35.475root 11241100x80000000000000003848844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677f0bbf5dadbf7a2021-12-22 11:46:35.475root 11241100x80000000000000003848845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e16b7cea82034d2021-12-22 11:46:35.475root 11241100x80000000000000003848846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd6e77cefc5c3ea2021-12-22 11:46:35.475root 11241100x80000000000000003848847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35ce5770073db4d2021-12-22 11:46:35.475root 11241100x80000000000000003848848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577558e2d4e865ce2021-12-22 11:46:35.475root 11241100x80000000000000003848849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5471c66a69946c2021-12-22 11:46:35.475root 11241100x80000000000000003848850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dddf42597c921892021-12-22 11:46:35.475root 11241100x80000000000000003848851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fb5a28816c265e2021-12-22 11:46:35.475root 11241100x80000000000000003848852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.476{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374a2e27684947c02021-12-22 11:46:35.476root 11241100x80000000000000003848853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.476{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548c86a06dc8935c2021-12-22 11:46:35.476root 11241100x80000000000000003848854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.476{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a58abb1915b1652021-12-22 11:46:35.476root 11241100x80000000000000003848855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.476{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9bce49ab101bc32021-12-22 11:46:35.476root 11241100x80000000000000003848856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.476{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143bd2da4d8464392021-12-22 11:46:35.476root 11241100x80000000000000003848857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.476{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff052ff77bb0c4372021-12-22 11:46:35.476root 11241100x80000000000000003848858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.476{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd0baaaaf18d1f12021-12-22 11:46:35.476root 11241100x80000000000000003848859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.476{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf80cd1972348142021-12-22 11:46:35.476root 11241100x80000000000000003848860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.476{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d11cf8dad119242021-12-22 11:46:35.476root 11241100x80000000000000003848861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a446de5710d7cd502021-12-22 11:46:35.477root 11241100x80000000000000003848862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467a90eeffaf059f2021-12-22 11:46:35.477root 11241100x80000000000000003848863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aaf4993a7a0030c2021-12-22 11:46:35.477root 11241100x80000000000000003848864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98a76e08094bece2021-12-22 11:46:35.477root 11241100x80000000000000003848865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07717adb90f1b2a2021-12-22 11:46:35.477root 11241100x80000000000000003848866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f689e206061d883c2021-12-22 11:46:35.477root 11241100x80000000000000003848867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97daf3b68746c9212021-12-22 11:46:35.477root 11241100x80000000000000003848868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bedf1c988f484bdf2021-12-22 11:46:35.477root 11241100x80000000000000003848869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c4987dde7244dc2021-12-22 11:46:35.477root 11241100x80000000000000003848870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ecc277780cbad32021-12-22 11:46:35.477root 11241100x80000000000000003848871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d946ee459d05fa62021-12-22 11:46:35.478root 11241100x80000000000000003848872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa28184a18206c472021-12-22 11:46:35.478root 11241100x80000000000000003848873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476c3fc872381f712021-12-22 11:46:35.478root 11241100x80000000000000003848874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e1c50c760e109b2021-12-22 11:46:35.478root 11241100x80000000000000003848875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96665ba68c15dac2021-12-22 11:46:35.478root 11241100x80000000000000003848876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70100a98f392e46e2021-12-22 11:46:35.478root 11241100x80000000000000003848877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5f169ccad3c7872021-12-22 11:46:35.478root 11241100x80000000000000003848878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4859fde7ecb8ed932021-12-22 11:46:35.478root 11241100x80000000000000003848879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25b5314088d7bbc2021-12-22 11:46:35.478root 11241100x80000000000000003848880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e360aeeb825d0c582021-12-22 11:46:35.479root 11241100x80000000000000003848881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2aa1c540c2916f2021-12-22 11:46:35.479root 11241100x80000000000000003848882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24b4c54b0cfb33e2021-12-22 11:46:35.479root 11241100x80000000000000003848883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01aae38a5007b8a72021-12-22 11:46:35.479root 11241100x80000000000000003848884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c194fd095a0d490f2021-12-22 11:46:35.479root 11241100x80000000000000003848885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104aa0643e5e80582021-12-22 11:46:35.479root 11241100x80000000000000003848886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7614cf947c838b2021-12-22 11:46:35.479root 11241100x80000000000000003848887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6fd19a17d07bf42021-12-22 11:46:35.479root 11241100x80000000000000003848888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ad402167ba2abc2021-12-22 11:46:35.479root 11241100x80000000000000003848889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4382ff83c283ca072021-12-22 11:46:35.480root 11241100x80000000000000003848890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0574d94bf8ace3b2021-12-22 11:46:35.483root 11241100x80000000000000003848891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68de31db95a27622021-12-22 11:46:35.483root 11241100x80000000000000003848892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a8410e868541042021-12-22 11:46:35.484root 11241100x80000000000000003848893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.485{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d1c34a39e4b6aa2021-12-22 11:46:35.485root 11241100x80000000000000003848894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.485{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79bcc7bc7e6a15652021-12-22 11:46:35.485root 11241100x80000000000000003848895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.486{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e942b590ae85d392021-12-22 11:46:35.486root 11241100x80000000000000003848896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.487{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8108c17c2d976e832021-12-22 11:46:35.487root 11241100x80000000000000003848897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241f0f787d75134c2021-12-22 11:46:35.488root 11241100x80000000000000003848898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e450c8b7ff40512021-12-22 11:46:35.488root 11241100x80000000000000003848899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.489{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7edc992e3f75dd932021-12-22 11:46:35.489root 11241100x80000000000000003848900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.490{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbbadeb8de868ff2021-12-22 11:46:35.490root 11241100x80000000000000003848901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.490{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beea8e4a3b26640c2021-12-22 11:46:35.490root 534500x80000000000000003848902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.774{00000000-0000-0000-0000-000000000000}19060<unknown process>ubuntu 11241100x80000000000000003848903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.775{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2593cc3ba3cf845f2021-12-22 11:46:35.775root 11241100x80000000000000003848904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.775{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d572bee72c8cc5132021-12-22 11:46:35.775root 11241100x80000000000000003848905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.776{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fdf703914d834192021-12-22 11:46:35.776root 11241100x80000000000000003848906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.776{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1ca115eef5434f2021-12-22 11:46:35.776root 11241100x80000000000000003848907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.776{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac775cb2146dbc992021-12-22 11:46:35.776root 11241100x80000000000000003848908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.776{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855b191fb999770e2021-12-22 11:46:35.776root 11241100x80000000000000003848909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.776{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa0cf94644c1d012021-12-22 11:46:35.776root 534500x80000000000000003848910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.776{00000000-0000-0000-0000-000000000000}19061<unknown process>ubuntu 11241100x80000000000000003848911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.777{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ae5be3a01f9b802021-12-22 11:46:35.777root 11241100x80000000000000003848912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.777{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3471683a6fdb5fc92021-12-22 11:46:35.777root 11241100x80000000000000003848913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.777{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a49f23fcbfe62382021-12-22 11:46:35.777root 11241100x80000000000000003848914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.777{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61979cb68cf7871d2021-12-22 11:46:35.777root 11241100x80000000000000003848915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.777{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9cf6127757305b2021-12-22 11:46:35.777root 11241100x80000000000000003848916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.777{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c4d50af33402a42021-12-22 11:46:35.777root 11241100x80000000000000003848917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.778{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b910378708d83c2021-12-22 11:46:35.778root 11241100x80000000000000003848918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.778{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4cda979d28b501a2021-12-22 11:46:35.778root 11241100x80000000000000003848919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.778{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66774b645e4518ad2021-12-22 11:46:35.778root 11241100x80000000000000003848920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.778{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76226dab4b9c7ace2021-12-22 11:46:35.778root 11241100x80000000000000003848921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.777{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash/tmp/sh-thd.AmAYF92021-12-22 11:46:35.777ubuntu 23542300x80000000000000003848922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.777{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702ubuntu/bin/bash/tmp/sh-thd.AmAYF9--- 11241100x80000000000000003848923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.778{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8babd7780c83f42021-12-22 11:46:35.778root 11241100x80000000000000003848924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.779{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142fc93c5a044a462021-12-22 11:46:35.779root 11241100x80000000000000003848925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.779{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1a8ba68ded2a222021-12-22 11:46:35.779root 11241100x80000000000000003848926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.779{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef2a4523bae0bb72021-12-22 11:46:35.779root 11241100x80000000000000003848927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.779{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca84ce3895edf4772021-12-22 11:46:35.779root 11241100x80000000000000003848928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.779{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de72029ccf48dc7f2021-12-22 11:46:35.779root 11241100x80000000000000003848929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.780{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd221445daf053c2021-12-22 11:46:35.780root 11241100x80000000000000003848930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.780{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b6ca40b54ff2882021-12-22 11:46:35.780root 11241100x80000000000000003848931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.780{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b235bd17372577282021-12-22 11:46:35.780root 11241100x80000000000000003848932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.780{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408cacc29554d9c42021-12-22 11:46:35.780root 11241100x80000000000000003848933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.780{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daae913820b1457f2021-12-22 11:46:35.780root 11241100x80000000000000003848934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.781{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5458e6c52b24b1012021-12-22 11:46:35.781root 11241100x80000000000000003848935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.781{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a2c0dc94c042942021-12-22 11:46:35.781root 11241100x80000000000000003848936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.781{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555e8ebaaa3f25452021-12-22 11:46:35.781root 11241100x80000000000000003848937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.781{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79bea3a81061d0dc2021-12-22 11:46:35.781root 11241100x80000000000000003848938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.782{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad40ab77246a9ba2021-12-22 11:46:35.782root 11241100x80000000000000003848939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.782{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0297a92d0e0d6fa82021-12-22 11:46:35.782root 11241100x80000000000000003848940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.782{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b240f9a550632e2021-12-22 11:46:35.782root 11241100x80000000000000003848941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.783{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695589a2f9e851af2021-12-22 11:46:35.783root 11241100x80000000000000003848942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.783{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7ef9e167a609892021-12-22 11:46:35.783root 11241100x80000000000000003848943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.783{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82778a1721652352021-12-22 11:46:35.783root 11241100x80000000000000003848944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.784{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b5ec49075a3a772021-12-22 11:46:35.784root 11241100x80000000000000003848945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.784{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775be2d7d36c428a2021-12-22 11:46:35.784root 11241100x80000000000000003848946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.784{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0457097f48cc7e82021-12-22 11:46:35.784root 11241100x80000000000000003848947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.785{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d10b21b3ba26cc92021-12-22 11:46:35.785root 11241100x80000000000000003848948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.785{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7755e6d4fcceb612021-12-22 11:46:35.785root 11241100x80000000000000003848949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.785{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f15a2bd5b6ae5f2021-12-22 11:46:35.785root 11241100x80000000000000003848950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.785{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2b2bf3b13c8a1a2021-12-22 11:46:35.785root 11241100x80000000000000003848951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.786{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b37dd8efc4c0e3e2021-12-22 11:46:35.786root 11241100x80000000000000003848952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.786{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffcb5220672843752021-12-22 11:46:35.786root 11241100x80000000000000003848953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.786{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c75ae921ee09d62021-12-22 11:46:35.786root 11241100x80000000000000003848954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.786{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0e5e0ff6eb513d2021-12-22 11:46:35.786root 11241100x80000000000000003848955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.787{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fffc5381a5815972021-12-22 11:46:35.787root 11241100x80000000000000003848956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.787{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ff4dc4ec6b80a02021-12-22 11:46:35.787root 11241100x80000000000000003848957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.787{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbfddc41c5acfc42021-12-22 11:46:35.787root 11241100x80000000000000003848958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.788{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cb36b6c4ebfc5b2021-12-22 11:46:35.788root 11241100x80000000000000003848959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.788{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8b746ab0ca17432021-12-22 11:46:35.788root 11241100x80000000000000003848960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.788{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d003a717657b412021-12-22 11:46:35.788root 11241100x80000000000000003848961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.788{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26233c68b478ba32021-12-22 11:46:35.788root 11241100x80000000000000003848962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.789{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd2d6b36092867e2021-12-22 11:46:35.789root 11241100x80000000000000003848963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.789{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbefa867d99f7ae92021-12-22 11:46:35.789root 11241100x80000000000000003848964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.789{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d39afb3ef5719992021-12-22 11:46:35.789root 11241100x80000000000000003848965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.790{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98fe0b37768329d2021-12-22 11:46:35.790root 11241100x80000000000000003848966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.790{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5640ad5c1bfb84d2021-12-22 11:46:35.790root 23542300x80000000000000003848967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.145{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000003848968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33bb6032bc72f2f92021-12-22 11:46:36.146root 11241100x80000000000000003848969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760ee9efbaef982e2021-12-22 11:46:36.146root 11241100x80000000000000003848970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149b2bb1b460c8ec2021-12-22 11:46:36.146root 11241100x80000000000000003848971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53d6d8b066fcd742021-12-22 11:46:36.147root 11241100x80000000000000003848972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec99898aa296ec8b2021-12-22 11:46:36.147root 11241100x80000000000000003848973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e9026d1d8234702021-12-22 11:46:36.147root 11241100x80000000000000003848974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4164cdf2d2dff82021-12-22 11:46:36.147root 11241100x80000000000000003848975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669d174ddab11e432021-12-22 11:46:36.147root 11241100x80000000000000003848976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34c3e05ddbe302b2021-12-22 11:46:36.147root 11241100x80000000000000003848977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe343d3e42f10f022021-12-22 11:46:36.148root 11241100x80000000000000003848978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09cbace9b155727d2021-12-22 11:46:36.148root 11241100x80000000000000003848979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b24a4abd4484272021-12-22 11:46:36.148root 11241100x80000000000000003848980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132dd3a5bae3974e2021-12-22 11:46:36.148root 11241100x80000000000000003848981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0f355571d98bdf2021-12-22 11:46:36.148root 11241100x80000000000000003848982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ece66fd191f9b2a2021-12-22 11:46:36.148root 11241100x80000000000000003848983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cac7b123ab247d32021-12-22 11:46:36.148root 11241100x80000000000000003848984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a3fb0da7053d942021-12-22 11:46:36.149root 11241100x80000000000000003848985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927021a0f914b3062021-12-22 11:46:36.149root 11241100x80000000000000003848986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2be7c309fc816602021-12-22 11:46:36.149root 11241100x80000000000000003848987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410309d38cbc14182021-12-22 11:46:36.149root 11241100x80000000000000003848988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ba921c6fefb8702021-12-22 11:46:36.149root 11241100x80000000000000003848989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fabe87d38e865612021-12-22 11:46:36.149root 11241100x80000000000000003848990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c838039e4934e4d2021-12-22 11:46:36.149root 534500x80000000000000003849038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:38.249{00000000-0000-0000-0000-000000000000}19062<unknown process>ubuntu 534500x80000000000000003849039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:38.250{ec2b6afe-9233-61c1-c81a-006eee550000}19063-ubuntu 11241100x80000000000000003849040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:38.251{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash/tmp/sh-thd.8wujQV2021-12-22 11:46:38.251ubuntu 23542300x80000000000000003849041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:38.251{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702ubuntu/bin/bash/tmp/sh-thd.8wujQV--- 11241100x80000000000000003849042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:38.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00dbcd011d85866c2021-12-22 11:46:38.692root 11241100x80000000000000003849043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6f8a3945c516d42021-12-22 11:46:38.693root 11241100x80000000000000003849044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0c5330786c8c8c2021-12-22 11:46:38.693root 11241100x80000000000000003849045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aaa50383c47675a2021-12-22 11:46:38.693root 154100x80000000000000003849046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:38.763{ec2b6afe-101e-61c3-8022-5e884a560000}19064/bin/nano-----nano evil_preload.c/home/ubuntuubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 11241100x80000000000000003849047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:38.787{ec2b6afe-101e-61c3-8022-5e884a560000}19064/bin/nano/home/ubuntu/.evil_preload.c.swp2021-12-22 11:46:38.787ubuntu 11241100x80000000000000003849048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:39.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ee8670a79c9c3e2021-12-22 11:46:39.192root 11241100x80000000000000003849049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e8369f343ac1722021-12-22 11:46:39.193root 11241100x80000000000000003849050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8daddc8c59b6534e2021-12-22 11:46:39.193root 11241100x80000000000000003849051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08448f763f93a33c2021-12-22 11:46:39.193root 11241100x80000000000000003849052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8e1dfb878f2d662021-12-22 11:46:39.193root 11241100x80000000000000003849053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d67752156438fc22021-12-22 11:46:39.193root 11241100x80000000000000003849054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421fd8abe9c57db92021-12-22 11:46:39.693root 11241100x80000000000000003849055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e82c648ff8ce722021-12-22 11:46:39.693root 11241100x80000000000000003849056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932e60bc4de1bab22021-12-22 11:46:39.693root 11241100x80000000000000003849057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c743f025cd632fa22021-12-22 11:46:39.693root 11241100x80000000000000003849058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86937644e265b7a2021-12-22 11:46:39.693root 11241100x80000000000000003849059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ffb619b51970e72021-12-22 11:46:39.693root 11241100x80000000000000003849060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47fd022432637fc22021-12-22 11:46:40.193root 11241100x80000000000000003849061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a779986386880e6d2021-12-22 11:46:40.193root 11241100x80000000000000003849062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd363f969c370ed2021-12-22 11:46:40.193root 11241100x80000000000000003849063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d5addad02fd2b62021-12-22 11:46:40.193root 11241100x80000000000000003849064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919f94439b092ff22021-12-22 11:46:40.193root 11241100x80000000000000003849065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716683fe1b36f66e2021-12-22 11:46:40.193root 11241100x80000000000000003849066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6fbf833eaad38f2021-12-22 11:46:40.693root 11241100x80000000000000003849067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0f0feeb81128f02021-12-22 11:46:40.693root 11241100x80000000000000003849068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0cf8dd48c04c4ee2021-12-22 11:46:40.693root 11241100x80000000000000003849069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3415085ddcb6d2f2021-12-22 11:46:40.693root 11241100x80000000000000003849070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730e3e1d9efc95af2021-12-22 11:46:40.693root 11241100x80000000000000003849071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b7b2f1a4ace90b2021-12-22 11:46:40.693root 354300x80000000000000003849072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.100{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55440-false10.0.1.12-8000- 11241100x80000000000000003849073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd4973c6024a6e52021-12-22 11:46:41.101root 11241100x80000000000000003849074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebcfccc4ffae6cf2021-12-22 11:46:41.101root 11241100x80000000000000003849075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4848c92396a7e32021-12-22 11:46:41.101root 11241100x80000000000000003849076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b033602bdb1e74092021-12-22 11:46:41.101root 11241100x80000000000000003849077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5887ffd09aee23082021-12-22 11:46:41.101root 11241100x80000000000000003849078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832ceedc3ba6266c2021-12-22 11:46:41.101root 11241100x80000000000000003849079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298485e17c33b88e2021-12-22 11:46:41.101root 11241100x80000000000000003849080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81001a956e2e00072021-12-22 11:46:41.443root 11241100x80000000000000003849081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a350980e7438c662021-12-22 11:46:41.443root 11241100x80000000000000003849082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644ec12f20acde0a2021-12-22 11:46:41.444root 11241100x80000000000000003849083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f12b67545ff4ed2021-12-22 11:46:41.444root 11241100x80000000000000003849084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f6e45dc4af0a6c2021-12-22 11:46:41.444root 11241100x80000000000000003849085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7569b6c5263192292021-12-22 11:46:41.445root 11241100x80000000000000003849086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f1de0cb3a6babc2021-12-22 11:46:41.445root 11241100x80000000000000003849087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a652c4a60ca25b192021-12-22 11:46:41.943root 11241100x80000000000000003849088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462bbf73ed58e5f12021-12-22 11:46:41.943root 11241100x80000000000000003849089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc198c39610a1db2021-12-22 11:46:41.943root 11241100x80000000000000003849090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d68cdf9fb754862021-12-22 11:46:41.943root 11241100x80000000000000003849091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831a2527b4460c4b2021-12-22 11:46:41.944root 11241100x80000000000000003849092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368243bf482b66312021-12-22 11:46:41.944root 11241100x80000000000000003849093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddcb9fc80bcde3892021-12-22 11:46:41.944root 11241100x80000000000000003849094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f579d6b7be142fc2021-12-22 11:46:42.443root 11241100x80000000000000003849095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df64a0a65502d5c2021-12-22 11:46:42.443root 11241100x80000000000000003849096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f19bdfa4ada8ff2021-12-22 11:46:42.443root 11241100x80000000000000003849097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68650382228aed742021-12-22 11:46:42.443root 11241100x80000000000000003849098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f124dd2cdb976eb2021-12-22 11:46:42.444root 11241100x80000000000000003849099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6d11678104daf72021-12-22 11:46:42.444root 11241100x80000000000000003849100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e984a4a74de477822021-12-22 11:46:42.444root 11241100x80000000000000003849101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592061d72b2077bf2021-12-22 11:46:42.943root 11241100x80000000000000003849102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02607c27e156f9562021-12-22 11:46:42.943root 11241100x80000000000000003849103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef490820506004ca2021-12-22 11:46:42.943root 11241100x80000000000000003849104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0d9c2828a044a72021-12-22 11:46:42.943root 11241100x80000000000000003849105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abbdcea30fc2d8a2021-12-22 11:46:42.943root 11241100x80000000000000003849106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d802b7a5e53fc8a12021-12-22 11:46:42.943root 11241100x80000000000000003849107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e748928128f37c92021-12-22 11:46:42.943root 11241100x80000000000000003849108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ab2332f906eda82021-12-22 11:46:43.443root 11241100x80000000000000003849109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74223e09370bb5372021-12-22 11:46:43.443root 11241100x80000000000000003849110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08670a17df1a7d932021-12-22 11:46:43.443root 11241100x80000000000000003849111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d18b10c26559f992021-12-22 11:46:43.443root 11241100x80000000000000003849112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f7431500b121552021-12-22 11:46:43.443root 11241100x80000000000000003849113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f1636da7ea78302021-12-22 11:46:43.443root 11241100x80000000000000003849114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c1402c2976fddc2021-12-22 11:46:43.443root 11241100x80000000000000003849115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c42b18908bc6de2021-12-22 11:46:43.943root 11241100x80000000000000003849116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d1457804513b172021-12-22 11:46:43.943root 11241100x80000000000000003849117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c398c050423d39632021-12-22 11:46:43.943root 11241100x80000000000000003849118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc0fe3ec803db302021-12-22 11:46:43.943root 11241100x80000000000000003849119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f830937b629a9d2021-12-22 11:46:43.943root 11241100x80000000000000003849120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1faadc6fa7de97a2021-12-22 11:46:43.943root 11241100x80000000000000003849121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da99f5d5a1740892021-12-22 11:46:43.943root 11241100x80000000000000003849122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee4ec2218b9aba22021-12-22 11:46:44.443root 11241100x80000000000000003849123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902783ecd877a2772021-12-22 11:46:44.443root 11241100x80000000000000003849124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df66fedf9f978c042021-12-22 11:46:44.443root 11241100x80000000000000003849125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb32eac39ab5e192021-12-22 11:46:44.443root 11241100x80000000000000003849126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3a0769d6a335c82021-12-22 11:46:44.443root 11241100x80000000000000003849127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0ac6413267e4a12021-12-22 11:46:44.443root 11241100x80000000000000003849128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be69476b9ff1584a2021-12-22 11:46:44.443root 11241100x80000000000000003849129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca182eb4ffd0670a2021-12-22 11:46:44.943root 11241100x80000000000000003849130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb3de56b111a95d2021-12-22 11:46:44.943root 11241100x80000000000000003849131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f749683424d0de2021-12-22 11:46:44.943root 11241100x80000000000000003849132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e6d70f5249a4972021-12-22 11:46:44.943root 11241100x80000000000000003849133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6855450d065aee62021-12-22 11:46:44.943root 11241100x80000000000000003849134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd0cb12cda03b662021-12-22 11:46:44.943root 11241100x80000000000000003849135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997f6886780015872021-12-22 11:46:44.943root 11241100x80000000000000003849136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa2a1bcd74817e12021-12-22 11:46:45.443root 11241100x80000000000000003849137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee37f561c2856c82021-12-22 11:46:45.443root 11241100x80000000000000003849138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe4b251d45888c62021-12-22 11:46:45.443root 11241100x80000000000000003849139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b266b27ef883c082021-12-22 11:46:45.443root 11241100x80000000000000003849140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50dda5509a18311c2021-12-22 11:46:45.443root 11241100x80000000000000003849141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b783cc794089c12021-12-22 11:46:45.443root 11241100x80000000000000003849142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b57495a0ae81c42021-12-22 11:46:45.443root 11241100x80000000000000003849143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014db32a6bcd27f62021-12-22 11:46:45.943root 11241100x80000000000000003849144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5165aaa683b09a2021-12-22 11:46:45.943root 11241100x80000000000000003849145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed8a1c726de3f4d2021-12-22 11:46:45.943root 11241100x80000000000000003849146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2518efb930240d2021-12-22 11:46:45.943root 11241100x80000000000000003849147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3aa6d8d181695cf2021-12-22 11:46:45.943root 11241100x80000000000000003849148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1acc3388ecbc96242021-12-22 11:46:45.943root 11241100x80000000000000003849149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b0079d7c1794582021-12-22 11:46:45.943root 11241100x80000000000000003849150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67947587504284b72021-12-22 11:46:46.443root 11241100x80000000000000003849151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd541c6ca2b8dca2021-12-22 11:46:46.443root 11241100x80000000000000003849152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f94a9d7ea280a82021-12-22 11:46:46.443root 11241100x80000000000000003849153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bfdeb4fedf2fd32021-12-22 11:46:46.443root 11241100x80000000000000003849154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570370351196c34a2021-12-22 11:46:46.443root 11241100x80000000000000003849155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d2dee73e6b117b2021-12-22 11:46:46.443root 11241100x80000000000000003849156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11c9fe731171f392021-12-22 11:46:46.443root 11241100x80000000000000003849157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5749ed7321eba1ff2021-12-22 11:46:46.943root 11241100x80000000000000003849158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c613bc4cb43363632021-12-22 11:46:46.943root 11241100x80000000000000003849159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3178273d9a640cb92021-12-22 11:46:46.943root 11241100x80000000000000003849160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882deff18a5d7ad22021-12-22 11:46:46.943root 11241100x80000000000000003849161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d59463104a1d7b2021-12-22 11:46:46.943root 11241100x80000000000000003849162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d371cd110b19f6452021-12-22 11:46:46.943root 11241100x80000000000000003849163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44ca5f4a736d6d52021-12-22 11:46:46.943root 354300x80000000000000003849164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:47.059{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55442-false10.0.1.12-8000- 11241100x80000000000000003849165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7d2c1ba53c957d2021-12-22 11:46:47.443root 11241100x80000000000000003849166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39526a82286121ef2021-12-22 11:46:47.443root 11241100x80000000000000003849167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7f1aa3641935942021-12-22 11:46:47.443root 11241100x80000000000000003849168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5f059579ee9ed52021-12-22 11:46:47.443root 11241100x80000000000000003849169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c68121acbc5d482021-12-22 11:46:47.443root 11241100x80000000000000003849170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be918ae83b8243ab2021-12-22 11:46:47.443root 11241100x80000000000000003849171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52fc8c6699dd43802021-12-22 11:46:47.443root 11241100x80000000000000003849172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ccb61d327b4e3e2021-12-22 11:46:47.444root 11241100x80000000000000003849173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8223e50474b72152021-12-22 11:46:47.943root 11241100x80000000000000003849174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02e4c17f40987682021-12-22 11:46:47.943root 11241100x80000000000000003849175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1ea02ae7af55282021-12-22 11:46:47.943root 11241100x80000000000000003849176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e19994f463eb552021-12-22 11:46:47.943root 11241100x80000000000000003849177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636e2703ad93b9362021-12-22 11:46:47.943root 11241100x80000000000000003849178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06aa1073575de2c12021-12-22 11:46:47.943root 11241100x80000000000000003849179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eee1d3dc49df4fd2021-12-22 11:46:47.943root 11241100x80000000000000003849180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699223d519b2e6882021-12-22 11:46:47.943root 11241100x80000000000000003849181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af497b87e09aff632021-12-22 11:46:48.444root 11241100x80000000000000003849182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a812de1155c6812021-12-22 11:46:48.444root 11241100x80000000000000003849183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5957da53bbc4d12021-12-22 11:46:48.444root 11241100x80000000000000003849184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a19d1281b105da2021-12-22 11:46:48.444root 11241100x80000000000000003849185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9317b8e2e4bc6e2c2021-12-22 11:46:48.444root 11241100x80000000000000003849186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5530648708d284f2021-12-22 11:46:48.444root 11241100x80000000000000003849187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4fd14c41f98d4da2021-12-22 11:46:48.444root 11241100x80000000000000003849188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471cf008ce4ca2802021-12-22 11:46:48.444root 11241100x80000000000000003849189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066cbbcd487a5e6b2021-12-22 11:46:48.943root 11241100x80000000000000003849190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70d74b45548cc472021-12-22 11:46:48.943root 11241100x80000000000000003849191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d0241b2872fd422021-12-22 11:46:48.943root 11241100x80000000000000003849192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43383c2e115a5522021-12-22 11:46:48.943root 11241100x80000000000000003849193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce169dab2e04c1c62021-12-22 11:46:48.943root 11241100x80000000000000003849194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e554ca0b9a38a2f92021-12-22 11:46:48.943root 11241100x80000000000000003849195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7f98c22b9c1b6d2021-12-22 11:46:48.943root 11241100x80000000000000003849196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f261858708ce0ab02021-12-22 11:46:48.943root 11241100x80000000000000003849197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b680efa0f7b4ae9c2021-12-22 11:46:49.443root 11241100x80000000000000003849198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af78491d5c81ab02021-12-22 11:46:49.443root 11241100x80000000000000003849199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.201f9057be01ac6a2021-12-22 11:46:49.443root 11241100x80000000000000003849200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ac9ed6e0f1b9532021-12-22 11:46:49.443root 11241100x80000000000000003849201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81569387affbd6c2021-12-22 11:46:49.443root 11241100x80000000000000003849202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45f469c218f547c2021-12-22 11:46:49.443root 11241100x80000000000000003849203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5395a0ca8fe7d52021-12-22 11:46:49.443root 11241100x80000000000000003849204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b533fd581dd8e6e92021-12-22 11:46:49.444root 11241100x80000000000000003849205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717ecc7f22a8a6a52021-12-22 11:46:49.943root 11241100x80000000000000003849206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7ae9392034c6452021-12-22 11:46:49.943root 11241100x80000000000000003849207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d98730420e8b5002021-12-22 11:46:49.943root 11241100x80000000000000003849208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d54e43b4df47092021-12-22 11:46:49.943root 11241100x80000000000000003849209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1642902eaa59ce2021-12-22 11:46:49.943root 11241100x80000000000000003849210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77834d06b7354f332021-12-22 11:46:49.943root 11241100x80000000000000003849211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e3706e7528de8a2021-12-22 11:46:49.943root 11241100x80000000000000003849212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b51c2830b56b462021-12-22 11:46:49.943root 11241100x80000000000000003849213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a773b3a1a18b7ec2021-12-22 11:46:50.443root 11241100x80000000000000003849214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883f162fe8bb387e2021-12-22 11:46:50.443root 11241100x80000000000000003849215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9b47142ba079eb2021-12-22 11:46:50.443root 11241100x80000000000000003849216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cdffa575a89a922021-12-22 11:46:50.443root 11241100x80000000000000003849217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c598564c480cc3f42021-12-22 11:46:50.443root 11241100x80000000000000003849218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34233033db13c1742021-12-22 11:46:50.443root 11241100x80000000000000003849219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7655bab3ad91b9472021-12-22 11:46:50.443root 11241100x80000000000000003849220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a764ec43e12667f62021-12-22 11:46:50.444root 23542300x80000000000000003849221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:50.917{ec2b6afe-101e-61c3-8022-5e884a560000}19064ubuntu/bin/nano/home/ubuntu/./.evil_preload.c.swp--- 11241100x80000000000000003849222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:50.917{ec2b6afe-101e-61c3-8022-5e884a560000}19064/bin/nano/home/ubuntu/.evil_preload.c.swp2021-12-22 11:46:50.917ubuntu 11241100x80000000000000003849223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:50.918{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b446cf7934db4b92021-12-22 11:46:50.918root 11241100x80000000000000003849224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:50.918{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a207f47b4e9c4f312021-12-22 11:46:50.918root 11241100x80000000000000003849225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:50.918{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0715e2656ccd3f62021-12-22 11:46:50.918root 11241100x80000000000000003849226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:50.918{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8bb72bb1536d652021-12-22 11:46:50.918root 11241100x80000000000000003849227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:50.919{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a8c67f0c0d7faf2021-12-22 11:46:50.919root 11241100x80000000000000003849228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:50.919{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a06929a507c34ba2021-12-22 11:46:50.919root 11241100x80000000000000003849229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:50.919{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791679e014dffce12021-12-22 11:46:50.919root 11241100x80000000000000003849230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:50.919{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3530bcc6b60076b12021-12-22 11:46:50.919root 11241100x80000000000000003849231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:50.919{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.964281b3130c0df82021-12-22 11:46:50.919root 11241100x80000000000000003849232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:50.919{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b15c0aee5555d92021-12-22 11:46:50.919root 11241100x80000000000000003849233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9ba8e223879fd52021-12-22 11:46:51.193root 11241100x80000000000000003849234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f639856701bb13362021-12-22 11:46:51.193root 11241100x80000000000000003849235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb7dfe303b6cbdc2021-12-22 11:46:51.193root 11241100x80000000000000003849236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57beebd654efebaf2021-12-22 11:46:51.193root 11241100x80000000000000003849237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13444bc1cb0188092021-12-22 11:46:51.194root 11241100x80000000000000003849238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab103bded4a4c6622021-12-22 11:46:51.194root 11241100x80000000000000003849239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309f380769d0db402021-12-22 11:46:51.194root 11241100x80000000000000003849240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f5e89ecfb870b12021-12-22 11:46:51.194root 11241100x80000000000000003849241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd506c74de75f582021-12-22 11:46:51.194root 11241100x80000000000000003849242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c90fbb877cb9112021-12-22 11:46:51.194root 11241100x80000000000000003849243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ae9f1dfa68a5fe2021-12-22 11:46:51.693root 11241100x80000000000000003849244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5d717c47aee7a02021-12-22 11:46:51.693root 11241100x80000000000000003849245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0583946757c31022021-12-22 11:46:51.693root 11241100x80000000000000003849246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03989f3950b06392021-12-22 11:46:51.693root 11241100x80000000000000003849247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bcdd83f91982e592021-12-22 11:46:51.693root 11241100x80000000000000003849248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe635e1fb41e9fc82021-12-22 11:46:51.693root 11241100x80000000000000003849249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da6a32cff0e423e2021-12-22 11:46:51.693root 11241100x80000000000000003849250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1ad0cf99c678182021-12-22 11:46:51.693root 11241100x80000000000000003849251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5400b3515426cd2021-12-22 11:46:51.693root 11241100x80000000000000003849252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7e95bba051d50d2021-12-22 11:46:51.694root 354300x80000000000000003849253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:52.115{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55444-false10.0.1.12-8000- 11241100x80000000000000003849254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:52.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ddb8a8520ed01b42021-12-22 11:46:52.116root 11241100x80000000000000003849255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:52.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580ccacd266998f02021-12-22 11:46:52.116root 11241100x80000000000000003849256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:52.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6d0f1e4d1576252021-12-22 11:46:52.116root 11241100x80000000000000003849257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:52.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab875fffdb28a4632021-12-22 11:46:52.116root 11241100x80000000000000003849258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:52.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79472605daa16d52021-12-22 11:46:52.117root 11241100x80000000000000003849259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:52.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5359ea83eeabffb2021-12-22 11:46:52.117root 11241100x80000000000000003849260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:52.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8e229830de75072021-12-22 11:46:52.117root 11241100x80000000000000003849261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:52.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea802ce3e4067512021-12-22 11:46:52.117root 11241100x80000000000000003849262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:52.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b576d0d11048126a2021-12-22 11:46:52.117root 11241100x80000000000000003849263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:52.118{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902dcf4f32c3c8cd2021-12-22 11:46:52.118root 11241100x80000000000000003849264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:52.118{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.babb47f3902a2af22021-12-22 11:46:52.118root 11241100x80000000000000003849265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f171b5c0485063e12021-12-22 11:46:52.443root 11241100x80000000000000003849266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ff9dc59da479612021-12-22 11:46:52.443root 11241100x80000000000000003849267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc67cb084024fc222021-12-22 11:46:52.443root 11241100x80000000000000003849268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6bd348af614772b2021-12-22 11:46:52.443root 11241100x80000000000000003849269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd92ddabc3793742021-12-22 11:46:52.443root 11241100x80000000000000003849270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a563be9d2ba1102021-12-22 11:46:52.443root 11241100x80000000000000003849271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a5ccce9d1e61602021-12-22 11:46:52.444root 11241100x80000000000000003849272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357a0299635b8cf02021-12-22 11:46:52.444root 11241100x80000000000000003849273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd00ddc1dea72ce62021-12-22 11:46:52.444root 11241100x80000000000000003849274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923129805f2ed99b2021-12-22 11:46:52.444root 11241100x80000000000000003849275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58e4dcd44c7e9c72021-12-22 11:46:52.444root 11241100x80000000000000003849276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dcc1aa09596bfdc2021-12-22 11:46:52.943root 11241100x80000000000000003849277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44bcd1c63f78819c2021-12-22 11:46:52.943root 11241100x80000000000000003849278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71125dcc60ee755f2021-12-22 11:46:52.943root 11241100x80000000000000003849279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08439a59ffd53c612021-12-22 11:46:52.943root 11241100x80000000000000003849280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23b278a6a1332292021-12-22 11:46:52.943root 11241100x80000000000000003849281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47300fb7042ba3322021-12-22 11:46:52.943root 11241100x80000000000000003849282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe2a11e984d47b02021-12-22 11:46:52.943root 11241100x80000000000000003849283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34b419ea059c9082021-12-22 11:46:52.944root 11241100x80000000000000003849284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd41d019896fd3262021-12-22 11:46:52.944root 11241100x80000000000000003849285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423f1b5974db9bd92021-12-22 11:46:52.944root 11241100x80000000000000003849286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5069c1eb1047d7762021-12-22 11:46:52.944root 11241100x80000000000000003849287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99109e3dbf2081e2021-12-22 11:46:53.443root 11241100x80000000000000003849288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c4a2e4c163ba6a2021-12-22 11:46:53.443root 11241100x80000000000000003849289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f6b6c614777e972021-12-22 11:46:53.443root 11241100x80000000000000003849290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8853eaa452251a982021-12-22 11:46:53.443root 11241100x80000000000000003849291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225fd7f770d7e3f02021-12-22 11:46:53.443root 11241100x80000000000000003849292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3209705d4607e3692021-12-22 11:46:53.443root 11241100x80000000000000003849293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afabe5c5d878a7802021-12-22 11:46:53.443root 11241100x80000000000000003849294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21d58abd0533f0f2021-12-22 11:46:53.443root 11241100x80000000000000003849295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bba6459af3077f12021-12-22 11:46:53.444root 11241100x80000000000000003849296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9bcccca72847c32021-12-22 11:46:53.444root 11241100x80000000000000003849297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b38569ae76ea06b2021-12-22 11:46:53.444root 11241100x80000000000000003849298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580381d3f8ecaeda2021-12-22 11:46:53.943root 11241100x80000000000000003849299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63d12e0615479b82021-12-22 11:46:53.943root 11241100x80000000000000003849300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3236c0e136d719d22021-12-22 11:46:53.943root 11241100x80000000000000003849301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dda3f3c0fbe8b2e2021-12-22 11:46:53.943root 11241100x80000000000000003849302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345364741b74da2a2021-12-22 11:46:53.943root 11241100x80000000000000003849303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715c2e164e71f4832021-12-22 11:46:53.943root 11241100x80000000000000003849304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce220625391c17c2021-12-22 11:46:53.943root 11241100x80000000000000003849305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc3516a9fe93ce82021-12-22 11:46:53.943root 11241100x80000000000000003849306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0d708e123d6ae12021-12-22 11:46:53.944root 11241100x80000000000000003849307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c969fe764965a52021-12-22 11:46:53.944root 11241100x80000000000000003849308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22bef6dccc2ec3552021-12-22 11:46:53.944root 11241100x80000000000000003849309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a5a570bcf1ae0f2021-12-22 11:46:54.443root 11241100x80000000000000003849310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779bbd4c48ff37eb2021-12-22 11:46:54.443root 11241100x80000000000000003849311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06b4511e73f03822021-12-22 11:46:54.443root 11241100x80000000000000003849312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863f1d0d53a630e92021-12-22 11:46:54.443root 11241100x80000000000000003849313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b43cfd90bf54af2021-12-22 11:46:54.443root 11241100x80000000000000003849314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ddb6467db35c032021-12-22 11:46:54.443root 11241100x80000000000000003849315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.686b3a3a3ca39bbf2021-12-22 11:46:54.443root 11241100x80000000000000003849316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5307e9c3c2d3d5012021-12-22 11:46:54.443root 11241100x80000000000000003849317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f68549e6e845572021-12-22 11:46:54.443root 11241100x80000000000000003849318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae18ce1bd5e857182021-12-22 11:46:54.444root 11241100x80000000000000003849319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b54227e7bcd31722021-12-22 11:46:54.444root 11241100x80000000000000003849320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f0708140b638772021-12-22 11:46:54.943root 11241100x80000000000000003849321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa9f12afaf4c5e22021-12-22 11:46:54.943root 11241100x80000000000000003849322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10a40c385eb00012021-12-22 11:46:54.943root 11241100x80000000000000003849323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf9ac46c1aee92e2021-12-22 11:46:54.943root 11241100x80000000000000003849324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221dfc6cc73cbb1e2021-12-22 11:46:54.943root 11241100x80000000000000003849325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54f5891ff4fd1cc2021-12-22 11:46:54.943root 11241100x80000000000000003849326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a4f9a3130c095a2021-12-22 11:46:54.943root 11241100x80000000000000003849327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e574d339a61d7a182021-12-22 11:46:54.944root 11241100x80000000000000003849328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3668c7313bfba3d02021-12-22 11:46:54.944root 11241100x80000000000000003849329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d444517e2c7ccb372021-12-22 11:46:54.944root 11241100x80000000000000003849330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c127c30fdfa05a2021-12-22 11:46:54.944root 23542300x80000000000000003849331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:55.127{ec2b6afe-101e-61c3-8022-5e884a560000}19064ubuntu/bin/nano/home/ubuntu/./.evil_preload.c.swp--- 534500x80000000000000003849332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:55.127{ec2b6afe-101e-61c3-8022-5e884a560000}19064/bin/nanoubuntu 11241100x80000000000000003849333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc612689b4607e22021-12-22 11:46:55.443root 11241100x80000000000000003849334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490452eccf24ed012021-12-22 11:46:55.443root 11241100x80000000000000003849335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8285a21604a434d2021-12-22 11:46:55.443root 11241100x80000000000000003849336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54e2a5472cc99af2021-12-22 11:46:55.443root 11241100x80000000000000003849337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c83c77058df69022021-12-22 11:46:55.443root 11241100x80000000000000003849338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88acdb0c75d365d02021-12-22 11:46:55.443root 11241100x80000000000000003849339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18712c3b6640572a2021-12-22 11:46:55.443root 11241100x80000000000000003849340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e57e2bc75590612021-12-22 11:46:55.444root 11241100x80000000000000003849341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185f6efef742f2842021-12-22 11:46:55.444root 11241100x80000000000000003849342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f821a827cef231da2021-12-22 11:46:55.444root 11241100x80000000000000003849343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9110c3a2432fdbc2021-12-22 11:46:55.444root 11241100x80000000000000003849344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16892b3a249bcf822021-12-22 11:46:55.444root 11241100x80000000000000003849345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bcbeffe84c82d5e2021-12-22 11:46:55.444root 11241100x80000000000000003849346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d3e2b27bf010562021-12-22 11:46:55.943root 11241100x80000000000000003849347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5eb61c44a143a112021-12-22 11:46:55.943root 11241100x80000000000000003849348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec854755f2c2a8662021-12-22 11:46:55.943root 11241100x80000000000000003849349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe3a21a7dc424352021-12-22 11:46:55.943root 11241100x80000000000000003849350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b21e9d1124d61b2021-12-22 11:46:55.943root 11241100x80000000000000003849351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9177051cdbd3e1f2021-12-22 11:46:55.943root 11241100x80000000000000003849352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453341de1309a39f2021-12-22 11:46:55.943root 11241100x80000000000000003849353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f39c16b9d1255a2021-12-22 11:46:55.944root 11241100x80000000000000003849354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c27a86ef3ce52ab2021-12-22 11:46:55.944root 11241100x80000000000000003849355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d076b5abaf971a9d2021-12-22 11:46:55.944root 11241100x80000000000000003849356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813ba98dcb87b5762021-12-22 11:46:55.944root 11241100x80000000000000003849357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eacfe209a9f23cc2021-12-22 11:46:55.944root 11241100x80000000000000003849358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d75e044b0d433d2021-12-22 11:46:55.944root 11241100x80000000000000003849359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e97598abf9224db2021-12-22 11:46:56.443root 11241100x80000000000000003849360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4453885e0a616d72021-12-22 11:46:56.443root 11241100x80000000000000003849361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d4a249985afee12021-12-22 11:46:56.443root 11241100x80000000000000003849362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99cab6a6f1de83262021-12-22 11:46:56.443root 11241100x80000000000000003849363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85665e0fffb453fb2021-12-22 11:46:56.443root 11241100x80000000000000003849364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bbb37ce9526bc3d2021-12-22 11:46:56.443root 11241100x80000000000000003849365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da79921e095a47f92021-12-22 11:46:56.443root 11241100x80000000000000003849366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5718c493146eca5b2021-12-22 11:46:56.444root 11241100x80000000000000003849367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3be9684caf6f482021-12-22 11:46:56.444root 11241100x80000000000000003849368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3185d6a37026382021-12-22 11:46:56.444root 11241100x80000000000000003849369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ebd04aabae8bdc2021-12-22 11:46:56.444root 11241100x80000000000000003849370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909da7bd76240e322021-12-22 11:46:56.444root 11241100x80000000000000003849371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a91db0a8cf56fdb2021-12-22 11:46:56.444root 11241100x80000000000000003849372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71652f1295094f032021-12-22 11:46:56.943root 11241100x80000000000000003849373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329b10114e2682e72021-12-22 11:46:56.943root 11241100x80000000000000003849374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e885980d8d19a692021-12-22 11:46:56.943root 11241100x80000000000000003849375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32587bbe1aab5f442021-12-22 11:46:56.943root 11241100x80000000000000003849376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2a4a4c18b90b302021-12-22 11:46:56.943root 11241100x80000000000000003849377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627ded513311f1c02021-12-22 11:46:56.943root 11241100x80000000000000003849378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c54c6682fbfa4822021-12-22 11:46:56.944root 11241100x80000000000000003849379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c36ab06b7a9fb9c12021-12-22 11:46:56.944root 11241100x80000000000000003849380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69636893ee8b6782021-12-22 11:46:56.944root 11241100x80000000000000003849381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324ec8daa818e6e22021-12-22 11:46:56.944root 11241100x80000000000000003849382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb44b2f74dc2e952021-12-22 11:46:56.944root 11241100x80000000000000003849383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2eb84e05f418522021-12-22 11:46:56.944root 11241100x80000000000000003849384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd285c9569e7f9032021-12-22 11:46:56.944root 11241100x80000000000000003849385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58ceb21184a3a912021-12-22 11:46:57.443root 11241100x80000000000000003849386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7441b51081a4dfcd2021-12-22 11:46:57.443root 11241100x80000000000000003849387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1449488d2195b12021-12-22 11:46:57.443root 11241100x80000000000000003849388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d7c0f7dd3d3b6e2021-12-22 11:46:57.443root 11241100x80000000000000003849389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d584bc62c3446a2021-12-22 11:46:57.443root 11241100x80000000000000003849390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa362976db3ed5b42021-12-22 11:46:57.444root 11241100x80000000000000003849391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799053aeda0805722021-12-22 11:46:57.444root 11241100x80000000000000003849392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0323a3260cfa9ae32021-12-22 11:46:57.444root 11241100x80000000000000003849393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4f2f0c79b784d52021-12-22 11:46:57.444root 11241100x80000000000000003849394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19f3853449ccc8a2021-12-22 11:46:57.444root 11241100x80000000000000003849395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45aeac630bf224a2021-12-22 11:46:57.444root 11241100x80000000000000003849396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b9c7ef904c86902021-12-22 11:46:57.444root 11241100x80000000000000003849397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3da325dd4aeee82021-12-22 11:46:57.444root 11241100x80000000000000003849398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c17970582aa4d8d2021-12-22 11:46:57.943root 11241100x80000000000000003849399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0569699e7ef0afe2021-12-22 11:46:57.943root 11241100x80000000000000003849400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b17b04b412340d92021-12-22 11:46:57.943root 11241100x80000000000000003849401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62739805d59acb792021-12-22 11:46:57.943root 11241100x80000000000000003849402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1591756445b222d42021-12-22 11:46:57.943root 11241100x80000000000000003849403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa807726bdf86622021-12-22 11:46:57.943root 11241100x80000000000000003849404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf99c66ae4435ef82021-12-22 11:46:57.943root 11241100x80000000000000003849405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60208176023042222021-12-22 11:46:57.944root 11241100x80000000000000003849406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062d0611961ea5c32021-12-22 11:46:57.944root 11241100x80000000000000003849407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124fc159a0390dc92021-12-22 11:46:57.944root 11241100x80000000000000003849408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bb3a13cedbdb522021-12-22 11:46:57.944root 11241100x80000000000000003849409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179a265cf7f860432021-12-22 11:46:57.944root 11241100x80000000000000003849410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190f79e955f109cb2021-12-22 11:46:57.944root 354300x80000000000000003849411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:58.034{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55446-false10.0.1.12-8000- 11241100x80000000000000003849412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5801d04b07773e2021-12-22 11:46:58.443root 11241100x80000000000000003849413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3d2bddbde4f67f2021-12-22 11:46:58.443root 11241100x80000000000000003849414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec02633ed57b3e702021-12-22 11:46:58.443root 11241100x80000000000000003849415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe34ebae758ae7d2021-12-22 11:46:58.443root 11241100x80000000000000003849416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2be3e4ad240af62021-12-22 11:46:58.443root 11241100x80000000000000003849417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713066a72cc32e862021-12-22 11:46:58.444root 11241100x80000000000000003849418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f15fdc6541b02972021-12-22 11:46:58.444root 11241100x80000000000000003849419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3976d836d651fdc2021-12-22 11:46:58.444root 11241100x80000000000000003849420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd9ffa14baca0a62021-12-22 11:46:58.444root 11241100x80000000000000003849421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31fb14db0d656c22021-12-22 11:46:58.444root 11241100x80000000000000003849422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6dada635da1f6ed2021-12-22 11:46:58.444root 11241100x80000000000000003849423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec04576dab4bdf182021-12-22 11:46:58.444root 11241100x80000000000000003849424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be0c4b81e4ae7362021-12-22 11:46:58.444root 11241100x80000000000000003849425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c68a30907a55f172021-12-22 11:46:58.444root 11241100x80000000000000003849426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5085ebc5969bd22021-12-22 11:46:58.943root 11241100x80000000000000003849427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9bb8fbf9f2c0832021-12-22 11:46:58.943root 11241100x80000000000000003849428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a789ff20c28d46c2021-12-22 11:46:58.943root 11241100x80000000000000003849429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f1e133e96324c52021-12-22 11:46:58.943root 11241100x80000000000000003849430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b453dfab9154c72021-12-22 11:46:58.943root 11241100x80000000000000003849431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8853c32547b486852021-12-22 11:46:58.943root 11241100x80000000000000003849432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e840c9f71b171e12021-12-22 11:46:58.944root 11241100x80000000000000003849433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e219e8ebaf8c8372021-12-22 11:46:58.944root 11241100x80000000000000003849434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8571ba9ba6ad1ae2021-12-22 11:46:58.944root 11241100x80000000000000003849435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260fc712450c5af02021-12-22 11:46:58.944root 11241100x80000000000000003849436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62bbe3de33b14d22021-12-22 11:46:58.944root 11241100x80000000000000003849437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17410cc29f0f5082021-12-22 11:46:58.944root 11241100x80000000000000003849438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f6c9a8ff584fe22021-12-22 11:46:58.944root 11241100x80000000000000003849439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e5881b21b955672021-12-22 11:46:58.944root 154100x80000000000000003849440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.086{ec2b6afe-1033-61c3-1040-068193550000}19065/bin/touch-----touch test.txt/home/ubuntuubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 11241100x80000000000000003849441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.087{ec2b6afe-1033-61c3-1040-068193550000}19065/bin/touch/home/ubuntu/test.txt2021-12-22 11:46:59.087ubuntu 534500x80000000000000003849442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.087{ec2b6afe-1033-61c3-1040-068193550000}19065/bin/touchubuntu 11241100x80000000000000003849443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b0d5aff25ebc362021-12-22 11:46:59.443root 11241100x80000000000000003849444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6384e6bea60dbaba2021-12-22 11:46:59.443root 11241100x80000000000000003849445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d082cbbd25ff53f2021-12-22 11:46:59.443root 11241100x80000000000000003849446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6e1cfcdaa55eb12021-12-22 11:46:59.443root 11241100x80000000000000003849447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1768fb2f32b03c2021-12-22 11:46:59.443root 11241100x80000000000000003849448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6268c44fb606132021-12-22 11:46:59.444root 11241100x80000000000000003849449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b7a555d4c8c7b02021-12-22 11:46:59.444root 11241100x80000000000000003849450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692a1aee21af4a6d2021-12-22 11:46:59.444root 11241100x80000000000000003849451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a756c7a417a2e9c2021-12-22 11:46:59.444root 11241100x80000000000000003849452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50a85cc0f2fd9902021-12-22 11:46:59.444root 11241100x80000000000000003849453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be544d5eadea1ca02021-12-22 11:46:59.444root 11241100x80000000000000003849454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf5e700b1aa83122021-12-22 11:46:59.444root 11241100x80000000000000003849455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d7d6b9e1e67bc92021-12-22 11:46:59.444root 11241100x80000000000000003849456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65f75cf881de59b2021-12-22 11:46:59.444root 11241100x80000000000000003849457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ed002eb77880f72021-12-22 11:46:59.444root 11241100x80000000000000003849458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b8dc0fdd6cef392021-12-22 11:46:59.445root 11241100x80000000000000003849459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59d54def688f7a92021-12-22 11:46:59.445root 11241100x80000000000000003849460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0845aa68ae219c812021-12-22 11:46:59.943root 11241100x80000000000000003849461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b82d056f310a0f92021-12-22 11:46:59.943root 11241100x80000000000000003849462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96be1759f3d756ff2021-12-22 11:46:59.943root 11241100x80000000000000003849463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69e95658d5263402021-12-22 11:46:59.943root 11241100x80000000000000003849464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5fd5aac212210bd2021-12-22 11:46:59.943root 11241100x80000000000000003849465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289856b4a030c66e2021-12-22 11:46:59.944root 11241100x80000000000000003849466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac79fd08c196901d2021-12-22 11:46:59.944root 11241100x80000000000000003849467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365c0d3a71b2963b2021-12-22 11:46:59.944root 11241100x80000000000000003849468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644ce424a026a3ff2021-12-22 11:46:59.944root 11241100x80000000000000003849469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca9b92d52e268572021-12-22 11:46:59.944root 11241100x80000000000000003849470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4129a11325ebaa2021-12-22 11:46:59.944root 11241100x80000000000000003849471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51dd6ef7093c06b2021-12-22 11:46:59.944root 11241100x80000000000000003849472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac4f7e5f763321e2021-12-22 11:46:59.944root 11241100x80000000000000003849473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a1ba89196559f12021-12-22 11:46:59.944root 11241100x80000000000000003849474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adcdf013eee7a5e02021-12-22 11:46:59.944root 11241100x80000000000000003849475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71a28dba613ac552021-12-22 11:46:59.945root 11241100x80000000000000003849476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef4a1546915559b2021-12-22 11:46:59.945root 11241100x80000000000000003849477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d144b9985e47f22021-12-22 11:47:00.443root 11241100x80000000000000003849478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4979f652f90783bb2021-12-22 11:47:00.443root 11241100x80000000000000003849479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4f8d1bf48b2f9d2021-12-22 11:47:00.443root 11241100x80000000000000003849480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbceb44aabdf286b2021-12-22 11:47:00.443root 11241100x80000000000000003849481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9945b30b17b0522021-12-22 11:47:00.443root 11241100x80000000000000003849482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e4972a37d77db72021-12-22 11:47:00.444root 11241100x80000000000000003849483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd74842be0e57042021-12-22 11:47:00.444root 11241100x80000000000000003849484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833f65eda538ea542021-12-22 11:47:00.444root 11241100x80000000000000003849485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c19c9aeed9ff3582021-12-22 11:47:00.444root 11241100x80000000000000003849486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c975d02c53314b142021-12-22 11:47:00.444root 11241100x80000000000000003849487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cd526b6ef606b02021-12-22 11:47:00.444root 11241100x80000000000000003849488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a6a09c3eb944642021-12-22 11:47:00.444root 11241100x80000000000000003849489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bec67084bd6c582021-12-22 11:47:00.444root 11241100x80000000000000003849490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb26ebec7b9b3bb12021-12-22 11:47:00.444root 11241100x80000000000000003849491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1bcf9b2f3c7819e2021-12-22 11:47:00.445root 11241100x80000000000000003849492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a953a0cd301e24eb2021-12-22 11:47:00.445root 11241100x80000000000000003849493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00976e66cfefd8942021-12-22 11:47:00.445root 11241100x80000000000000003849494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04625f9e70be66a2021-12-22 11:47:00.943root 11241100x80000000000000003849495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe504de3cae8fdc2021-12-22 11:47:00.943root 11241100x80000000000000003849496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05319f3f7a70ffb22021-12-22 11:47:00.943root 11241100x80000000000000003849497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78e29b9bda7a3932021-12-22 11:47:00.943root 11241100x80000000000000003849498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0538a5a6b7ca9dc32021-12-22 11:47:00.943root 11241100x80000000000000003849499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8883b848ace3a5e42021-12-22 11:47:00.943root 11241100x80000000000000003849500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61cbdd5f80e6731c2021-12-22 11:47:00.944root 11241100x80000000000000003849501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2f9e8f1c6f4b722021-12-22 11:47:00.944root 11241100x80000000000000003849502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9660f7e051d70d442021-12-22 11:47:00.944root 11241100x80000000000000003849503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c9f4b0b534f5812021-12-22 11:47:00.944root 11241100x80000000000000003849504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e359bd697108c5822021-12-22 11:47:00.944root 11241100x80000000000000003849505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3996e4a49d5d7942021-12-22 11:47:00.944root 11241100x80000000000000003849506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67478b8b9680fdf72021-12-22 11:47:00.944root 11241100x80000000000000003849507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d865c74b53d2f812021-12-22 11:47:00.944root 11241100x80000000000000003849508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab3477d1840e1372021-12-22 11:47:00.944root 11241100x80000000000000003849509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cd4ef3833f1c0c2021-12-22 11:47:00.945root 11241100x80000000000000003849510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1636a0059a2ff8932021-12-22 11:47:00.945root 11241100x80000000000000003849511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac2c310eb5583dd2021-12-22 11:47:01.443root 11241100x80000000000000003849512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23dbadc1f9428ae72021-12-22 11:47:01.443root 11241100x80000000000000003849513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e8c375fed593112021-12-22 11:47:01.443root 11241100x80000000000000003849514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921d81a193cf4aff2021-12-22 11:47:01.443root 11241100x80000000000000003849515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92085889ea47c9182021-12-22 11:47:01.443root 11241100x80000000000000003849516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc85d9cf13d06c512021-12-22 11:47:01.444root 11241100x80000000000000003849517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14f7bbcdb147e822021-12-22 11:47:01.444root 11241100x80000000000000003849518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be46633fdd25f9922021-12-22 11:47:01.444root 11241100x80000000000000003849519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62161407e458c1b02021-12-22 11:47:01.444root 11241100x80000000000000003849520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0fef72fb0ee24b32021-12-22 11:47:01.444root 11241100x80000000000000003849521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109d4651a45bcbd52021-12-22 11:47:01.444root 11241100x80000000000000003849522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff82ab5d961a2cc42021-12-22 11:47:01.444root 11241100x80000000000000003849523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c8f09af0b7868b2021-12-22 11:47:01.444root 11241100x80000000000000003849524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7aaa1a26fbc4b22021-12-22 11:47:01.444root 11241100x80000000000000003849525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed3e845ae3d862a2021-12-22 11:47:01.445root 11241100x80000000000000003849526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f9974d52b152532021-12-22 11:47:01.445root 11241100x80000000000000003849527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29d9a6bb9702f402021-12-22 11:47:01.445root 11241100x80000000000000003849528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c05edbd5963fdd02021-12-22 11:47:01.943root 11241100x80000000000000003849529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6373712a8c92e8052021-12-22 11:47:01.943root 11241100x80000000000000003849530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bccae768a02dae432021-12-22 11:47:01.943root 11241100x80000000000000003849531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8eabad9de7b8142021-12-22 11:47:01.943root 11241100x80000000000000003849532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb68c8b0d62e5a32021-12-22 11:47:01.944root 11241100x80000000000000003849533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1f2ab5d0588f402021-12-22 11:47:01.944root 11241100x80000000000000003849534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c886bc0b78c4862021-12-22 11:47:01.944root 11241100x80000000000000003849535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4af2dd144b7b9b2021-12-22 11:47:01.944root 11241100x80000000000000003849536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00644b08b48221f62021-12-22 11:47:01.944root 11241100x80000000000000003849537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473bda4501f108832021-12-22 11:47:01.944root 11241100x80000000000000003849538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8942a83e0a79c1f52021-12-22 11:47:01.944root 11241100x80000000000000003849539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b829ef2e999618fd2021-12-22 11:47:01.944root 11241100x80000000000000003849540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4fcc400183b9f7b2021-12-22 11:47:01.944root 11241100x80000000000000003849541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59ea2cd84e695512021-12-22 11:47:01.945root 11241100x80000000000000003849542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce0b72474bb7aa52021-12-22 11:47:01.945root 11241100x80000000000000003849543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42dfdd0379e53442021-12-22 11:47:01.945root 11241100x80000000000000003849544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51b526037313b622021-12-22 11:47:01.945root 11241100x80000000000000003849545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995273f7b09f3cf12021-12-22 11:47:02.443root 11241100x80000000000000003849546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce484b143ca80d02021-12-22 11:47:02.443root 11241100x80000000000000003849547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66fd9bde1f815a82021-12-22 11:47:02.443root 11241100x80000000000000003849548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9cd46cc7f7fd472021-12-22 11:47:02.443root 11241100x80000000000000003849549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203b36eb51a7d81f2021-12-22 11:47:02.443root 11241100x80000000000000003849550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce94dba1c4cfe9d2021-12-22 11:47:02.444root 11241100x80000000000000003849551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672a67a7604a77d62021-12-22 11:47:02.444root 11241100x80000000000000003849552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970453bde9067acd2021-12-22 11:47:02.444root 11241100x80000000000000003849553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99b1d3005e1a2862021-12-22 11:47:02.444root 11241100x80000000000000003849554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3933b9656e5fde9f2021-12-22 11:47:02.444root 11241100x80000000000000003849555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a54be90d0970e7e2021-12-22 11:47:02.444root 11241100x80000000000000003849556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e85f7a1681d402f2021-12-22 11:47:02.444root 11241100x80000000000000003849557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6b85113df354e32021-12-22 11:47:02.444root 11241100x80000000000000003849558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f5d73134538cd52021-12-22 11:47:02.444root 11241100x80000000000000003849559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4dca1dd7e2962a62021-12-22 11:47:02.444root 11241100x80000000000000003849560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8234b1e67e6eb3cd2021-12-22 11:47:02.445root 11241100x80000000000000003849561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec078e84e7e880d2021-12-22 11:47:02.445root 11241100x80000000000000003849562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dcfdf9015186cb72021-12-22 11:47:02.943root 11241100x80000000000000003849563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5246a4b3e8878a7b2021-12-22 11:47:02.943root 11241100x80000000000000003849564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c27bb3cfcc44522021-12-22 11:47:02.943root 11241100x80000000000000003849565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e12c96d216be9f2021-12-22 11:47:02.944root 11241100x80000000000000003849566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69ff23285192d342021-12-22 11:47:02.944root 11241100x80000000000000003849567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c707d3cab1620e292021-12-22 11:47:02.944root 11241100x80000000000000003849568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3811776223af4ec2021-12-22 11:47:02.944root 11241100x80000000000000003849569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ee54f8bed9f5ad2021-12-22 11:47:02.944root 11241100x80000000000000003849570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e149382452b27d2021-12-22 11:47:02.944root 11241100x80000000000000003849571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089ec9c9e53dae722021-12-22 11:47:02.944root 11241100x80000000000000003849572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d602c06478b9e3b52021-12-22 11:47:02.944root 11241100x80000000000000003849573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7612834f50206d2021-12-22 11:47:02.944root 11241100x80000000000000003849574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5cce022669d9d42021-12-22 11:47:02.944root 11241100x80000000000000003849575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3ab8c9c19c2ea52021-12-22 11:47:02.944root 11241100x80000000000000003849576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fdde5b8177ac16c2021-12-22 11:47:02.944root 11241100x80000000000000003849577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0bd2445d1638ad2021-12-22 11:47:02.944root 11241100x80000000000000003849578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03284d7f82df776d2021-12-22 11:47:02.944root 11241100x80000000000000003849579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.144{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-22 11:47:03.144root 354300x80000000000000003849580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.253{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55448-false10.0.1.12-8000- 11241100x80000000000000003849581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468090c581b9380e2021-12-22 11:47:03.254root 11241100x80000000000000003849582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51517a1f1e0801b92021-12-22 11:47:03.254root 11241100x80000000000000003849583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932b1c3e01fe8e442021-12-22 11:47:03.254root 11241100x80000000000000003849584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9473241f2dcd54492021-12-22 11:47:03.254root 11241100x80000000000000003849585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5f8d63c8334bac2021-12-22 11:47:03.254root 11241100x80000000000000003849586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ad45f55c6241bc2021-12-22 11:47:03.255root 11241100x80000000000000003849587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fe726ad6af53372021-12-22 11:47:03.255root 11241100x80000000000000003849588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a32d0be19fd62d2021-12-22 11:47:03.255root 11241100x80000000000000003849589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30bfd8caf70ee75f2021-12-22 11:47:03.255root 11241100x80000000000000003849590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebfe8055cdf882352021-12-22 11:47:03.255root 11241100x80000000000000003849591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276c8715d23f50042021-12-22 11:47:03.255root 11241100x80000000000000003849592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30920291be74bbf2021-12-22 11:47:03.255root 11241100x80000000000000003849593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cade08bc0d1b5b242021-12-22 11:47:03.255root 11241100x80000000000000003849594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1848615ea184c582021-12-22 11:47:03.256root 11241100x80000000000000003849595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c6868a98303d5b2021-12-22 11:47:03.256root 11241100x80000000000000003849596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6c688142337b2d2021-12-22 11:47:03.256root 11241100x80000000000000003849597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b696f37fe5a9a82021-12-22 11:47:03.256root 11241100x80000000000000003849598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33c3e435e289d792021-12-22 11:47:03.256root 11241100x80000000000000003849599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ab1d4f6ecccfb92021-12-22 11:47:03.256root 11241100x80000000000000003849600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a2c2bb22307b452021-12-22 11:47:03.256root 11241100x80000000000000003849601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ff20224779a38b2021-12-22 11:47:03.256root 11241100x80000000000000003849602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca5675fa17392312021-12-22 11:47:03.256root 11241100x80000000000000003849603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52da2d01958e709f2021-12-22 11:47:03.256root 11241100x80000000000000003849604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6068e842814d37862021-12-22 11:47:03.257root 11241100x80000000000000003849605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd09bf4f0866504e2021-12-22 11:47:03.257root 11241100x80000000000000003849606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8ccf773c8bb4812021-12-22 11:47:03.257root 11241100x80000000000000003849607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d40746d8b482452021-12-22 11:47:03.257root 11241100x80000000000000003849608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b157df14be40192021-12-22 11:47:03.257root 11241100x80000000000000003849609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b5f4cab70e74402021-12-22 11:47:03.257root 11241100x80000000000000003849610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8389ac2dd319322021-12-22 11:47:03.257root 11241100x80000000000000003849611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffef11b4c085ffcd2021-12-22 11:47:03.257root 11241100x80000000000000003849612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2049a5014e831932021-12-22 11:47:03.257root 11241100x80000000000000003849613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c62bf6011b047ae2021-12-22 11:47:03.257root 11241100x80000000000000003849614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7181691347af1fae2021-12-22 11:47:03.257root 11241100x80000000000000003849615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6fe78b606a8bad12021-12-22 11:47:03.257root 11241100x80000000000000003849616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454635e0b61742a72021-12-22 11:47:03.257root 11241100x80000000000000003849617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08eda523c8f3ba3e2021-12-22 11:47:03.258root 11241100x80000000000000003849618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7958003cb02d4252021-12-22 11:47:03.258root 11241100x80000000000000003849619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50561022ca67c76d2021-12-22 11:47:03.258root 11241100x80000000000000003849620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0fc3cda20256a2b2021-12-22 11:47:03.258root 11241100x80000000000000003849621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699e75127a86a8182021-12-22 11:47:03.258root 11241100x80000000000000003849622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95175d7c0746367b2021-12-22 11:47:03.693root 11241100x80000000000000003849623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c21b142b52da5712021-12-22 11:47:03.693root 11241100x80000000000000003849624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d41c6c19f2e6f02021-12-22 11:47:03.693root 11241100x80000000000000003849625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ba0ea7e74e012d2021-12-22 11:47:03.693root 11241100x80000000000000003849626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa60966184ff42e12021-12-22 11:47:03.694root 11241100x80000000000000003849627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c40a02d9e617ad2021-12-22 11:47:03.694root 11241100x80000000000000003849628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018a4b9888e2dc082021-12-22 11:47:03.694root 11241100x80000000000000003849629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665cc193b6a74f6a2021-12-22 11:47:03.694root 11241100x80000000000000003849630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba1efe0b0fd54762021-12-22 11:47:03.694root 11241100x80000000000000003849631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b723e30e8a35a72021-12-22 11:47:03.694root 11241100x80000000000000003849632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf2e5d96481d8b82021-12-22 11:47:03.694root 11241100x80000000000000003849633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2652bfeb06ec34522021-12-22 11:47:03.694root 11241100x80000000000000003849634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2974eac3818e9f2021-12-22 11:47:03.694root 11241100x80000000000000003849635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ebe530549fe9ba2021-12-22 11:47:03.694root 11241100x80000000000000003849636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba14cd5c009334b2021-12-22 11:47:03.695root 11241100x80000000000000003849637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f39cd3e65acf66a2021-12-22 11:47:03.695root 11241100x80000000000000003849638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a682d133be6a412021-12-22 11:47:03.695root 11241100x80000000000000003849639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22b320968b57cfd2021-12-22 11:47:03.695root 11241100x80000000000000003849640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e311b9fbcbf189a92021-12-22 11:47:03.695root 11241100x80000000000000003849641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19eb67d9679495bd2021-12-22 11:47:04.193root 11241100x80000000000000003849642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7b4be75a1146932021-12-22 11:47:04.193root 11241100x80000000000000003849643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a551a3639be4f9a22021-12-22 11:47:04.193root 11241100x80000000000000003849644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf488226893b1fcf2021-12-22 11:47:04.193root 11241100x80000000000000003849645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f2e409137018ce2021-12-22 11:47:04.194root 11241100x80000000000000003849646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d756b8c215eded2021-12-22 11:47:04.194root 11241100x80000000000000003849647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2c1485d5a153d82021-12-22 11:47:04.194root 11241100x80000000000000003849648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc37efa231e88d02021-12-22 11:47:04.194root 11241100x80000000000000003849649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6002a88de2cbfd2021-12-22 11:47:04.194root 11241100x80000000000000003849650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cb97698fe6f1b32021-12-22 11:47:04.194root 11241100x80000000000000003849651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85404abcc2a141ce2021-12-22 11:47:04.194root 11241100x80000000000000003849652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3cdd45ec86f2732021-12-22 11:47:04.194root 11241100x80000000000000003849653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df57377c1b29f8632021-12-22 11:47:04.194root 11241100x80000000000000003849654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aaa8846060c02112021-12-22 11:47:04.194root 11241100x80000000000000003849655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5712f7964f6ee62021-12-22 11:47:04.194root 11241100x80000000000000003849656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30511e4c04836a012021-12-22 11:47:04.195root 11241100x80000000000000003849657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63027af94f4f550b2021-12-22 11:47:04.195root 11241100x80000000000000003849658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2bd47ea1c0502422021-12-22 11:47:04.195root 11241100x80000000000000003849659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951c31cbc96732322021-12-22 11:47:04.196root 11241100x80000000000000003849660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4822c8909c49a8ea2021-12-22 11:47:04.693root 11241100x80000000000000003849661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e912021fc5aed8e62021-12-22 11:47:04.693root 11241100x80000000000000003849662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98752cda260f89e32021-12-22 11:47:04.694root 11241100x80000000000000003849663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761f90b1320f832c2021-12-22 11:47:04.694root 11241100x80000000000000003849664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4446d69d1a4ce362021-12-22 11:47:04.694root 11241100x80000000000000003849665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df5348c3ba7ba072021-12-22 11:47:04.694root 11241100x80000000000000003849666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ec9e34154eb4062021-12-22 11:47:04.695root 11241100x80000000000000003849667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4dfc1588da1b3642021-12-22 11:47:04.695root 11241100x80000000000000003849668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68a0793c7165ed62021-12-22 11:47:04.695root 11241100x80000000000000003849669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a73e9f612a4bab92021-12-22 11:47:04.695root 11241100x80000000000000003849670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0dbbe48499d67d2021-12-22 11:47:04.696root 11241100x80000000000000003849671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942ce33919f8993e2021-12-22 11:47:04.696root 11241100x80000000000000003849672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410f906e589d4d462021-12-22 11:47:04.696root 11241100x80000000000000003849673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad474bb960c27afa2021-12-22 11:47:04.696root 11241100x80000000000000003849674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b788808bf493cd2021-12-22 11:47:04.696root 11241100x80000000000000003849675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8e84665806b6b62021-12-22 11:47:04.697root 11241100x80000000000000003849676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98da1a133038f7d62021-12-22 11:47:04.697root 11241100x80000000000000003849677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2553f69f664c59a02021-12-22 11:47:04.697root 11241100x80000000000000003849678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:04.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c021c698ad50562021-12-22 11:47:04.697root 11241100x80000000000000003849679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197aa4badaac06962021-12-22 11:47:05.193root 11241100x80000000000000003849680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9c23fada4eb2a72021-12-22 11:47:05.193root 11241100x80000000000000003849681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc8101b6a27da092021-12-22 11:47:05.194root 11241100x80000000000000003849682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4ed662fc50eea72021-12-22 11:47:05.194root 11241100x80000000000000003849683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36688e5b5ae713f2021-12-22 11:47:05.194root 11241100x80000000000000003849684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a171363808d2d4ea2021-12-22 11:47:05.194root 11241100x80000000000000003849685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515e9e8894654abe2021-12-22 11:47:05.195root 11241100x80000000000000003849686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ca2e12df6751612021-12-22 11:47:05.195root 11241100x80000000000000003849687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea50bc6282aa2262021-12-22 11:47:05.195root 11241100x80000000000000003849688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068a1d55fa527fab2021-12-22 11:47:05.195root 11241100x80000000000000003849689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33dcd4274cd3f9342021-12-22 11:47:05.196root 11241100x80000000000000003849690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f4dac39aa22fd82021-12-22 11:47:05.196root 11241100x80000000000000003849691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186887ee7b88f13f2021-12-22 11:47:05.196root 11241100x80000000000000003849692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b8d47fed2f7e6a2021-12-22 11:47:05.197root 11241100x80000000000000003849693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94bd27f7d0e1c4a2021-12-22 11:47:05.197root 11241100x80000000000000003849694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2911bb3e8d4b30c52021-12-22 11:47:05.197root 11241100x80000000000000003849695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4424b0b1bf38b3652021-12-22 11:47:05.198root 11241100x80000000000000003849696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1f9a6cd36c9e792021-12-22 11:47:05.198root 11241100x80000000000000003849697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea19e179566b3d1b2021-12-22 11:47:05.198root 11241100x80000000000000003849698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97378b0375e845b2021-12-22 11:47:05.693root 11241100x80000000000000003849699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66eecef106f5bed2021-12-22 11:47:05.693root 11241100x80000000000000003849700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9c93f6d9e041b32021-12-22 11:47:05.694root 11241100x80000000000000003849701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16032f0d850594f52021-12-22 11:47:05.694root 11241100x80000000000000003849702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5a91af32b199b82021-12-22 11:47:05.694root 11241100x80000000000000003849703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9383d95566fa01352021-12-22 11:47:05.694root 11241100x80000000000000003849704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6fb63224dc37872021-12-22 11:47:05.695root 11241100x80000000000000003849705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a5b0d1d0d0b1b92021-12-22 11:47:05.695root 11241100x80000000000000003849706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712037a7149e011d2021-12-22 11:47:05.695root 11241100x80000000000000003849707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51446c244e7c8e222021-12-22 11:47:05.695root 11241100x80000000000000003849708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02d2767d900f5b62021-12-22 11:47:05.696root 11241100x80000000000000003849709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f02700dfec8b252021-12-22 11:47:05.696root 11241100x80000000000000003849710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad136cbb21d17fd82021-12-22 11:47:05.696root 11241100x80000000000000003849711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec4cdb04971a5902021-12-22 11:47:05.696root 11241100x80000000000000003849712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e15286f1501d5a2021-12-22 11:47:05.696root 11241100x80000000000000003849713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cf3b2d50f2a51b2021-12-22 11:47:05.697root 11241100x80000000000000003849714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98cfd501b4bb40e2021-12-22 11:47:05.697root 11241100x80000000000000003849715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa200bdc65c4c8d2021-12-22 11:47:05.697root 11241100x80000000000000003849716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:05.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ec6c86a278a1832021-12-22 11:47:05.697root 23542300x80000000000000003849717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.146{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000003849718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39850a4fbc0032132021-12-22 11:47:06.146root 11241100x80000000000000003849719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acedcb67cf0e503d2021-12-22 11:47:06.146root 11241100x80000000000000003849720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393b6b59ec0b2c3e2021-12-22 11:47:06.147root 11241100x80000000000000003849721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12b54257e832fa42021-12-22 11:47:06.147root 11241100x80000000000000003849722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42ee12858f8c4a52021-12-22 11:47:06.147root 11241100x80000000000000003849723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78079b6e461c3942021-12-22 11:47:06.147root 11241100x80000000000000003849724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf11dfdb597402192021-12-22 11:47:06.147root 11241100x80000000000000003849725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e376a6f76c3ec3142021-12-22 11:47:06.147root 11241100x80000000000000003849726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b7d908f66d11ab2021-12-22 11:47:06.147root 11241100x80000000000000003849727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73da8f655edd8b8f2021-12-22 11:47:06.147root 11241100x80000000000000003849728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5c904b9f862cb12021-12-22 11:47:06.148root 11241100x80000000000000003849729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5858a11dc3a4b92021-12-22 11:47:06.148root 11241100x80000000000000003849730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b99c5a61ac98812021-12-22 11:47:06.148root 11241100x80000000000000003849731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0feeb53a792ce3882021-12-22 11:47:06.148root 11241100x80000000000000003849732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb78a5eb41c1e6d2021-12-22 11:47:06.148root 11241100x80000000000000003849733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ceccc565428c5662021-12-22 11:47:06.148root 11241100x80000000000000003849734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37541a213472ebe2021-12-22 11:47:06.148root 11241100x80000000000000003849735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ecca5396c6978a12021-12-22 11:47:06.148root 11241100x80000000000000003849736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f252f783c5c2ae572021-12-22 11:47:06.148root 11241100x80000000000000003849737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8354078ce659ab1b2021-12-22 11:47:06.148root 11241100x80000000000000003849738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8478c7817b7a972021-12-22 11:47:06.149root 11241100x80000000000000003849739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b6524cfc9a396b2021-12-22 11:47:06.149root 11241100x80000000000000003849740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6408219c23c6d3242021-12-22 11:47:06.149root 11241100x80000000000000003849741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c57ed5aecfa9ac132021-12-22 11:47:06.149root 11241100x80000000000000003849742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d8ba9fefe6b3d32021-12-22 11:47:06.149root 11241100x80000000000000003849743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a245ed082f083dc72021-12-22 11:47:06.149root 11241100x80000000000000003849744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b2810feabc114d2021-12-22 11:47:06.149root 11241100x80000000000000003849745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d0f7e58ba287842021-12-22 11:47:06.149root 11241100x80000000000000003849746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3906a7b90144abee2021-12-22 11:47:06.150root 11241100x80000000000000003849747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceaa4d18c5dffd0d2021-12-22 11:47:06.150root 11241100x80000000000000003849748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2648545a5767c72021-12-22 11:47:06.150root 11241100x80000000000000003849749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d93cb332d9464892021-12-22 11:47:06.150root 11241100x80000000000000003849750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55dadd5dbb64ef6f2021-12-22 11:47:06.150root 11241100x80000000000000003849751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100d54300f0d3cc52021-12-22 11:47:06.151root 11241100x80000000000000003849752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff95d1799ab4f9f2021-12-22 11:47:06.151root 11241100x80000000000000003849753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aba37070d5513b62021-12-22 11:47:06.151root 11241100x80000000000000003849754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d880ae46df32cdaa2021-12-22 11:47:06.151root 11241100x80000000000000003849755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e36c360be468802021-12-22 11:47:06.151root 11241100x80000000000000003849756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc969871430740aa2021-12-22 11:47:06.151root 11241100x80000000000000003849757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272d60c1b8bfe9552021-12-22 11:47:06.443root 11241100x80000000000000003849758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e4943b384ad9572021-12-22 11:47:06.444root 11241100x80000000000000003849759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd3d2c018f8c5c92021-12-22 11:47:06.444root 11241100x80000000000000003849760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47a7f8773ba10be2021-12-22 11:47:06.444root 11241100x80000000000000003849761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e18b1affad33742021-12-22 11:47:06.444root 11241100x80000000000000003849762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd200b465d09e5552021-12-22 11:47:06.445root 11241100x80000000000000003849763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd796ad9a7895732021-12-22 11:47:06.445root 11241100x80000000000000003849764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3571e53f074cf972021-12-22 11:47:06.446root 11241100x80000000000000003849765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0aaa5ef43b13e22021-12-22 11:47:06.446root 11241100x80000000000000003849766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7153a1d4ff1772362021-12-22 11:47:06.446root 11241100x80000000000000003849767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0000f0b0dad6d72021-12-22 11:47:06.446root 11241100x80000000000000003849768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ec691674a691512021-12-22 11:47:06.446root 11241100x80000000000000003849769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54509df65223755a2021-12-22 11:47:06.447root 11241100x80000000000000003849770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a4bfa009199d672021-12-22 11:47:06.447root 11241100x80000000000000003849771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b857f39614ab392021-12-22 11:47:06.447root 11241100x80000000000000003849772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6adef225493d8992021-12-22 11:47:06.448root 11241100x80000000000000003849773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88cb3a91c4b386d2021-12-22 11:47:06.448root 11241100x80000000000000003849774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e03b442fc4f2f42021-12-22 11:47:06.448root 11241100x80000000000000003849775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c2c7c107204bba2021-12-22 11:47:06.448root 11241100x80000000000000003849776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f536ed460cfbfda2021-12-22 11:47:06.449root 11241100x80000000000000003849777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b31857c47f30302021-12-22 11:47:06.943root 11241100x80000000000000003849778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe4c338f8306d432021-12-22 11:47:06.943root 11241100x80000000000000003849779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc98090f79a428c2021-12-22 11:47:06.943root 11241100x80000000000000003849780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3358440895d799772021-12-22 11:47:06.943root 11241100x80000000000000003849781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f99138a21adbf72021-12-22 11:47:06.944root 11241100x80000000000000003849782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8908936bc8b55e82021-12-22 11:47:06.944root 11241100x80000000000000003849783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0046e9afc313f12021-12-22 11:47:06.944root 11241100x80000000000000003849784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6be0cea9680366c2021-12-22 11:47:06.944root 11241100x80000000000000003849785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43702ac202070cff2021-12-22 11:47:06.944root 11241100x80000000000000003849786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd409e5d4314379c2021-12-22 11:47:06.944root 11241100x80000000000000003849787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c654d05e1149cd902021-12-22 11:47:06.944root 11241100x80000000000000003849788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946cdac3b50a10ff2021-12-22 11:47:06.944root 11241100x80000000000000003849789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6effd018075ccd2021-12-22 11:47:06.944root 11241100x80000000000000003849790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14babc6a179406ac2021-12-22 11:47:06.944root 11241100x80000000000000003849791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd3214443d918aa2021-12-22 11:47:06.945root 11241100x80000000000000003849792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dae21d80c6b40dd2021-12-22 11:47:06.945root 11241100x80000000000000003849793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5659d58c9f8a022021-12-22 11:47:06.945root 11241100x80000000000000003849794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4695f9720b532cd82021-12-22 11:47:06.945root 11241100x80000000000000003849795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931a8ba9a57344402021-12-22 11:47:06.945root 11241100x80000000000000003849796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdaa20dcf5285ea72021-12-22 11:47:06.945root 11241100x80000000000000003849797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f141b9ec73dc27d12021-12-22 11:47:07.443root 11241100x80000000000000003849798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7262747d94613b2021-12-22 11:47:07.443root 11241100x80000000000000003849799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbf8468d11a5d8f2021-12-22 11:47:07.444root 11241100x80000000000000003849800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55afba2460dd35e42021-12-22 11:47:07.444root 11241100x80000000000000003849801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e44a1415a52b242021-12-22 11:47:07.444root 11241100x80000000000000003849802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08afc2f4118ed3172021-12-22 11:47:07.444root 11241100x80000000000000003849803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a4cec73a909ac92021-12-22 11:47:07.444root 11241100x80000000000000003849804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88acfbbce27a87112021-12-22 11:47:07.444root 11241100x80000000000000003849805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6d0ad2c5b61e102021-12-22 11:47:07.444root 11241100x80000000000000003849806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00bada1877b769b62021-12-22 11:47:07.444root 11241100x80000000000000003849807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec90d018bef379c2021-12-22 11:47:07.444root 11241100x80000000000000003849808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d7f84dc3295efd2021-12-22 11:47:07.444root 11241100x80000000000000003849809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f24e0560cfa36b02021-12-22 11:47:07.444root 11241100x80000000000000003849810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174e28b371d3a5732021-12-22 11:47:07.445root 11241100x80000000000000003849811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664a8271bcf92e7d2021-12-22 11:47:07.445root 11241100x80000000000000003849812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926891b3df44cd942021-12-22 11:47:07.445root 11241100x80000000000000003849813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c32a27d943838c2021-12-22 11:47:07.445root 11241100x80000000000000003849814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc813b942a00e7e32021-12-22 11:47:07.445root 11241100x80000000000000003849815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226dd18d3983cf9a2021-12-22 11:47:07.445root 11241100x80000000000000003849816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57dd20a1c12100622021-12-22 11:47:07.445root 11241100x80000000000000003849817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448949c9112796702021-12-22 11:47:07.943root 11241100x80000000000000003849818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ac37ec4ce853ef2021-12-22 11:47:07.943root 11241100x80000000000000003849819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89dcf7307b736db2021-12-22 11:47:07.943root 11241100x80000000000000003849820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239d011232dbf0fa2021-12-22 11:47:07.944root 11241100x80000000000000003849821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291fa0498176d5102021-12-22 11:47:07.944root 11241100x80000000000000003849822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09315bb8e8f3c7692021-12-22 11:47:07.944root 11241100x80000000000000003849823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a5cf147d72d1c52021-12-22 11:47:07.944root 11241100x80000000000000003849824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d2af1d14cee0382021-12-22 11:47:07.944root 11241100x80000000000000003849825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1d9b4e95b57f4a2021-12-22 11:47:07.944root 11241100x80000000000000003849826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9108b75f4dc106cd2021-12-22 11:47:07.944root 11241100x80000000000000003849827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8a08a2f1d71b762021-12-22 11:47:07.944root 11241100x80000000000000003849828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6099dc7b23856a7e2021-12-22 11:47:07.945root 11241100x80000000000000003849829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224a4645f0e0b19e2021-12-22 11:47:07.945root 11241100x80000000000000003849830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4c9f6747e846fd2021-12-22 11:47:07.945root 11241100x80000000000000003849831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4334c845ac03de82021-12-22 11:47:07.945root 11241100x80000000000000003849832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca73de1a1bfa9b7a2021-12-22 11:47:07.945root 11241100x80000000000000003849833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8805672be191a12021-12-22 11:47:07.945root 11241100x80000000000000003849834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e0a98edfa7ac172021-12-22 11:47:07.945root 11241100x80000000000000003849835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a05740552619b12021-12-22 11:47:07.945root 11241100x80000000000000003849836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afec42581e76007f2021-12-22 11:47:07.945root 11241100x80000000000000003849837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5396d3c28786e0c62021-12-22 11:47:08.443root 11241100x80000000000000003849838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b856180a187cbc2021-12-22 11:47:08.443root 11241100x80000000000000003849839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25bc360c6ba492e2021-12-22 11:47:08.443root 11241100x80000000000000003849840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de699b655e93fb12021-12-22 11:47:08.443root 11241100x80000000000000003849841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04b2b0b722940c92021-12-22 11:47:08.444root 11241100x80000000000000003849842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d3806468683a2c2021-12-22 11:47:08.444root 11241100x80000000000000003849843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3aac5073649b9972021-12-22 11:47:08.444root 11241100x80000000000000003849844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc03c7a2ff4aa1b2021-12-22 11:47:08.444root 11241100x80000000000000003849845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19299b8d43f0ba3b2021-12-22 11:47:08.444root 11241100x80000000000000003849846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4b374e0f52d2c62021-12-22 11:47:08.444root 11241100x80000000000000003849847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f03ad88cd545f72021-12-22 11:47:08.444root 11241100x80000000000000003849848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02dbcf26b99a33c82021-12-22 11:47:08.444root 11241100x80000000000000003849849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaac1c1ff972e4ed2021-12-22 11:47:08.444root 11241100x80000000000000003849850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b8e4db460a94b92021-12-22 11:47:08.444root 11241100x80000000000000003849851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711da47211fca35a2021-12-22 11:47:08.444root 11241100x80000000000000003849852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3819cb54b0ec26892021-12-22 11:47:08.444root 11241100x80000000000000003849853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7d4788335371102021-12-22 11:47:08.444root 11241100x80000000000000003849854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80fc55a2e50a9ce2021-12-22 11:47:08.444root 11241100x80000000000000003849855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f136c570d438d7fe2021-12-22 11:47:08.444root 11241100x80000000000000003849856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4c56dfe6e6fa0a2021-12-22 11:47:08.444root 11241100x80000000000000003849857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feca9ad4011ecce32021-12-22 11:47:08.943root 11241100x80000000000000003849858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f3bfbb937cc7ea2021-12-22 11:47:08.943root 11241100x80000000000000003849859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308ab290a8a0152e2021-12-22 11:47:08.943root 11241100x80000000000000003849860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfe790a2452ef052021-12-22 11:47:08.944root 11241100x80000000000000003849861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebaa0d9869fad65f2021-12-22 11:47:08.944root 11241100x80000000000000003849862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0332ee6f91b15cc2021-12-22 11:47:08.944root 11241100x80000000000000003849863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d312718fa1c9db2021-12-22 11:47:08.944root 11241100x80000000000000003849864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235c2f358502c7922021-12-22 11:47:08.944root 11241100x80000000000000003849865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d1542397695d3d2021-12-22 11:47:08.944root 11241100x80000000000000003849866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ed22e4cc63ebfa2021-12-22 11:47:08.944root 11241100x80000000000000003849867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f5f298d1efedc82021-12-22 11:47:08.944root 11241100x80000000000000003849868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06532a212c0fcc12021-12-22 11:47:08.944root 11241100x80000000000000003849869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7875a62e9c927422021-12-22 11:47:08.944root 11241100x80000000000000003849870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6e1f0b4c008c0e2021-12-22 11:47:08.944root 11241100x80000000000000003849871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67e856a1dfea38a2021-12-22 11:47:08.944root 11241100x80000000000000003849872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147cdf71dd3842a22021-12-22 11:47:08.944root 11241100x80000000000000003849873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82862dbc5bbd5752021-12-22 11:47:08.944root 11241100x80000000000000003849874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260124e530203ba02021-12-22 11:47:08.944root 11241100x80000000000000003849875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709a3de19cb1548b2021-12-22 11:47:08.944root 11241100x80000000000000003849876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d0e8c3a57476102021-12-22 11:47:08.944root 354300x80000000000000003849877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.197{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55450-false10.0.1.12-8000- 11241100x80000000000000003849878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5e9b38469ba8f02021-12-22 11:47:09.199root 11241100x80000000000000003849879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3634a16b1cbbb9292021-12-22 11:47:09.199root 11241100x80000000000000003849880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87024d548ebfd8d2021-12-22 11:47:09.200root 11241100x80000000000000003849881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c835457f56b983a2021-12-22 11:47:09.200root 11241100x80000000000000003849882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1681c447b35d69092021-12-22 11:47:09.200root 11241100x80000000000000003849883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695b2cb19268133c2021-12-22 11:47:09.200root 11241100x80000000000000003849884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49873dd8563949c72021-12-22 11:47:09.200root 11241100x80000000000000003849885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d920437d597a1722021-12-22 11:47:09.200root 11241100x80000000000000003849886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcfd5603c2342b7f2021-12-22 11:47:09.201root 11241100x80000000000000003849887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab942ddca9c2cb4d2021-12-22 11:47:09.201root 11241100x80000000000000003849888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947034ef0d43ebca2021-12-22 11:47:09.201root 11241100x80000000000000003849889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc172482ece8b9762021-12-22 11:47:09.201root 11241100x80000000000000003849890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db61b4e5125d8d32021-12-22 11:47:09.201root 11241100x80000000000000003849891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3914aeb643bc63c72021-12-22 11:47:09.201root 11241100x80000000000000003849892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36b79d93776d80f2021-12-22 11:47:09.201root 11241100x80000000000000003849893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4236ecf22e8088192021-12-22 11:47:09.202root 11241100x80000000000000003849894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db8f56b86e9c51852021-12-22 11:47:09.202root 11241100x80000000000000003849895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3213b122e8006922021-12-22 11:47:09.202root 11241100x80000000000000003849896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c8abe400b3700c2021-12-22 11:47:09.202root 11241100x80000000000000003849897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0c909eb1f32c2f2021-12-22 11:47:09.202root 11241100x80000000000000003849898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2071a9c7cbd33c502021-12-22 11:47:09.202root 154100x80000000000000003849899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.404{ec2b6afe-103d-61c3-1040-509e55550000}19066/bin/touch-----touch myfopen.c/home/ubuntuubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 11241100x80000000000000003849900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.405{ec2b6afe-103d-61c3-1040-509e55550000}19066/bin/touch/home/ubuntu/myfopen.c2021-12-22 11:47:09.405ubuntu 534500x80000000000000003849901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.405{ec2b6afe-103d-61c3-1040-509e55550000}19066/bin/touchubuntu 11241100x80000000000000003849902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a113d7f2d9905c2021-12-22 11:47:09.692root 11241100x80000000000000003849903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7200c1fe0667e5c92021-12-22 11:47:09.693root 11241100x80000000000000003849904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82edac57150ca1f92021-12-22 11:47:09.693root 11241100x80000000000000003849905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93708bc8de96bdd92021-12-22 11:47:09.693root 11241100x80000000000000003849906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a828ec83d954987d2021-12-22 11:47:09.693root 11241100x80000000000000003849907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a895e2f9a170802021-12-22 11:47:09.694root 11241100x80000000000000003849908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967cb77e4312657d2021-12-22 11:47:09.694root 11241100x80000000000000003849909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d595296779f6ba22021-12-22 11:47:09.694root 11241100x80000000000000003849910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef79c344ce8cc2e2021-12-22 11:47:09.695root 11241100x80000000000000003849911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7bb4e11c02876c2021-12-22 11:47:09.695root 11241100x80000000000000003849912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6a07417b63289e2021-12-22 11:47:09.696root 11241100x80000000000000003849913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ac6d18b49e95752021-12-22 11:47:09.696root 11241100x80000000000000003849914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568c7f5608bc21e02021-12-22 11:47:09.696root 11241100x80000000000000003849915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4202fbff98522982021-12-22 11:47:09.697root 11241100x80000000000000003849916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c37bee4d8dfd832021-12-22 11:47:09.697root 11241100x80000000000000003849917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2edfc32138bfc8c2021-12-22 11:47:09.697root 11241100x80000000000000003849918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38593db7f5018f632021-12-22 11:47:09.697root 11241100x80000000000000003849919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7682027f2902c712021-12-22 11:47:09.697root 11241100x80000000000000003849920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369f19b489afbdd52021-12-22 11:47:09.697root 11241100x80000000000000003849921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa81e25fcb69c592021-12-22 11:47:09.698root 11241100x80000000000000003849922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65416c66979fbedc2021-12-22 11:47:09.698root 11241100x80000000000000003849923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a987ebf0860d3fb2021-12-22 11:47:09.698root 11241100x80000000000000003849924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f173d4f9629917ce2021-12-22 11:47:09.698root 11241100x80000000000000003849925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1fe600bdc9d2792021-12-22 11:47:09.698root 11241100x80000000000000003849926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f506a11fc027622021-12-22 11:47:09.698root 11241100x80000000000000003849927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f74019912344ae42021-12-22 11:47:09.698root 11241100x80000000000000003849928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d714a16d0987df2021-12-22 11:47:09.698root 11241100x80000000000000003849929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c832452389ef855c2021-12-22 11:47:09.699root 11241100x80000000000000003849930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096126a4340ea8222021-12-22 11:47:09.699root 11241100x80000000000000003849931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4a5252b1821eeb2021-12-22 11:47:09.699root 11241100x80000000000000003849932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db55a2a9103cae4e2021-12-22 11:47:09.699root 11241100x80000000000000003849933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c938e473d7b74f642021-12-22 11:47:09.699root 11241100x80000000000000003849934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:09.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0f7223944db72d2021-12-22 11:47:09.699root 11241100x80000000000000003849935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615d9cb105fc118d2021-12-22 11:47:10.192root 11241100x80000000000000003849936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84f9040cd57d2642021-12-22 11:47:10.193root 11241100x80000000000000003849937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6623c8fc5afdc42021-12-22 11:47:10.193root 11241100x80000000000000003849938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13fab0151bd52c22021-12-22 11:47:10.193root 11241100x80000000000000003849939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab09a5bc9f273992021-12-22 11:47:10.193root 11241100x80000000000000003849940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d680337b90660bd92021-12-22 11:47:10.193root 11241100x80000000000000003849941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ab6628ae2d2c422021-12-22 11:47:10.193root 11241100x80000000000000003849942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321dcdab56549df52021-12-22 11:47:10.194root 11241100x80000000000000003849943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5a0f26a86886e72021-12-22 11:47:10.194root 11241100x80000000000000003849944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79eff93fa718713e2021-12-22 11:47:10.194root 11241100x80000000000000003849945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db6363e787cf3de2021-12-22 11:47:10.194root 11241100x80000000000000003849946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7806836d8984b1d2021-12-22 11:47:10.195root 11241100x80000000000000003849947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d1b4e3219bf7862021-12-22 11:47:10.195root 11241100x80000000000000003849948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2c5f45e13ad34c2021-12-22 11:47:10.195root 11241100x80000000000000003849949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0dd3abea68ed8972021-12-22 11:47:10.195root 11241100x80000000000000003849950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a931ce2c05d6d972021-12-22 11:47:10.195root 11241100x80000000000000003849951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f2d8845df766242021-12-22 11:47:10.196root 11241100x80000000000000003849952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7146531bd227c5aa2021-12-22 11:47:10.196root 11241100x80000000000000003849953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c70086852a3cda72021-12-22 11:47:10.196root 11241100x80000000000000003849954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b573ed561838cea2021-12-22 11:47:10.196root 11241100x80000000000000003849955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab60f3b84535ed12021-12-22 11:47:10.196root 11241100x80000000000000003849956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25a36c9c86f71e12021-12-22 11:47:10.196root 11241100x80000000000000003849957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1cf34b50d8d7f62021-12-22 11:47:10.196root 11241100x80000000000000003849958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7e028e39d159732021-12-22 11:47:10.196root 11241100x80000000000000003849959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fba58d24f8cd1c22021-12-22 11:47:10.197root 11241100x80000000000000003849960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c42af28867b1ab2021-12-22 11:47:10.197root 11241100x80000000000000003849961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e31736d978fd66d2021-12-22 11:47:10.197root 11241100x80000000000000003849962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ed8e8f8627923d2021-12-22 11:47:10.197root 11241100x80000000000000003849963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b982a7cd02e48f302021-12-22 11:47:10.197root 11241100x80000000000000003849964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b81a25082a27662021-12-22 11:47:10.197root 11241100x80000000000000003849965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2eee5095833b44d2021-12-22 11:47:10.197root 11241100x80000000000000003849966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68dd5a34e26fda3d2021-12-22 11:47:10.197root 11241100x80000000000000003849967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e93086af4d8972e2021-12-22 11:47:10.197root 11241100x80000000000000003849968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa151b7900c92662021-12-22 11:47:10.197root 11241100x80000000000000003849969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625ab1b1c90940d02021-12-22 11:47:10.197root 11241100x80000000000000003849970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69d0faf51e7d17b2021-12-22 11:47:10.197root 11241100x80000000000000003849971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ddf37b730e12db2021-12-22 11:47:10.197root 11241100x80000000000000003849972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b85e18d25465d32021-12-22 11:47:10.198root 11241100x80000000000000003849973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b809fecf86850be2021-12-22 11:47:10.198root 11241100x80000000000000003849974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f7ad52ef4ad7042021-12-22 11:47:10.198root 11241100x80000000000000003849975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470b5cb8552749f52021-12-22 11:47:10.198root 11241100x80000000000000003849976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53b12b9d3ed090b2021-12-22 11:47:10.198root 11241100x80000000000000003849977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ac721a70cb151a2021-12-22 11:47:10.198root 11241100x80000000000000003849978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6760a01b3801b4b2021-12-22 11:47:10.198root 11241100x80000000000000003849979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03aa2f9d0ec842552021-12-22 11:47:10.198root 11241100x80000000000000003849980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de164bbbb52447b02021-12-22 11:47:10.198root 11241100x80000000000000003849981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac148d7b702db5452021-12-22 11:47:10.198root 11241100x80000000000000003849982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.915b3c9bef078a752021-12-22 11:47:10.198root 11241100x80000000000000003849983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dade17b8f07e24262021-12-22 11:47:10.198root 11241100x80000000000000003849984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc881b790b3f52bf2021-12-22 11:47:10.199root 11241100x80000000000000003849985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf74a1a6e247d792021-12-22 11:47:10.693root 11241100x80000000000000003849986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab211201f0627802021-12-22 11:47:10.693root 11241100x80000000000000003849987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce15e0b9cbf1e3e2021-12-22 11:47:10.693root 11241100x80000000000000003849988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5624d4a4c8118fbb2021-12-22 11:47:10.693root 11241100x80000000000000003849989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc61b1cc541ee0f2021-12-22 11:47:10.694root 11241100x80000000000000003849990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a71a5db2c42cf82021-12-22 11:47:10.694root 11241100x80000000000000003849991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506f1b6f3a2bea442021-12-22 11:47:10.694root 11241100x80000000000000003849992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a07cd6df3b43f0c2021-12-22 11:47:10.694root 11241100x80000000000000003849993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8b586179b6cf662021-12-22 11:47:10.695root 11241100x80000000000000003849994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8e4750a9d735942021-12-22 11:47:10.695root 11241100x80000000000000003849995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904d377fdd14ae162021-12-22 11:47:10.695root 11241100x80000000000000003849996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53958be93f53b7dc2021-12-22 11:47:10.696root 11241100x80000000000000003849997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb95dba78133cfdd2021-12-22 11:47:10.696root 11241100x80000000000000003849998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def325d5b574a0612021-12-22 11:47:10.696root 11241100x80000000000000003849999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b080c4cc773e452021-12-22 11:47:10.696root 11241100x80000000000000003850000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dacee315d74400c52021-12-22 11:47:10.696root 11241100x80000000000000003850001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8d41fc4929f03e2021-12-22 11:47:10.697root 11241100x80000000000000003850002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4e856e1d206e702021-12-22 11:47:10.697root 11241100x80000000000000003850003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931e17fa90dea6532021-12-22 11:47:10.697root 11241100x80000000000000003850004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da836af1ad1a0ea2021-12-22 11:47:10.697root 11241100x80000000000000003850005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2314c4054796ec392021-12-22 11:47:10.697root 11241100x80000000000000003850006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3de66c66b81f142021-12-22 11:47:10.697root 11241100x80000000000000003850007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7ba6f7366613622021-12-22 11:47:10.697root 11241100x80000000000000003850008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05c16b95fe57c992021-12-22 11:47:10.697root 11241100x80000000000000003850009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e494f1993d022882021-12-22 11:47:10.698root 11241100x80000000000000003850010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c2e2e5607a932c2021-12-22 11:47:10.698root 11241100x80000000000000003850011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13fa407e0d336372021-12-22 11:47:10.698root 11241100x80000000000000003850012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:10.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71507507b18009432021-12-22 11:47:10.698root 11241100x80000000000000003850013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ae9d78f095370c2021-12-22 11:47:11.193root 11241100x80000000000000003850014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4542df7547a1abf2021-12-22 11:47:11.193root 11241100x80000000000000003850015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8428461240b9ee42021-12-22 11:47:11.193root 11241100x80000000000000003850016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63cad2ddd37420092021-12-22 11:47:11.194root 11241100x80000000000000003850017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbca1175bc742d032021-12-22 11:47:11.194root 11241100x80000000000000003850018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63da427a6de1f392021-12-22 11:47:11.194root 11241100x80000000000000003850019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33a9f1faf7675e52021-12-22 11:47:11.194root 11241100x80000000000000003850020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f240e5c604bca372021-12-22 11:47:11.195root 11241100x80000000000000003850021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce4a9c708d143082021-12-22 11:47:11.195root 11241100x80000000000000003850022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3fa4e48a9b827172021-12-22 11:47:11.195root 11241100x80000000000000003850023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bef5117d54cf5752021-12-22 11:47:11.195root 11241100x80000000000000003850024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30493d8ecc792f402021-12-22 11:47:11.195root 11241100x80000000000000003850025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a498c7a13dc4772021-12-22 11:47:11.195root 11241100x80000000000000003850026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfeef960df0f968c2021-12-22 11:47:11.196root 11241100x80000000000000003850027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570cceb08791a1832021-12-22 11:47:11.196root 11241100x80000000000000003850028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ab9bd0d28843d92021-12-22 11:47:11.196root 11241100x80000000000000003850029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4864d6f84fc3c9892021-12-22 11:47:11.196root 11241100x80000000000000003850030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e765153e9a095c4f2021-12-22 11:47:11.196root 11241100x80000000000000003850031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be627fc5740fb542021-12-22 11:47:11.196root 11241100x80000000000000003850032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e94e097727acf32021-12-22 11:47:11.196root 11241100x80000000000000003850033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0165e7f67d168512021-12-22 11:47:11.196root 11241100x80000000000000003850034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa747ece6ca2d66e2021-12-22 11:47:11.196root 11241100x80000000000000003850035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c6b46e69a5a1992021-12-22 11:47:11.196root 11241100x80000000000000003850036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e4dd5f1306f6d22021-12-22 11:47:11.197root 11241100x80000000000000003850037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa9fcae446648be2021-12-22 11:47:11.693root 11241100x80000000000000003850038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fddea667c5e2ce2f2021-12-22 11:47:11.694root 11241100x80000000000000003850039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a4c7c8f557dee72021-12-22 11:47:11.694root 11241100x80000000000000003850040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6066e8cd2c232bda2021-12-22 11:47:11.694root 11241100x80000000000000003850041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa8aa2cca7974202021-12-22 11:47:11.694root 11241100x80000000000000003850042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc46e51258431992021-12-22 11:47:11.694root 11241100x80000000000000003850043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5e086e609b4cee2021-12-22 11:47:11.694root 11241100x80000000000000003850044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd631818248e84a2021-12-22 11:47:11.694root 11241100x80000000000000003850045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020b0086d9df32ca2021-12-22 11:47:11.695root 11241100x80000000000000003850046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a52ce2d3adee3c2021-12-22 11:47:11.695root 11241100x80000000000000003850047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dacc76b752fbbd422021-12-22 11:47:11.695root 11241100x80000000000000003850048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9658de51519bed432021-12-22 11:47:11.695root 11241100x80000000000000003850049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3141f0202b6a4e892021-12-22 11:47:11.695root 11241100x80000000000000003850050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feed9f19d9f4b21f2021-12-22 11:47:11.695root 11241100x80000000000000003850051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db36e560ec137d7d2021-12-22 11:47:11.695root 11241100x80000000000000003850052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ff58f352dc730a2021-12-22 11:47:11.695root 11241100x80000000000000003850053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3642d2fd756c2bc42021-12-22 11:47:11.695root 11241100x80000000000000003850054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cda927bfe305c12021-12-22 11:47:11.696root 11241100x80000000000000003850055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa985c37a58421512021-12-22 11:47:11.696root 11241100x80000000000000003850056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3696c957fe2e6cd52021-12-22 11:47:11.696root 11241100x80000000000000003850057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993ee441ca8adf122021-12-22 11:47:11.696root 11241100x80000000000000003850058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9500396985a7a9152021-12-22 11:47:11.696root 11241100x80000000000000003850059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c317c25193ee60d32021-12-22 11:47:11.696root 11241100x80000000000000003850060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd86795471d2dcb2021-12-22 11:47:11.696root 11241100x80000000000000003850061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29e169a06a3f6d12021-12-22 11:47:12.193root 11241100x80000000000000003850062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993614971fd42ff72021-12-22 11:47:12.194root 11241100x80000000000000003850063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6fb49e37e72282b2021-12-22 11:47:12.194root 11241100x80000000000000003850064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5952648fb14dae22021-12-22 11:47:12.194root 11241100x80000000000000003850065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3549ce0f9fc3ae22021-12-22 11:47:12.194root 11241100x80000000000000003850066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae21c1a7b3990ee2021-12-22 11:47:12.195root 11241100x80000000000000003850067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50784517ba9ff1552021-12-22 11:47:12.195root 11241100x80000000000000003850068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e9cc8fc80e293d2021-12-22 11:47:12.195root 11241100x80000000000000003850069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6effebb58a4488e62021-12-22 11:47:12.196root 11241100x80000000000000003850070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e0d7ab552364da2021-12-22 11:47:12.196root 11241100x80000000000000003850071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32375ba082505002021-12-22 11:47:12.196root 11241100x80000000000000003850072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502f8f9935de64db2021-12-22 11:47:12.196root 11241100x80000000000000003850073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0d4c0bf49fc1fb2021-12-22 11:47:12.197root 11241100x80000000000000003850074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9a07cf4d2abfa92021-12-22 11:47:12.197root 11241100x80000000000000003850075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb295bac3a68ba02021-12-22 11:47:12.197root 11241100x80000000000000003850076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b810ae60c8a5b21d2021-12-22 11:47:12.197root 11241100x80000000000000003850077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7838e26ee4d1e3432021-12-22 11:47:12.197root 11241100x80000000000000003850078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13cfa8bb19c75d732021-12-22 11:47:12.198root 11241100x80000000000000003850079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049edb1e928064fe2021-12-22 11:47:12.198root 11241100x80000000000000003850080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af82fe5ddc5cd8d2021-12-22 11:47:12.198root 11241100x80000000000000003850081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109f432e603aa3462021-12-22 11:47:12.198root 11241100x80000000000000003850082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ad6a0dca7b8b882021-12-22 11:47:12.198root 11241100x80000000000000003850083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9254bf6ba6baca3c2021-12-22 11:47:12.198root 11241100x80000000000000003850084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fda04da467b8352021-12-22 11:47:12.199root 11241100x80000000000000003850085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce7512cce80f2782021-12-22 11:47:12.693root 11241100x80000000000000003850086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99c3e92978522592021-12-22 11:47:12.693root 11241100x80000000000000003850087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f0453e672aa0b12021-12-22 11:47:12.694root 11241100x80000000000000003850088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811d83a1b1304ab32021-12-22 11:47:12.694root 11241100x80000000000000003850089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f87d059c916f222021-12-22 11:47:12.694root 11241100x80000000000000003850090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95538ee0a157b4eb2021-12-22 11:47:12.694root 11241100x80000000000000003850091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8b3f16ec6dc28f2021-12-22 11:47:12.695root 11241100x80000000000000003850092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e41d63ea5d0957e2021-12-22 11:47:12.695root 11241100x80000000000000003850093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d846ddb4738b08902021-12-22 11:47:12.695root 11241100x80000000000000003850094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aefbe369f9c4c2ea2021-12-22 11:47:12.695root 11241100x80000000000000003850095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37897e67880fa5f2021-12-22 11:47:12.695root 11241100x80000000000000003850096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fe4862754e990b2021-12-22 11:47:12.696root 11241100x80000000000000003850097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75bf88acc2d8fce2021-12-22 11:47:12.696root 11241100x80000000000000003850098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267dae330ee72d792021-12-22 11:47:12.696root 11241100x80000000000000003850099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4f59a3b36ef7e72021-12-22 11:47:12.696root 11241100x80000000000000003850100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1717597d1ad2a922021-12-22 11:47:12.696root 11241100x80000000000000003850101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b614a5a6ec746fe82021-12-22 11:47:12.696root 11241100x80000000000000003850102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2910802286851e2021-12-22 11:47:12.697root 11241100x80000000000000003850103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e309da8e8265d0f2021-12-22 11:47:12.697root 11241100x80000000000000003850104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2950715dba2aea2021-12-22 11:47:12.697root 11241100x80000000000000003850105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbdf7f1e133345712021-12-22 11:47:12.697root 11241100x80000000000000003850106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0192839d948750f12021-12-22 11:47:12.697root 11241100x80000000000000003850107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa3fc95f1d9cfac2021-12-22 11:47:12.698root 11241100x80000000000000003850108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:12.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4f49f8192fcd332021-12-22 11:47:12.698root 11241100x80000000000000003850109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d325336955fc93372021-12-22 11:47:13.193root 11241100x80000000000000003850110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec79bee47af281ea2021-12-22 11:47:13.193root 11241100x80000000000000003850111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb39d888e9edcb512021-12-22 11:47:13.194root 11241100x80000000000000003850112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce43bcd018f97462021-12-22 11:47:13.194root 11241100x80000000000000003850113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6588b0a1e5615e72021-12-22 11:47:13.194root 11241100x80000000000000003850114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e268e7a84b96da2021-12-22 11:47:13.195root 11241100x80000000000000003850115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263f481ca2f48f802021-12-22 11:47:13.195root 11241100x80000000000000003850116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3282c20541aa502021-12-22 11:47:13.195root 11241100x80000000000000003850117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e7ada3916540062021-12-22 11:47:13.195root 11241100x80000000000000003850118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab40d7730c424f4f2021-12-22 11:47:13.196root 11241100x80000000000000003850119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d62296296c377b82021-12-22 11:47:13.196root 11241100x80000000000000003850120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32cf899d2dbc82cb2021-12-22 11:47:13.196root 11241100x80000000000000003850121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62f361613de5fa92021-12-22 11:47:13.196root 11241100x80000000000000003850122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34234ad9d19d68c2021-12-22 11:47:13.197root 11241100x80000000000000003850123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07515951da2883bf2021-12-22 11:47:13.197root 11241100x80000000000000003850124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76405661d3fb65972021-12-22 11:47:13.197root 11241100x80000000000000003850125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66f8c26cc5371502021-12-22 11:47:13.197root 11241100x80000000000000003850126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52dae09a781c97f32021-12-22 11:47:13.198root 11241100x80000000000000003850127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8164f07c48dec6fd2021-12-22 11:47:13.198root 11241100x80000000000000003850128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806ae450dfe96de52021-12-22 11:47:13.198root 11241100x80000000000000003850129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfd1034d14a751e2021-12-22 11:47:13.198root 11241100x80000000000000003850130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f978a2015d493f2021-12-22 11:47:13.199root 11241100x80000000000000003850131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721e9f016950b6af2021-12-22 11:47:13.199root 11241100x80000000000000003850132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984842f31e7764bb2021-12-22 11:47:13.199root 11241100x80000000000000003850133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a2045c37d83c8c2021-12-22 11:47:13.199root 11241100x80000000000000003850134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2286d55ad8ce2a32021-12-22 11:47:13.200root 11241100x80000000000000003850135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcca27dd0787a8ec2021-12-22 11:47:13.693root 11241100x80000000000000003850136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e372f0adb661312021-12-22 11:47:13.693root 11241100x80000000000000003850137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7e5a2fd44f82ff2021-12-22 11:47:13.693root 11241100x80000000000000003850138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93180d8b16693302021-12-22 11:47:13.693root 11241100x80000000000000003850139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14766bb841f95a082021-12-22 11:47:13.693root 11241100x80000000000000003850140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4da92c74fef71562021-12-22 11:47:13.694root 11241100x80000000000000003850141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424296ad235fc0d82021-12-22 11:47:13.694root 11241100x80000000000000003850142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4217770630d431d2021-12-22 11:47:13.694root 11241100x80000000000000003850143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6d784ce7f6c6e82021-12-22 11:47:13.694root 11241100x80000000000000003850144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc6bd5678e0f0162021-12-22 11:47:13.694root 11241100x80000000000000003850145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0feeac80fde2d62021-12-22 11:47:13.694root 11241100x80000000000000003850146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513aee7c6beb1e5c2021-12-22 11:47:13.694root 11241100x80000000000000003850147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3169827560c99f2021-12-22 11:47:13.694root 11241100x80000000000000003850148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a3ad806ab2db582021-12-22 11:47:13.695root 11241100x80000000000000003850149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e517423a0f74ec9b2021-12-22 11:47:13.695root 11241100x80000000000000003850150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4fc55d1242c0212021-12-22 11:47:13.695root 11241100x80000000000000003850151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ea0ba3bd58ce3f2021-12-22 11:47:13.695root 11241100x80000000000000003850152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc51c05c4872b102021-12-22 11:47:13.695root 11241100x80000000000000003850153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10ce8715a11360a2021-12-22 11:47:13.695root 11241100x80000000000000003850154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911d01adafdb89812021-12-22 11:47:13.695root 11241100x80000000000000003850155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce43adc1c839c0f2021-12-22 11:47:13.695root 11241100x80000000000000003850156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbfd4f5e5b01bcd32021-12-22 11:47:13.695root 11241100x80000000000000003850157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160ab7cabd0d3d4d2021-12-22 11:47:13.695root 11241100x80000000000000003850158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82a55a2dd518a692021-12-22 11:47:13.695root 11241100x80000000000000003850159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846b890c3e3704ee2021-12-22 11:47:13.696root 11241100x80000000000000003850160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4795b555ce85614a2021-12-22 11:47:13.696root 11241100x80000000000000003850161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3456e7efa5a7ab8b2021-12-22 11:47:13.696root 11241100x80000000000000003850162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b433e7b2a96a0b2021-12-22 11:47:13.696root 11241100x80000000000000003850163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415320fc1da8411f2021-12-22 11:47:13.696root 11241100x80000000000000003850164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989b6faea9ed8c572021-12-22 11:47:13.696root 11241100x80000000000000003850165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:13.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fa85e9c81e0d1c2021-12-22 11:47:13.696root 11241100x80000000000000003850166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921710bdfda90ba62021-12-22 11:47:14.193root 11241100x80000000000000003850167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1a634b716a728b2021-12-22 11:47:14.194root 11241100x80000000000000003850168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6cca28b4dee5882021-12-22 11:47:14.194root 11241100x80000000000000003850169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc322911c735abe72021-12-22 11:47:14.194root 11241100x80000000000000003850170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539ecaa37c2415962021-12-22 11:47:14.194root 11241100x80000000000000003850171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06db306591ad5ade2021-12-22 11:47:14.194root 11241100x80000000000000003850172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d94db3d15e8d7462021-12-22 11:47:14.195root 11241100x80000000000000003850173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4f2f38e72273642021-12-22 11:47:14.195root 11241100x80000000000000003850174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337dbcb20c9173bb2021-12-22 11:47:14.195root 11241100x80000000000000003850175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914701f9f7695beb2021-12-22 11:47:14.195root 11241100x80000000000000003850176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e2081c57e8a4172021-12-22 11:47:14.195root 11241100x80000000000000003850177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7da48153d1ff2c2021-12-22 11:47:14.196root 11241100x80000000000000003850178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cfaaf5cf400c1ef2021-12-22 11:47:14.196root 11241100x80000000000000003850179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c57f1d46836304b02021-12-22 11:47:14.196root 11241100x80000000000000003850180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d2327fa4c7fd3b2021-12-22 11:47:14.196root 11241100x80000000000000003850181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33747de016c00fcb2021-12-22 11:47:14.196root 11241100x80000000000000003850182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79686d34f551e6a72021-12-22 11:47:14.196root 11241100x80000000000000003850183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc69d291dd6ed63d2021-12-22 11:47:14.196root 11241100x80000000000000003850184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c97fdd11d88ae52021-12-22 11:47:14.196root 11241100x80000000000000003850185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd40f1d0656ee8342021-12-22 11:47:14.196root 11241100x80000000000000003850186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a1f2652f456f302021-12-22 11:47:14.196root 11241100x80000000000000003850187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250e56ca1dbcc5732021-12-22 11:47:14.196root 11241100x80000000000000003850188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0002751192fb05c52021-12-22 11:47:14.196root 11241100x80000000000000003850189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a46b047bbb11ac2021-12-22 11:47:14.196root 11241100x80000000000000003850190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59883a6e311b6552021-12-22 11:47:14.693root 11241100x80000000000000003850191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b085552d8c3f52712021-12-22 11:47:14.694root 11241100x80000000000000003850192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956c9d20257974752021-12-22 11:47:14.694root 11241100x80000000000000003850193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23680918bce3aa942021-12-22 11:47:14.694root 11241100x80000000000000003850194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc5b460f6aa0d9a2021-12-22 11:47:14.694root 11241100x80000000000000003850195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0297bc09c4c954612021-12-22 11:47:14.694root 11241100x80000000000000003850196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871aae2607335e762021-12-22 11:47:14.694root 11241100x80000000000000003850197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2b2e0d4823ddab2021-12-22 11:47:14.694root 11241100x80000000000000003850198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1499984feb093ff72021-12-22 11:47:14.694root 11241100x80000000000000003850199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d58978d5f8daaa2021-12-22 11:47:14.695root 11241100x80000000000000003850200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ac2f1113eaef902021-12-22 11:47:14.695root 11241100x80000000000000003850201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7884cd2efa89c1f2021-12-22 11:47:14.695root 11241100x80000000000000003850202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763902fbfa8cc3152021-12-22 11:47:14.695root 11241100x80000000000000003850203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c53ab8ddefbe652021-12-22 11:47:14.695root 11241100x80000000000000003850204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d09fbdd2629244b2021-12-22 11:47:14.695root 11241100x80000000000000003850205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217609ad9760d0292021-12-22 11:47:14.695root 11241100x80000000000000003850206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7b37a5417684b52021-12-22 11:47:14.695root 11241100x80000000000000003850207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38e1be704b734992021-12-22 11:47:14.696root 11241100x80000000000000003850208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d7c6da06bad0e62021-12-22 11:47:14.696root 11241100x80000000000000003850209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46571215676fed892021-12-22 11:47:14.696root 11241100x80000000000000003850210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60076f417ad75252021-12-22 11:47:14.696root 11241100x80000000000000003850211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82afd641750f6842021-12-22 11:47:14.696root 11241100x80000000000000003850212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d14789b184db762021-12-22 11:47:14.696root 11241100x80000000000000003850213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:14.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70817cd9c45b0ffb2021-12-22 11:47:14.696root 354300x80000000000000003850214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.179{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55452-false10.0.1.12-8000- 11241100x80000000000000003850215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.180{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da235485d50738942021-12-22 11:47:15.180root 11241100x80000000000000003850216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.180{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3109ccb5fd47409e2021-12-22 11:47:15.180root 11241100x80000000000000003850217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.180{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b734eac8e04dc8a2021-12-22 11:47:15.180root 11241100x80000000000000003850218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.180{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d17c62ede329b092021-12-22 11:47:15.180root 11241100x80000000000000003850219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.180{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a9dd2f171fdf332021-12-22 11:47:15.180root 11241100x80000000000000003850220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.181{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14852f0bc59367912021-12-22 11:47:15.181root 11241100x80000000000000003850221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.181{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b2355cff3fade62021-12-22 11:47:15.181root 11241100x80000000000000003850222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.181{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd1b22f70046ed42021-12-22 11:47:15.181root 11241100x80000000000000003850223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.181{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc91b38443886fbc2021-12-22 11:47:15.181root 11241100x80000000000000003850224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.182{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9902ba786b4917a22021-12-22 11:47:15.182root 11241100x80000000000000003850225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.182{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08fb02c394bd5a722021-12-22 11:47:15.182root 11241100x80000000000000003850226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.182{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb13e57140cba0e82021-12-22 11:47:15.182root 11241100x80000000000000003850227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c35838f7edc61312021-12-22 11:47:15.183root 11241100x80000000000000003850228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2008bd4fef3e04e2021-12-22 11:47:15.183root 11241100x80000000000000003850229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451aad63332ac42e2021-12-22 11:47:15.183root 11241100x80000000000000003850230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca2f54596248a2d2021-12-22 11:47:15.183root 11241100x80000000000000003850231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ff69d529aaaad42021-12-22 11:47:15.183root 11241100x80000000000000003850232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e36f3be91eaa3cf2021-12-22 11:47:15.183root 11241100x80000000000000003850233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d75937896cccbe2021-12-22 11:47:15.183root 11241100x80000000000000003850234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b087fb5e44e1d5772021-12-22 11:47:15.183root 11241100x80000000000000003850235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.184{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d19cfc5cb685bb52021-12-22 11:47:15.184root 11241100x80000000000000003850236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.184{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469d61ad6e1391c12021-12-22 11:47:15.184root 11241100x80000000000000003850237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.184{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d22a8c521ae8f92021-12-22 11:47:15.184root 11241100x80000000000000003850238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.184{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9260a1c1c725a25a2021-12-22 11:47:15.184root 11241100x80000000000000003850239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.184{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c558f12ad9532d3a2021-12-22 11:47:15.184root 11241100x80000000000000003850240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.184{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37eb309a6a9d4fd2021-12-22 11:47:15.184root 11241100x80000000000000003850241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.184{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2046f48ba919c06a2021-12-22 11:47:15.184root 11241100x80000000000000003850242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.184{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb1513f2278df042021-12-22 11:47:15.184root 11241100x80000000000000003850243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.184{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b163d956a796492021-12-22 11:47:15.184root 11241100x80000000000000003850244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.184{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.727155efc92ca0c32021-12-22 11:47:15.184root 11241100x80000000000000003850245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ce694de427497c2021-12-22 11:47:15.443root 11241100x80000000000000003850246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce8aa6abdb18d532021-12-22 11:47:15.443root 11241100x80000000000000003850247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfde2135da3840d52021-12-22 11:47:15.444root 11241100x80000000000000003850248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29cc83abfc0fc232021-12-22 11:47:15.444root 11241100x80000000000000003850249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f14f6e1ff846512021-12-22 11:47:15.444root 11241100x80000000000000003850250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013717120f77cd622021-12-22 11:47:15.444root 11241100x80000000000000003850251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e580f298a80dda52021-12-22 11:47:15.444root 11241100x80000000000000003850252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef82f1ff84d947f22021-12-22 11:47:15.444root 11241100x80000000000000003850253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b2137e647f0deb2021-12-22 11:47:15.444root 11241100x80000000000000003850254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f9b1f04466fd3d2021-12-22 11:47:15.445root 11241100x80000000000000003850255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8be2b94e7fead352021-12-22 11:47:15.445root 11241100x80000000000000003850256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01297f6cf9b6bee32021-12-22 11:47:15.445root 11241100x80000000000000003850257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c752abc29097312021-12-22 11:47:15.445root 11241100x80000000000000003850258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8097a1ce960f9c2021-12-22 11:47:15.445root 11241100x80000000000000003850259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1558e8fc1c2e30032021-12-22 11:47:15.445root 11241100x80000000000000003850260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b4061e8c40f1a92021-12-22 11:47:15.445root 11241100x80000000000000003850261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97104af7af3ddf412021-12-22 11:47:15.445root 11241100x80000000000000003850262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b3a7dc70858d6d2021-12-22 11:47:15.445root 11241100x80000000000000003850263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb0d96da0ae339f42021-12-22 11:47:15.446root 11241100x80000000000000003850264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34084597c4d5e2d12021-12-22 11:47:15.446root 11241100x80000000000000003850265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602f16e732e75c382021-12-22 11:47:15.446root 11241100x80000000000000003850266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff760862f2e098c62021-12-22 11:47:15.446root 11241100x80000000000000003850267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009c5444bacf2b122021-12-22 11:47:15.446root 11241100x80000000000000003850268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67da9bd5783690172021-12-22 11:47:15.446root 11241100x80000000000000003850269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7c087b6c56cc572021-12-22 11:47:15.446root 11241100x80000000000000003850270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ab116fd4d45c322021-12-22 11:47:15.446root 11241100x80000000000000003850271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61415a30708a76da2021-12-22 11:47:15.446root 11241100x80000000000000003850272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d337939697d130f62021-12-22 11:47:15.448root 11241100x80000000000000003850273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00fe0f8bc6057ad42021-12-22 11:47:15.448root 11241100x80000000000000003850274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4482f176687657202021-12-22 11:47:15.449root 11241100x80000000000000003850275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c97f0194f94d002021-12-22 11:47:15.449root 11241100x80000000000000003850276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be415dcafaf1ec922021-12-22 11:47:15.450root 11241100x80000000000000003850277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d8df58a0ec274e2021-12-22 11:47:15.450root 11241100x80000000000000003850278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52950fb601f393bd2021-12-22 11:47:15.450root 11241100x80000000000000003850279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc98053e819b4e5d2021-12-22 11:47:15.450root 11241100x80000000000000003850280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3372844357fb4bc62021-12-22 11:47:15.451root 11241100x80000000000000003850281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126046e4c90f89f32021-12-22 11:47:15.451root 11241100x80000000000000003850282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b80bd93bc761bee2021-12-22 11:47:15.451root 11241100x80000000000000003850283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0817b13940fadf872021-12-22 11:47:15.451root 11241100x80000000000000003850284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57815476d00cd7a62021-12-22 11:47:15.452root 11241100x80000000000000003850285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26bc3fc23a6bcbaf2021-12-22 11:47:15.452root 11241100x80000000000000003850286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73dcc48fe2dfebbb2021-12-22 11:47:15.452root 11241100x80000000000000003850287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861a798e7fee7f5a2021-12-22 11:47:15.452root 11241100x80000000000000003850288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae04d07bda31ef32021-12-22 11:47:15.452root 11241100x80000000000000003850289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edaa534391cbf1232021-12-22 11:47:15.452root 11241100x80000000000000003850290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7bd3118ed5d88582021-12-22 11:47:15.452root 11241100x80000000000000003850291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9693228973817e7a2021-12-22 11:47:15.452root 11241100x80000000000000003850292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddeb47d60b122f472021-12-22 11:47:15.452root 11241100x80000000000000003850293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25d15a53758e9eb2021-12-22 11:47:15.452root 11241100x80000000000000003850294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3e9492e5814bad2021-12-22 11:47:15.452root 11241100x80000000000000003850295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5832324b9adc6ad2021-12-22 11:47:15.453root 11241100x80000000000000003850296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a616284315117ff2021-12-22 11:47:15.453root 11241100x80000000000000003850297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413c303a34d0dabd2021-12-22 11:47:15.943root 11241100x80000000000000003850298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9e099e269f49052021-12-22 11:47:15.944root 11241100x80000000000000003850299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a7386b72d7de862021-12-22 11:47:15.944root 11241100x80000000000000003850300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4b10755aef91fa2021-12-22 11:47:15.944root 11241100x80000000000000003850301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b69835d04b89482021-12-22 11:47:15.944root 11241100x80000000000000003850302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a12b27c4908f4872021-12-22 11:47:15.944root 11241100x80000000000000003850303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec72e80ad0628ae2021-12-22 11:47:15.944root 11241100x80000000000000003850304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8905930c5e9e002021-12-22 11:47:15.945root 11241100x80000000000000003850305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1882e6b829e46ff62021-12-22 11:47:15.945root 11241100x80000000000000003850306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb541cca8a9b426a2021-12-22 11:47:15.945root 11241100x80000000000000003850307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d29081722c5fd82021-12-22 11:47:15.945root 11241100x80000000000000003850308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79f951259fe77cb2021-12-22 11:47:15.945root 11241100x80000000000000003850309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7927493ca17090102021-12-22 11:47:15.945root 11241100x80000000000000003850310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ae4f21dadfc2cc2021-12-22 11:47:15.946root 11241100x80000000000000003850311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6109212964a0762021-12-22 11:47:15.946root 11241100x80000000000000003850312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21afe2707c97da442021-12-22 11:47:15.946root 11241100x80000000000000003850313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21294216067c7c3e2021-12-22 11:47:15.946root 11241100x80000000000000003850314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bff31cd9f9e932f2021-12-22 11:47:15.946root 11241100x80000000000000003850315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d719f42c37d37ef2021-12-22 11:47:15.946root 11241100x80000000000000003850316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41317145e0eaae092021-12-22 11:47:15.946root 11241100x80000000000000003850317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cefc4966c24222d2021-12-22 11:47:15.946root 11241100x80000000000000003850318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9add99597f6049102021-12-22 11:47:15.947root 11241100x80000000000000003850319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe3893692f0b9472021-12-22 11:47:15.947root 11241100x80000000000000003850320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78bcc6952178f1f2021-12-22 11:47:15.947root 11241100x80000000000000003850321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df39e015551db3c2021-12-22 11:47:15.947root 154100x80000000000000003850322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.956{ec2b6afe-1043-61c3-80c2-39ccb3550000}19067/bin/nano-----nano myfopen.c/home/ubuntuubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 11241100x80000000000000003850323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:15.979{ec2b6afe-1043-61c3-80c2-39ccb3550000}19067/bin/nano/home/ubuntu/.myfopen.c.swp2021-12-22 11:47:15.979ubuntu 11241100x80000000000000003850324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9040f05c0f2613742021-12-22 11:47:16.442root 11241100x80000000000000003850325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d7585c2311aefe2021-12-22 11:47:16.443root 11241100x80000000000000003850326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117043d394cc01392021-12-22 11:47:16.444root 11241100x80000000000000003850327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b441f815f3bf507e2021-12-22 11:47:16.444root 11241100x80000000000000003850328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a3df0447e05c2c2021-12-22 11:47:16.444root 11241100x80000000000000003850329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9586b27c31b0912021-12-22 11:47:16.445root 11241100x80000000000000003850330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7526a6cc30248de42021-12-22 11:47:16.445root 11241100x80000000000000003850331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0393a31d624cfd2021-12-22 11:47:16.445root 11241100x80000000000000003850332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5227158420531a62021-12-22 11:47:16.446root 11241100x80000000000000003850333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb6728117f380712021-12-22 11:47:16.446root 11241100x80000000000000003850334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f98d3f41288b282021-12-22 11:47:16.446root 11241100x80000000000000003850335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd4802fef2c4ccc2021-12-22 11:47:16.447root 11241100x80000000000000003850336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9432f4131c0d92eb2021-12-22 11:47:16.447root 11241100x80000000000000003850337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f50448e5a5f7f8c2021-12-22 11:47:16.447root 11241100x80000000000000003850338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8c3ffa5e1129262021-12-22 11:47:16.448root 11241100x80000000000000003850339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40ffec5e86424a32021-12-22 11:47:16.448root 11241100x80000000000000003850340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25318a9acd8804512021-12-22 11:47:16.448root 11241100x80000000000000003850341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d55560784fd26a2021-12-22 11:47:16.449root 11241100x80000000000000003850342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4867a52f6e56622021-12-22 11:47:16.449root 11241100x80000000000000003850343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1c81f4c3b2349d2021-12-22 11:47:16.449root 11241100x80000000000000003850344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383f22917af847c52021-12-22 11:47:16.450root 11241100x80000000000000003850345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aeca8e637f482d72021-12-22 11:47:16.450root 11241100x80000000000000003850346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5b29330dfb6a1b2021-12-22 11:47:16.450root 11241100x80000000000000003850347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec3da3e0796ba8e2021-12-22 11:47:16.450root 11241100x80000000000000003850348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14eab473f545f5192021-12-22 11:47:16.451root 11241100x80000000000000003850349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb6d08a5482f9a12021-12-22 11:47:16.451root 11241100x80000000000000003850350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58aea96973a861282021-12-22 11:47:16.451root 11241100x80000000000000003850351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b0948b34b395e12021-12-22 11:47:16.451root 11241100x80000000000000003850352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b949e57c44de7c2021-12-22 11:47:16.943root 11241100x80000000000000003850353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd505125163324cc2021-12-22 11:47:16.943root 11241100x80000000000000003850354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3026bf337c419bb2021-12-22 11:47:16.943root 11241100x80000000000000003850355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e36e1ad2b9a2aaa2021-12-22 11:47:16.943root 11241100x80000000000000003850356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70161f9e2a30a6672021-12-22 11:47:16.943root 11241100x80000000000000003850357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279e44044def96942021-12-22 11:47:16.943root 11241100x80000000000000003850358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b4d105925cac172021-12-22 11:47:16.943root 11241100x80000000000000003850359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ce43ea5846361b2021-12-22 11:47:16.944root 11241100x80000000000000003850360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68cf8b3de3bce8992021-12-22 11:47:16.944root 11241100x80000000000000003850361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b44d0993762083b2021-12-22 11:47:16.944root 11241100x80000000000000003850362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41a8b72dfbe4e642021-12-22 11:47:16.944root 11241100x80000000000000003850363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d35592d5e3471812021-12-22 11:47:16.944root 11241100x80000000000000003850364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10991e8183bb1092021-12-22 11:47:16.944root 11241100x80000000000000003850365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4201c6cce6e618332021-12-22 11:47:16.944root 11241100x80000000000000003850366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229dfc71303cce982021-12-22 11:47:16.944root 11241100x80000000000000003850367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c60d4c45135a44b2021-12-22 11:47:16.944root 11241100x80000000000000003850368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf57079404d33cec2021-12-22 11:47:16.944root 11241100x80000000000000003850369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff3a255f5a02e142021-12-22 11:47:16.945root 11241100x80000000000000003850370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf97a53ec52eaa92021-12-22 11:47:16.945root 11241100x80000000000000003850371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd22b862f1a453d2021-12-22 11:47:16.945root 11241100x80000000000000003850372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd1d37d325a01322021-12-22 11:47:16.945root 11241100x80000000000000003850373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271b75eb5a3759d62021-12-22 11:47:16.945root 11241100x80000000000000003850374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb80401791f29c72021-12-22 11:47:16.945root 11241100x80000000000000003850375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89bebe1c812198232021-12-22 11:47:16.945root 11241100x80000000000000003850376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eac212d33a0bcf42021-12-22 11:47:16.945root 11241100x80000000000000003850377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23afab40283e9a22021-12-22 11:47:16.946root 11241100x80000000000000003850378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b1b1186ec71eed2021-12-22 11:47:16.946root 11241100x80000000000000003850379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26657a0382e7c6f42021-12-22 11:47:17.443root 11241100x80000000000000003850380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e46649d0f8b598a2021-12-22 11:47:17.443root 11241100x80000000000000003850381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f2ce8403e29e6e2021-12-22 11:47:17.443root 11241100x80000000000000003850382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a0a21e143fbe582021-12-22 11:47:17.443root 11241100x80000000000000003850383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2785d1a5999d5642021-12-22 11:47:17.443root 11241100x80000000000000003850384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a26b25dbd32ae132021-12-22 11:47:17.443root 11241100x80000000000000003850385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f694af0d9c4839f72021-12-22 11:47:17.444root 11241100x80000000000000003850386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03453e3195dbe012021-12-22 11:47:17.444root 11241100x80000000000000003850387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4fe112aa5ec0982021-12-22 11:47:17.444root 11241100x80000000000000003850388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2be1013a118cad2021-12-22 11:47:17.444root 11241100x80000000000000003850389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3104325b9b4cc942021-12-22 11:47:17.444root 11241100x80000000000000003850390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc71480398e48f902021-12-22 11:47:17.444root 11241100x80000000000000003850391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8975da5aa80e06c82021-12-22 11:47:17.444root 11241100x80000000000000003850392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69735b75dd5ed962021-12-22 11:47:17.444root 11241100x80000000000000003850393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9dc6142bb1ef2d32021-12-22 11:47:17.444root 11241100x80000000000000003850394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2a5a0b920266d12021-12-22 11:47:17.445root 11241100x80000000000000003850395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066696ef65f2744e2021-12-22 11:47:17.445root 11241100x80000000000000003850396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6983bb4ee2ac544f2021-12-22 11:47:17.445root 11241100x80000000000000003850397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4600398c659a083c2021-12-22 11:47:17.445root 11241100x80000000000000003850398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1450aa8f33aeccab2021-12-22 11:47:17.445root 11241100x80000000000000003850399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38963377b7b1a4082021-12-22 11:47:17.445root 11241100x80000000000000003850400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335ba84aee3f4b572021-12-22 11:47:17.445root 11241100x80000000000000003850401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99273277671f40072021-12-22 11:47:17.445root 11241100x80000000000000003850402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec43a1bb1a8c4ab82021-12-22 11:47:17.446root 11241100x80000000000000003850403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ffb28d4390a1d392021-12-22 11:47:17.446root 11241100x80000000000000003850404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6a184d38a78e252021-12-22 11:47:17.446root 11241100x80000000000000003850405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18960ec0b51f0e762021-12-22 11:47:17.446root 11241100x80000000000000003850406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbf4f8d41de1a882021-12-22 11:47:17.446root 11241100x80000000000000003850407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a19053a58bbfb22021-12-22 11:47:17.446root 11241100x80000000000000003850408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76dbbb179e4a0bc2021-12-22 11:47:17.943root 11241100x80000000000000003850409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717f47220256a6fa2021-12-22 11:47:17.943root 11241100x80000000000000003850410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37074234b56cd5b92021-12-22 11:47:17.944root 11241100x80000000000000003850411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f3a0f54f7ddb052021-12-22 11:47:17.944root 11241100x80000000000000003850412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a86185747d60fb52021-12-22 11:47:17.944root 11241100x80000000000000003850413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8df30381b1536222021-12-22 11:47:17.944root 11241100x80000000000000003850414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ecc96577cdb47b2021-12-22 11:47:17.944root 11241100x80000000000000003850415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b43f3cce60ef71d2021-12-22 11:47:17.945root 11241100x80000000000000003850416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919ee74c86b92ee82021-12-22 11:47:17.945root 11241100x80000000000000003850417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6e42dccd6ed9222021-12-22 11:47:17.945root 11241100x80000000000000003850418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b265873b87fd14c2021-12-22 11:47:17.945root 11241100x80000000000000003850419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb0281c373dadbe2021-12-22 11:47:17.945root 11241100x80000000000000003850420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73877c0b525cb7fe2021-12-22 11:47:17.945root 11241100x80000000000000003850421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f622b8db53c12edc2021-12-22 11:47:17.945root 11241100x80000000000000003850422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41372a078e5d96922021-12-22 11:47:17.946root 11241100x80000000000000003850423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e7d15a8865e7892021-12-22 11:47:17.946root 11241100x80000000000000003850424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d197050f362ca1072021-12-22 11:47:17.946root 11241100x80000000000000003850425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cebe664e7f6a3b002021-12-22 11:47:17.946root 11241100x80000000000000003850426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3287e4a5a2a018d32021-12-22 11:47:17.946root 11241100x80000000000000003850427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8c1b8e8506df152021-12-22 11:47:17.946root 11241100x80000000000000003850428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310bfd97377e8e792021-12-22 11:47:17.946root 11241100x80000000000000003850429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ce65584d5bbec72021-12-22 11:47:17.946root 11241100x80000000000000003850430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89196e202ae0af782021-12-22 11:47:17.946root 11241100x80000000000000003850431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e603c191a209d62021-12-22 11:47:17.946root 11241100x80000000000000003850432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4c80bbdc5c2b2a2021-12-22 11:47:17.946root 11241100x80000000000000003850433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85008bdafba4d47f2021-12-22 11:47:17.946root 11241100x80000000000000003850434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f05edffb14bf8412021-12-22 11:47:17.946root 11241100x80000000000000003850435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82817d1a32c279df2021-12-22 11:47:18.443root 11241100x80000000000000003850436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fadf6e5bae93c882021-12-22 11:47:18.443root 11241100x80000000000000003850437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa6dcd9a4dd3b4c2021-12-22 11:47:18.443root 11241100x80000000000000003850438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bd7a7023cc12802021-12-22 11:47:18.444root 11241100x80000000000000003850439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f638ac383b121be2021-12-22 11:47:18.444root 11241100x80000000000000003850440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef5d73277f2e6a12021-12-22 11:47:18.444root 11241100x80000000000000003850441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67bc6415972c4de2021-12-22 11:47:18.444root 11241100x80000000000000003850442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95babda6f061b3882021-12-22 11:47:18.444root 11241100x80000000000000003850443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0813927ceedab42021-12-22 11:47:18.444root 11241100x80000000000000003850444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67488e1f4d543c132021-12-22 11:47:18.445root 11241100x80000000000000003850445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa78515384f45ef2021-12-22 11:47:18.445root 11241100x80000000000000003850446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cf9c679214768d2021-12-22 11:47:18.445root 11241100x80000000000000003850447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396943c00a6b6b4b2021-12-22 11:47:18.445root 11241100x80000000000000003850448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfce4efcb9a283332021-12-22 11:47:18.445root 11241100x80000000000000003850449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3312e4570df5a72021-12-22 11:47:18.445root 11241100x80000000000000003850450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b5ade447c97db22021-12-22 11:47:18.446root 11241100x80000000000000003850451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b056826277d93e2a2021-12-22 11:47:18.446root 11241100x80000000000000003850452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26806f213ea7b292021-12-22 11:47:18.447root 11241100x80000000000000003850453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89da2d7e1b64cd32021-12-22 11:47:18.447root 11241100x80000000000000003850454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17af3584ac40192d2021-12-22 11:47:18.448root 11241100x80000000000000003850455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2c9e2a51bad3932021-12-22 11:47:18.448root 11241100x80000000000000003850456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fccf760e0135b232021-12-22 11:47:18.448root 11241100x80000000000000003850457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c92edcf1d84c9a12021-12-22 11:47:18.448root 11241100x80000000000000003850458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef535d75daab0a872021-12-22 11:47:18.449root 11241100x80000000000000003850459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8783a2052cdee2af2021-12-22 11:47:18.449root 11241100x80000000000000003850460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b717219759c17c2021-12-22 11:47:18.449root 11241100x80000000000000003850461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16bee1589b1c6b842021-12-22 11:47:18.449root 11241100x80000000000000003850462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5520d371a44850442021-12-22 11:47:18.943root 11241100x80000000000000003850463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebbb2bb5844f30ba2021-12-22 11:47:18.943root 11241100x80000000000000003850464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e76d53bd8f8ea12021-12-22 11:47:18.943root 11241100x80000000000000003850465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d1d9a38fb0f9db2021-12-22 11:47:18.943root 11241100x80000000000000003850466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971213c11da285352021-12-22 11:47:18.944root 11241100x80000000000000003850467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b703ab000fc8972021-12-22 11:47:18.944root 11241100x80000000000000003850468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81de015f44cba7e02021-12-22 11:47:18.944root 11241100x80000000000000003850469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e029e37e6fd5911e2021-12-22 11:47:18.944root 11241100x80000000000000003850470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5815c21d530c5a0e2021-12-22 11:47:18.944root 11241100x80000000000000003850471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b52ac22a2dbdbed2021-12-22 11:47:18.944root 11241100x80000000000000003850472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50258a2ee0b0f2c32021-12-22 11:47:18.944root 11241100x80000000000000003850473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f097f57b9c096562021-12-22 11:47:18.944root 11241100x80000000000000003850474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9944f0baf2dbb602021-12-22 11:47:18.944root 11241100x80000000000000003850475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b91b0a2e0cf71bb2021-12-22 11:47:18.944root 11241100x80000000000000003850476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c45def56866bc392021-12-22 11:47:18.944root 11241100x80000000000000003850477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061c3a932ccc06ea2021-12-22 11:47:18.944root 11241100x80000000000000003850478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a1e851c28ee3ab2021-12-22 11:47:18.944root 11241100x80000000000000003850479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8ab70ef7cf3f942021-12-22 11:47:18.944root 11241100x80000000000000003850480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c00f713987ffe02021-12-22 11:47:18.944root 11241100x80000000000000003850481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb9ce328d90a6652021-12-22 11:47:18.944root 11241100x80000000000000003850482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a485f3da4df0362021-12-22 11:47:18.945root 11241100x80000000000000003850483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97904c124d5736e2021-12-22 11:47:18.945root 11241100x80000000000000003850484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4525d8a646db93642021-12-22 11:47:18.945root 11241100x80000000000000003850485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ef25704d83af172021-12-22 11:47:18.945root 11241100x80000000000000003850486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9321c376b9e9fd3e2021-12-22 11:47:18.945root 11241100x80000000000000003850487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf750c6005e7b94f2021-12-22 11:47:18.945root 11241100x80000000000000003850488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10fdc035a88c62d2021-12-22 11:47:18.945root 11241100x80000000000000003850489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6f2af0727785a02021-12-22 11:47:19.443root 11241100x80000000000000003850490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da18c2122406fad22021-12-22 11:47:19.444root 11241100x80000000000000003850491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e4bb611d978b0e2021-12-22 11:47:19.444root 11241100x80000000000000003850492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d1f09b6dd4f0552021-12-22 11:47:19.445root 11241100x80000000000000003850493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f32c1e765971ce2021-12-22 11:47:19.445root 11241100x80000000000000003850494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2a7cb2a05169942021-12-22 11:47:19.445root 11241100x80000000000000003850495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5dcc839181841592021-12-22 11:47:19.445root 11241100x80000000000000003850496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f790bc31a1ddcc002021-12-22 11:47:19.445root 11241100x80000000000000003850497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8afc1d19f2e7cd2021-12-22 11:47:19.445root 11241100x80000000000000003850498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cc24209a937be92021-12-22 11:47:19.445root 11241100x80000000000000003850499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffae9541b7e997c62021-12-22 11:47:19.446root 11241100x80000000000000003850500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7682ad63ca46f60b2021-12-22 11:47:19.446root 11241100x80000000000000003850501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44543b042f71a3c92021-12-22 11:47:19.446root 11241100x80000000000000003850502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8563709095f9317a2021-12-22 11:47:19.446root 11241100x80000000000000003850503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20139a92401fabd62021-12-22 11:47:19.446root 11241100x80000000000000003850504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d840fd000474a2232021-12-22 11:47:19.446root 11241100x80000000000000003850505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6960de621dceda142021-12-22 11:47:19.446root 11241100x80000000000000003850506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85a926f9129068c2021-12-22 11:47:19.446root 11241100x80000000000000003850507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fb75bc9a8637692021-12-22 11:47:19.446root 11241100x80000000000000003850508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86865680870a44c2021-12-22 11:47:19.446root 11241100x80000000000000003850509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d72fb98873023732021-12-22 11:47:19.447root 11241100x80000000000000003850510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08b7255491e81ba2021-12-22 11:47:19.447root 11241100x80000000000000003850511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af1e919a0a48aa82021-12-22 11:47:19.447root 11241100x80000000000000003850512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5980da4017a63d6e2021-12-22 11:47:19.447root 11241100x80000000000000003850513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45033bff814f3552021-12-22 11:47:19.447root 11241100x80000000000000003850514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccecf948467bd1782021-12-22 11:47:19.447root 11241100x80000000000000003850515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3531d6c7220a7b652021-12-22 11:47:19.447root 11241100x80000000000000003850516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678c9507097835752021-12-22 11:47:19.944root 11241100x80000000000000003850517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df12ce860dce6b4f2021-12-22 11:47:19.944root 11241100x80000000000000003850518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52d5165708581842021-12-22 11:47:19.944root 11241100x80000000000000003850519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822f8175e0de1daf2021-12-22 11:47:19.944root 11241100x80000000000000003850520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c50950a9a6978d2021-12-22 11:47:19.944root 11241100x80000000000000003850521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14af198c88b3ad612021-12-22 11:47:19.944root 11241100x80000000000000003850522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004eadcc2fa5c9702021-12-22 11:47:19.944root 11241100x80000000000000003850523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1321f9cd0ebda8a62021-12-22 11:47:19.944root 11241100x80000000000000003850524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb7ce215ac190d62021-12-22 11:47:19.945root 11241100x80000000000000003850525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258542983d75b7cf2021-12-22 11:47:19.945root 11241100x80000000000000003850526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb0235218313a412021-12-22 11:47:19.945root 11241100x80000000000000003850527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0636cb26b4062d022021-12-22 11:47:19.945root 11241100x80000000000000003850528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a3836a362ec99b2021-12-22 11:47:19.945root 11241100x80000000000000003850529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ceae31f10e57b62021-12-22 11:47:19.945root 11241100x80000000000000003850530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6654b0dfef93ada32021-12-22 11:47:19.946root 11241100x80000000000000003850531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2af2f2c45497d982021-12-22 11:47:19.946root 11241100x80000000000000003850532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4179e070db0d122021-12-22 11:47:19.946root 11241100x80000000000000003850533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4969236ac1aa2ec02021-12-22 11:47:19.946root 11241100x80000000000000003850534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d7c9ec268a25682021-12-22 11:47:19.946root 11241100x80000000000000003850535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c888524468e9892021-12-22 11:47:19.946root 11241100x80000000000000003850536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23ca025ff037a992021-12-22 11:47:19.946root 11241100x80000000000000003850537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3b57d8f7b37a782021-12-22 11:47:19.946root 11241100x80000000000000003850538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81bac5ef1a81fba2021-12-22 11:47:19.946root 11241100x80000000000000003850539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0f98702ca173382021-12-22 11:47:19.946root 11241100x80000000000000003850540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773e5c89b506af182021-12-22 11:47:19.947root 11241100x80000000000000003850541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9533f9b5258019d2021-12-22 11:47:19.947root 11241100x80000000000000003850542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0c15a47a7629582021-12-22 11:47:19.947root 11241100x80000000000000003850543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0621c048843efa632021-12-22 11:47:20.443root 11241100x80000000000000003850544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f14ef67d5d376f2021-12-22 11:47:20.443root 11241100x80000000000000003850545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d15a5031dc6ba92021-12-22 11:47:20.443root 11241100x80000000000000003850546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f3160dbbcc25c12021-12-22 11:47:20.443root 11241100x80000000000000003850547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7297b4e69b3b92742021-12-22 11:47:20.443root 11241100x80000000000000003850548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1094691f4b15b74d2021-12-22 11:47:20.444root 11241100x80000000000000003850549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28384141b1935d372021-12-22 11:47:20.444root 11241100x80000000000000003850550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e8971b4ff18c942021-12-22 11:47:20.444root 11241100x80000000000000003850551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f4da9b01cf25bd2021-12-22 11:47:20.444root 11241100x80000000000000003850552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8d54d05bd6bca72021-12-22 11:47:20.444root 11241100x80000000000000003850553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae4332f87ccebac2021-12-22 11:47:20.444root 11241100x80000000000000003850554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d6d53f04fb4a422021-12-22 11:47:20.444root 11241100x80000000000000003850555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cddfa00ddbc87b562021-12-22 11:47:20.444root 11241100x80000000000000003850556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39519d3663e1d5d2021-12-22 11:47:20.445root 11241100x80000000000000003850557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92003df2b7bd55d62021-12-22 11:47:20.445root 11241100x80000000000000003850558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dcc24f2fba91ec92021-12-22 11:47:20.445root 11241100x80000000000000003850559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7c1fb0000913e72021-12-22 11:47:20.445root 11241100x80000000000000003850560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374561b99f3ef8512021-12-22 11:47:20.445root 11241100x80000000000000003850561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33511a48abda52372021-12-22 11:47:20.445root 11241100x80000000000000003850562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52eb4a4ce68e865e2021-12-22 11:47:20.445root 11241100x80000000000000003850563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63d788409344b922021-12-22 11:47:20.451root 11241100x80000000000000003850564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff2da9c413fd2822021-12-22 11:47:20.451root 11241100x80000000000000003850565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cf9655b73b3bba2021-12-22 11:47:20.451root 11241100x80000000000000003850566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd181303f2192f212021-12-22 11:47:20.451root 11241100x80000000000000003850567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc31dc8f33cabdb2021-12-22 11:47:20.451root 11241100x80000000000000003850568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04db163cf7f80ba2021-12-22 11:47:20.452root 11241100x80000000000000003850569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27aac7ddb1c5c05d2021-12-22 11:47:20.452root 11241100x80000000000000003850570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2776bce4d7727b182021-12-22 11:47:20.943root 11241100x80000000000000003850571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f50e29a41983292021-12-22 11:47:20.943root 11241100x80000000000000003850572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e714d91e823266372021-12-22 11:47:20.943root 11241100x80000000000000003850573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ca08398b3d55ee2021-12-22 11:47:20.943root 11241100x80000000000000003850574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dabad28116755782021-12-22 11:47:20.943root 11241100x80000000000000003850575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049da3901de57ad52021-12-22 11:47:20.944root 11241100x80000000000000003850576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b179ce9813deb12021-12-22 11:47:20.944root 11241100x80000000000000003850577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1c5c5f9a21a1b32021-12-22 11:47:20.944root 11241100x80000000000000003850578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c307f0d8e0f21a12021-12-22 11:47:20.944root 11241100x80000000000000003850579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1782b71f5484687a2021-12-22 11:47:20.944root 11241100x80000000000000003850580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f05cf16aad62a72021-12-22 11:47:20.944root 11241100x80000000000000003850581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6cd1af266f01d212021-12-22 11:47:20.944root 11241100x80000000000000003850582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1bf92ad8b3f2502021-12-22 11:47:20.945root 11241100x80000000000000003850583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56a42c32bd8a9f52021-12-22 11:47:20.945root 11241100x80000000000000003850584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e31bd1338cff24d2021-12-22 11:47:20.945root 11241100x80000000000000003850585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7fcd77674b46062021-12-22 11:47:20.945root 11241100x80000000000000003850586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad63bfed15811d1a2021-12-22 11:47:20.945root 11241100x80000000000000003850587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4049c0c29b64c6b2021-12-22 11:47:20.945root 11241100x80000000000000003850588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2347b335d9a39a22021-12-22 11:47:20.945root 11241100x80000000000000003850589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8d2907656814a82021-12-22 11:47:20.945root 11241100x80000000000000003850590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17b51e3754ad21c2021-12-22 11:47:20.946root 11241100x80000000000000003850591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe946b81116a8bf12021-12-22 11:47:20.946root 11241100x80000000000000003850592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb338cf90bcc53c2021-12-22 11:47:20.946root 11241100x80000000000000003850593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27aa95c92ffe660f2021-12-22 11:47:20.946root 11241100x80000000000000003850594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d47944e658c7d942021-12-22 11:47:20.946root 11241100x80000000000000003850595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd120aa5b4a0f5a22021-12-22 11:47:20.946root 11241100x80000000000000003850596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68944ecbe3fa2fd52021-12-22 11:47:20.946root 11241100x80000000000000003850597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29058ebc1f67f1b02021-12-22 11:47:20.946root 11241100x80000000000000003850598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8335664aa565542021-12-22 11:47:20.947root 11241100x80000000000000003850599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f0ce737d254a932021-12-22 11:47:20.947root 11241100x80000000000000003850600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec1de59222166732021-12-22 11:47:20.947root 11241100x80000000000000003850601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56eeee1fb16a73ef2021-12-22 11:47:20.947root 11241100x80000000000000003850602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb9f443bc7dcd552021-12-22 11:47:20.947root 11241100x80000000000000003850603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4248f8a85a7775eb2021-12-22 11:47:20.947root 11241100x80000000000000003850604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93691ffbed3191cd2021-12-22 11:47:20.947root 11241100x80000000000000003850605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ead5bfd92418e172021-12-22 11:47:20.947root 354300x80000000000000003850606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.121{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55454-false10.0.1.12-8000- 11241100x80000000000000003850607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b0f14988d89c2d2021-12-22 11:47:21.443root 11241100x80000000000000003850608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff1602d286a3bc82021-12-22 11:47:21.443root 11241100x80000000000000003850609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207783a09d9e2f8d2021-12-22 11:47:21.444root 11241100x80000000000000003850610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12bf1b3394481e42021-12-22 11:47:21.444root 11241100x80000000000000003850611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247370ec9ca4d65c2021-12-22 11:47:21.444root 11241100x80000000000000003850612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289d0b1837d15d002021-12-22 11:47:21.444root 11241100x80000000000000003850613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468cf292bb213aff2021-12-22 11:47:21.444root 11241100x80000000000000003850614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0c69639601d8902021-12-22 11:47:21.445root 11241100x80000000000000003850615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccadccc9258e277b2021-12-22 11:47:21.445root 11241100x80000000000000003850616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93e7c4bb8a889802021-12-22 11:47:21.445root 11241100x80000000000000003850617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11df41dda632c8dd2021-12-22 11:47:21.445root 11241100x80000000000000003850618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee886c06d1d6563d2021-12-22 11:47:21.445root 11241100x80000000000000003850619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82b46ab486e269a2021-12-22 11:47:21.446root 11241100x80000000000000003850620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e8f6af11d233742021-12-22 11:47:21.446root 11241100x80000000000000003850621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc740f05ef9353c42021-12-22 11:47:21.447root 11241100x80000000000000003850622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2182aea76067bf02021-12-22 11:47:21.447root 11241100x80000000000000003850623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d25d9d1ab3574f2021-12-22 11:47:21.447root 11241100x80000000000000003850624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943a7ca0495a18372021-12-22 11:47:21.448root 11241100x80000000000000003850625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4929b5315e58dc2021-12-22 11:47:21.448root 11241100x80000000000000003850626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bac4e58b6dfabde2021-12-22 11:47:21.448root 11241100x80000000000000003850627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd77b17a986406b2021-12-22 11:47:21.448root 11241100x80000000000000003850628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d8734bdbbd650d2021-12-22 11:47:21.448root 11241100x80000000000000003850629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa0d86191e909de2021-12-22 11:47:21.449root 11241100x80000000000000003850630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703f2e5a1e5779bf2021-12-22 11:47:21.449root 11241100x80000000000000003850631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1297aa2e737629e22021-12-22 11:47:21.449root 11241100x80000000000000003850632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117603d3927a2d562021-12-22 11:47:21.449root 11241100x80000000000000003850633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cea3fc86c6eba992021-12-22 11:47:21.449root 11241100x80000000000000003850634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304d69ede0520b292021-12-22 11:47:21.450root 11241100x80000000000000003850635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa026af811431be2021-12-22 11:47:21.943root 11241100x80000000000000003850636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef421dfdbd82fcb2021-12-22 11:47:21.943root 11241100x80000000000000003850637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919f2ad767eda8a62021-12-22 11:47:21.944root 11241100x80000000000000003850638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc66494219f35ee2021-12-22 11:47:21.944root 11241100x80000000000000003850639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7dd9f96983683e2021-12-22 11:47:21.944root 11241100x80000000000000003850640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab10134a0318b26d2021-12-22 11:47:21.944root 11241100x80000000000000003850641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28eeb5563efc14e52021-12-22 11:47:21.944root 11241100x80000000000000003850642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71afab3bc7574022021-12-22 11:47:21.944root 11241100x80000000000000003850643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082e54bd1d6ac1ae2021-12-22 11:47:21.944root 11241100x80000000000000003850644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd32eda51de847432021-12-22 11:47:21.944root 11241100x80000000000000003850645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7081deed18f7069f2021-12-22 11:47:21.945root 11241100x80000000000000003850646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa6e9cb15c4cf932021-12-22 11:47:21.945root 11241100x80000000000000003850647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4760c850b7e01cb22021-12-22 11:47:21.945root 11241100x80000000000000003850648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eead0d9177eac4c02021-12-22 11:47:21.945root 11241100x80000000000000003850649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578fe7f4cd8c5a622021-12-22 11:47:21.945root 11241100x80000000000000003850650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9912fda827359422021-12-22 11:47:21.945root 11241100x80000000000000003850651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ccf81fa2128959c2021-12-22 11:47:21.945root 11241100x80000000000000003850652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b0c80dcd239cdf2021-12-22 11:47:21.945root 11241100x80000000000000003850653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67be8be78448e2b12021-12-22 11:47:21.945root 11241100x80000000000000003850654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb7426efd3ad4f82021-12-22 11:47:21.945root 11241100x80000000000000003850655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a0f5254811117b2021-12-22 11:47:21.946root 11241100x80000000000000003850656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197bbe7fac919da92021-12-22 11:47:21.946root 11241100x80000000000000003850657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be0cdc0edfae36a2021-12-22 11:47:21.946root 11241100x80000000000000003850658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d562b8f4eb473d2021-12-22 11:47:21.946root 11241100x80000000000000003850659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a73541a5453db82021-12-22 11:47:21.946root 11241100x80000000000000003850660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e907a056bc50ca002021-12-22 11:47:21.946root 11241100x80000000000000003850661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ccd40eb7e1833a2021-12-22 11:47:21.946root 11241100x80000000000000003850662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d74256e3e18e96d2021-12-22 11:47:21.946root 11241100x80000000000000003850663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e981963f5e2cdc2021-12-22 11:47:22.443root 11241100x80000000000000003850664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec21ae1da8219f42021-12-22 11:47:22.443root 11241100x80000000000000003850665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21acb0b8b96ec362021-12-22 11:47:22.444root 11241100x80000000000000003850666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9134a0a68632e0c82021-12-22 11:47:22.444root 11241100x80000000000000003850667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808487b8270ab7502021-12-22 11:47:22.444root 11241100x80000000000000003850668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742eb8db410f310e2021-12-22 11:47:22.444root 11241100x80000000000000003850669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f861cae07d714052021-12-22 11:47:22.444root 11241100x80000000000000003850670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d935b90982554de2021-12-22 11:47:22.444root 11241100x80000000000000003850671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b491665104cf542021-12-22 11:47:22.445root 11241100x80000000000000003850672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d199e53a5c88f2912021-12-22 11:47:22.445root 11241100x80000000000000003850673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef88e164d7a163df2021-12-22 11:47:22.445root 11241100x80000000000000003850674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca051a55b119e012021-12-22 11:47:22.445root 11241100x80000000000000003850675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dbece6ac3423d152021-12-22 11:47:22.445root 11241100x80000000000000003850676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16db5f6683f32bf2021-12-22 11:47:22.445root 11241100x80000000000000003850677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6352c2f2db3e412021-12-22 11:47:22.446root 11241100x80000000000000003850678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae5582c11469d1a2021-12-22 11:47:22.446root 11241100x80000000000000003850679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0420a3fd0081e9a22021-12-22 11:47:22.446root 11241100x80000000000000003850680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51e1ce5ed2dd6572021-12-22 11:47:22.446root 11241100x80000000000000003850681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee382831247e5e62021-12-22 11:47:22.447root 11241100x80000000000000003850682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d256e04ba37a0b9f2021-12-22 11:47:22.447root 11241100x80000000000000003850683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca9a205f7a8cd382021-12-22 11:47:22.447root 11241100x80000000000000003850684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc39478f248b6d42021-12-22 11:47:22.447root 11241100x80000000000000003850685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab5e31a655889e62021-12-22 11:47:22.448root 11241100x80000000000000003850686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62adbfe6727f18d2021-12-22 11:47:22.448root 11241100x80000000000000003850687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee68f5f85c41cc22021-12-22 11:47:22.448root 11241100x80000000000000003850688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c263e4ae6f6ab0a2021-12-22 11:47:22.449root 11241100x80000000000000003850689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f1352886f1cb322021-12-22 11:47:22.449root 11241100x80000000000000003850690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25fe50e93a13497c2021-12-22 11:47:22.449root 11241100x80000000000000003850691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6fd600105d23be2021-12-22 11:47:22.943root 11241100x80000000000000003850692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2631e9ed5111982021-12-22 11:47:22.943root 11241100x80000000000000003850693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72fa5b4760017cc2021-12-22 11:47:22.943root 11241100x80000000000000003850694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbb9e0e6bd561bf2021-12-22 11:47:22.943root 11241100x80000000000000003850695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9448fd57c2dbea42021-12-22 11:47:22.943root 11241100x80000000000000003850696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c0db914620eebb2021-12-22 11:47:22.944root 11241100x80000000000000003850697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ff3008cde95abe2021-12-22 11:47:22.944root 11241100x80000000000000003850698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f155de5d959f9e12021-12-22 11:47:22.944root 11241100x80000000000000003850699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc54ffb1aad46f92021-12-22 11:47:22.944root 11241100x80000000000000003850700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d3bdc2f59e787a2021-12-22 11:47:22.944root 11241100x80000000000000003850701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed753141bda27c412021-12-22 11:47:22.944root 11241100x80000000000000003850702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a692324b33333cc2021-12-22 11:47:22.945root 11241100x80000000000000003850703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbec792b86d78f12021-12-22 11:47:22.945root 11241100x80000000000000003850704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ec123f8b07f0b52021-12-22 11:47:22.945root 11241100x80000000000000003850705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db03c3e7a446e2a02021-12-22 11:47:22.945root 11241100x80000000000000003850706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5456c8c8b9af51db2021-12-22 11:47:22.945root 11241100x80000000000000003850707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c7ec23a029ae542021-12-22 11:47:22.945root 11241100x80000000000000003850708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b11b9ed20cded22021-12-22 11:47:22.946root 11241100x80000000000000003850709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3524cc93ed595f5d2021-12-22 11:47:22.946root 11241100x80000000000000003850710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132093b741860a452021-12-22 11:47:22.946root 11241100x80000000000000003850711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ce01abdf7e82c02021-12-22 11:47:22.946root 11241100x80000000000000003850712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2146ed36026b1c9b2021-12-22 11:47:22.946root 11241100x80000000000000003850713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ebe8d627bdf15c2021-12-22 11:47:22.946root 11241100x80000000000000003850714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85349b7870859e912021-12-22 11:47:22.946root 11241100x80000000000000003850715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d943c250141f002021-12-22 11:47:22.947root 11241100x80000000000000003850716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703675d54cf516732021-12-22 11:47:22.947root 11241100x80000000000000003850717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ab5e158c859db82021-12-22 11:47:22.947root 11241100x80000000000000003850718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6248a1ec26fb3ba82021-12-22 11:47:22.947root 11241100x80000000000000003850719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e939a5e1eaab17962021-12-22 11:47:22.947root 11241100x80000000000000003850720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4028ff03026f982f2021-12-22 11:47:22.948root 11241100x80000000000000003850721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e4a29a529c81492021-12-22 11:47:22.948root 11241100x80000000000000003850722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca31ea28f837c132021-12-22 11:47:22.948root 11241100x80000000000000003850723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f765756ef4544f02021-12-22 11:47:22.948root 11241100x80000000000000003850724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48fc6ea1a167f18b2021-12-22 11:47:22.948root 11241100x80000000000000003850725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc9d0d01974a2102021-12-22 11:47:22.948root 11241100x80000000000000003850726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfdf0b7294c25bda2021-12-22 11:47:23.443root 11241100x80000000000000003850727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9115f956aa3808182021-12-22 11:47:23.443root 11241100x80000000000000003850728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b38d2b4e501f9d1e2021-12-22 11:47:23.444root 11241100x80000000000000003850729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5bdf7d1ccebf5d52021-12-22 11:47:23.444root 11241100x80000000000000003850730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e274a00207235c2021-12-22 11:47:23.444root 11241100x80000000000000003850731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8682a17c3600092021-12-22 11:47:23.444root 11241100x80000000000000003850732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff15e73cfe69b822021-12-22 11:47:23.444root 11241100x80000000000000003850733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6cce9577da58c432021-12-22 11:47:23.444root 11241100x80000000000000003850734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4acb99cf4c2d36eb2021-12-22 11:47:23.444root 11241100x80000000000000003850735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7c30fdc276d6af2021-12-22 11:47:23.445root 11241100x80000000000000003850736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5d8e485f6a355d2021-12-22 11:47:23.445root 11241100x80000000000000003850737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c73dd2383fd5a62021-12-22 11:47:23.445root 11241100x80000000000000003850738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310c450fa9df20a22021-12-22 11:47:23.445root 11241100x80000000000000003850739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cee55300e27e3be2021-12-22 11:47:23.445root 11241100x80000000000000003850740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b4d2c7fb9536a22021-12-22 11:47:23.445root 11241100x80000000000000003850741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c41487a2bebef462021-12-22 11:47:23.445root 11241100x80000000000000003850742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0124698404da622021-12-22 11:47:23.446root 11241100x80000000000000003850743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca98bad58a3a34e2021-12-22 11:47:23.446root 11241100x80000000000000003850744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f556d40793ae54232021-12-22 11:47:23.446root 11241100x80000000000000003850745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f132524f553dafa2021-12-22 11:47:23.446root 11241100x80000000000000003850746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99045aebdfe69b4b2021-12-22 11:47:23.446root 11241100x80000000000000003850747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470443e1ad3bf9382021-12-22 11:47:23.446root 11241100x80000000000000003850748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c5ada3e38da7332021-12-22 11:47:23.447root 11241100x80000000000000003850749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0b78230aad5c602021-12-22 11:47:23.447root 11241100x80000000000000003850750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3bac975fcfebb292021-12-22 11:47:23.447root 11241100x80000000000000003850751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca35a6ff9fc5a012021-12-22 11:47:23.448root 11241100x80000000000000003850752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d3a7e9dc1741492021-12-22 11:47:23.448root 11241100x80000000000000003850753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799f5834629467382021-12-22 11:47:23.448root 23542300x80000000000000003850754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.504{ec2b6afe-1043-61c3-80c2-39ccb3550000}19067ubuntu/bin/nano/home/ubuntu/./.myfopen.c.swp--- 11241100x80000000000000003850755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.504{ec2b6afe-1043-61c3-80c2-39ccb3550000}19067/bin/nano/home/ubuntu/.myfopen.c.swp2021-12-22 11:47:23.504ubuntu 11241100x80000000000000003850756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be3526002e8012e2021-12-22 11:47:23.942root 11241100x80000000000000003850757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d70aa7da2e72ba2021-12-22 11:47:23.943root 11241100x80000000000000003850758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3cee8a599f7b092021-12-22 11:47:23.943root 11241100x80000000000000003850759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f7dc3a502113ee2021-12-22 11:47:23.943root 11241100x80000000000000003850760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4dd31df7945f082021-12-22 11:47:23.943root 11241100x80000000000000003850761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38973f584072f8712021-12-22 11:47:23.943root 11241100x80000000000000003850762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7672c35905d5bfb2021-12-22 11:47:23.943root 11241100x80000000000000003850763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c4e49d8699437e2021-12-22 11:47:23.944root 11241100x80000000000000003850764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42126bab6775fdfb2021-12-22 11:47:23.944root 11241100x80000000000000003850765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8245a929b1712e2021-12-22 11:47:23.944root 11241100x80000000000000003850766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d9f87432d590152021-12-22 11:47:23.944root 11241100x80000000000000003850767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473ff850d287c6f02021-12-22 11:47:23.944root 11241100x80000000000000003850768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd2896ade0162902021-12-22 11:47:23.944root 11241100x80000000000000003850769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c8e15633f76b4b2021-12-22 11:47:23.945root 11241100x80000000000000003850770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9d27b0f39870d72021-12-22 11:47:23.945root 11241100x80000000000000003850771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1fdda3b6b283632021-12-22 11:47:23.945root 11241100x80000000000000003850772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89a299361a0ed552021-12-22 11:47:23.945root 11241100x80000000000000003850773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60d35cd4a3e37752021-12-22 11:47:23.945root 11241100x80000000000000003850774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec3be8307b6fea72021-12-22 11:47:23.945root 11241100x80000000000000003850775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e68a171c3141162021-12-22 11:47:23.945root 11241100x80000000000000003850776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11816c502358468c2021-12-22 11:47:23.946root 11241100x80000000000000003850777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d1a0c6885c24ac2021-12-22 11:47:23.946root 11241100x80000000000000003850778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb550693c349bff2021-12-22 11:47:23.946root 11241100x80000000000000003850779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b45de4f95a700e42021-12-22 11:47:23.946root 11241100x80000000000000003850780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e199cf5a64bd91cd2021-12-22 11:47:23.946root 11241100x80000000000000003850781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3303ba444486d4ee2021-12-22 11:47:23.946root 11241100x80000000000000003850782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854ed662fa2655d12021-12-22 11:47:23.946root 11241100x80000000000000003850783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b331b86d1fa55102021-12-22 11:47:23.947root 11241100x80000000000000003850784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f561cfb51b45d62021-12-22 11:47:23.947root 11241100x80000000000000003850785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341ad37020b0f64d2021-12-22 11:47:23.947root 11241100x80000000000000003850786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcafc6c69beb08402021-12-22 11:47:23.947root 11241100x80000000000000003850787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a60a26e161072022021-12-22 11:47:23.947root 11241100x80000000000000003850788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a88f452e1a4be4c2021-12-22 11:47:23.947root 11241100x80000000000000003850789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab955e2d1138820b2021-12-22 11:47:23.948root 11241100x80000000000000003850790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:23.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671b2e7e7a0bdd942021-12-22 11:47:23.948root 11241100x80000000000000003850791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e67683d2c124ec72021-12-22 11:47:24.443root 11241100x80000000000000003850792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f3cd55a9c78cad2021-12-22 11:47:24.443root 11241100x80000000000000003850793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ea385d0a16360a2021-12-22 11:47:24.443root 11241100x80000000000000003850794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9adf8d6a1ede15d2021-12-22 11:47:24.443root 11241100x80000000000000003850795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613fc34338d1e4912021-12-22 11:47:24.444root 11241100x80000000000000003850796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfb455511fbed622021-12-22 11:47:24.444root 11241100x80000000000000003850797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c335e200d2f3884e2021-12-22 11:47:24.444root 11241100x80000000000000003850798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9426d55ba20fd86f2021-12-22 11:47:24.444root 11241100x80000000000000003850799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14146d377cf20c632021-12-22 11:47:24.444root 11241100x80000000000000003850800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a39554d7e3b4e32021-12-22 11:47:24.444root 11241100x80000000000000003850801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9761b4b417dcc32021-12-22 11:47:24.444root 11241100x80000000000000003850802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36414ff8ccae78b62021-12-22 11:47:24.444root 11241100x80000000000000003850803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f163d69f95f9893f2021-12-22 11:47:24.444root 11241100x80000000000000003850804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6f86f1135abf8d2021-12-22 11:47:24.444root 11241100x80000000000000003850805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1faa0a05a7dd3dd2021-12-22 11:47:24.444root 11241100x80000000000000003850806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe39553fc0daf6d2021-12-22 11:47:24.444root 11241100x80000000000000003850807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d4edec55aa4a892021-12-22 11:47:24.444root 11241100x80000000000000003850808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9685758c8e757c722021-12-22 11:47:24.444root 11241100x80000000000000003850809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729e640741a452bc2021-12-22 11:47:24.444root 11241100x80000000000000003850810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ec150fd3abe4a42021-12-22 11:47:24.444root 11241100x80000000000000003850811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190a62149bd627df2021-12-22 11:47:24.445root 11241100x80000000000000003850812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8f136fa9b2a41e2021-12-22 11:47:24.445root 11241100x80000000000000003850813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436b663e54abba5a2021-12-22 11:47:24.445root 11241100x80000000000000003850814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f921dba7c894680e2021-12-22 11:47:24.445root 11241100x80000000000000003850815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9d49edea83d77b2021-12-22 11:47:24.445root 11241100x80000000000000003850816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ebacc9f36dab1be2021-12-22 11:47:24.445root 11241100x80000000000000003850817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b94dc18e99100b72021-12-22 11:47:24.445root 11241100x80000000000000003850818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26566808e7b91e4e2021-12-22 11:47:24.445root 11241100x80000000000000003850819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1f133a86f23c212021-12-22 11:47:24.445root 11241100x80000000000000003850820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebedf6e4dcc4f6062021-12-22 11:47:24.445root 11241100x80000000000000003850821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e82cb0f2f1dcd7b2021-12-22 11:47:24.943root 11241100x80000000000000003850822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffb99b56ee430662021-12-22 11:47:24.943root 11241100x80000000000000003850823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a00b9fdd66a96a2021-12-22 11:47:24.943root 11241100x80000000000000003850824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d822118a5b244452021-12-22 11:47:24.943root 11241100x80000000000000003850825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64489ab9862ec9252021-12-22 11:47:24.943root 11241100x80000000000000003850826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed36589b2d445452021-12-22 11:47:24.943root 11241100x80000000000000003850827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1eeb3f48c678522021-12-22 11:47:24.943root 11241100x80000000000000003850828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e77900da8693cce2021-12-22 11:47:24.944root 11241100x80000000000000003850829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c75e76acac7b942021-12-22 11:47:24.944root 11241100x80000000000000003850830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f4c57881e0b5082021-12-22 11:47:24.944root 11241100x80000000000000003850831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466b86700a493f7e2021-12-22 11:47:24.944root 11241100x80000000000000003850832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6618232b2cf5752021-12-22 11:47:24.944root 11241100x80000000000000003850833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1779bd6b8c51f5dd2021-12-22 11:47:24.945root 11241100x80000000000000003850834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50145a248b3aa1402021-12-22 11:47:24.945root 11241100x80000000000000003850835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c70161b735c10982021-12-22 11:47:24.945root 11241100x80000000000000003850836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309ca0c8c1884d912021-12-22 11:47:24.945root 11241100x80000000000000003850837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b654d9a5720b902021-12-22 11:47:24.945root 11241100x80000000000000003850838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d8e0ee2e371f232021-12-22 11:47:24.946root 11241100x80000000000000003850839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b30f07925294bf2021-12-22 11:47:24.946root 11241100x80000000000000003850840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91086d748f22079d2021-12-22 11:47:24.946root 11241100x80000000000000003850841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a9255f6222d0cb2021-12-22 11:47:24.946root 11241100x80000000000000003850842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9a757875b9b5d32021-12-22 11:47:24.946root 11241100x80000000000000003850843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2cb9f99af660d3d2021-12-22 11:47:24.947root 11241100x80000000000000003850844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a583cc4ae8b8c4652021-12-22 11:47:24.947root 11241100x80000000000000003850845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22427cf32a5fc9902021-12-22 11:47:24.947root 11241100x80000000000000003850846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb0f45f415a66a82021-12-22 11:47:24.947root 11241100x80000000000000003850847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8548b9c2e3e2d4362021-12-22 11:47:24.947root 11241100x80000000000000003850848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ccdb6b9aaf2aeba2021-12-22 11:47:24.947root 11241100x80000000000000003850849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5333ae4b34c9c42021-12-22 11:47:24.947root 11241100x80000000000000003850850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69acc3c98dbf05e2021-12-22 11:47:24.948root 11241100x80000000000000003850851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0d4fa4ba010aad2021-12-22 11:47:24.948root 11241100x80000000000000003850852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d2e8757570616a2021-12-22 11:47:24.948root 11241100x80000000000000003850853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1009174e88f7b15b2021-12-22 11:47:24.948root 11241100x80000000000000003850854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40536eef654b1a502021-12-22 11:47:24.949root 11241100x80000000000000003850855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52c558f3e28376c2021-12-22 11:47:24.949root 11241100x80000000000000003850856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6443c970512bd9732021-12-22 11:47:24.949root 11241100x80000000000000003850857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943f002fb77ae8102021-12-22 11:47:24.949root 11241100x80000000000000003850858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac86b27ec41dfde82021-12-22 11:47:24.949root 11241100x80000000000000003850859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1418b54e14de67932021-12-22 11:47:24.949root 11241100x80000000000000003850860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a6b0cddc6cd3182021-12-22 11:47:24.949root 11241100x80000000000000003850861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f637238439047ff2021-12-22 11:47:24.949root 11241100x80000000000000003850862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:24.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b395b0e49bf9122021-12-22 11:47:24.950root 11241100x80000000000000003850863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6374825043e36cce2021-12-22 11:47:25.443root 11241100x80000000000000003850864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049fd26cd46416b32021-12-22 11:47:25.443root 11241100x80000000000000003850865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e067f769a6e6db22021-12-22 11:47:25.443root 11241100x80000000000000003850866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddceb4892f945c3a2021-12-22 11:47:25.443root 11241100x80000000000000003850867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0adae5af7dcd73c2021-12-22 11:47:25.443root 11241100x80000000000000003850868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceed21c3468f84e92021-12-22 11:47:25.443root 11241100x80000000000000003850869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4046aff4536d97ad2021-12-22 11:47:25.444root 11241100x80000000000000003850870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841c62aaf84209532021-12-22 11:47:25.444root 11241100x80000000000000003850871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbbb6b6273a2520f2021-12-22 11:47:25.444root 11241100x80000000000000003850872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3f55d81ce689f02021-12-22 11:47:25.444root 11241100x80000000000000003850873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97dcf6f6dbdb8cc22021-12-22 11:47:25.444root 11241100x80000000000000003850874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d9b92c7a0fafb02021-12-22 11:47:25.444root 11241100x80000000000000003850875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84bbdc4f300d1842021-12-22 11:47:25.444root 11241100x80000000000000003850876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9290785c546344db2021-12-22 11:47:25.444root 11241100x80000000000000003850877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da4827a5a22e5872021-12-22 11:47:25.444root 11241100x80000000000000003850878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7b8a516f4be6502021-12-22 11:47:25.444root 11241100x80000000000000003850879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1375b424b734f1ea2021-12-22 11:47:25.444root 11241100x80000000000000003850880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14be3451b71cf0e2021-12-22 11:47:25.445root 11241100x80000000000000003850881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48838d1ab75f25f82021-12-22 11:47:25.445root 11241100x80000000000000003850882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292335593b69bbf82021-12-22 11:47:25.445root 11241100x80000000000000003850883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa79fff0642368b2021-12-22 11:47:25.445root 11241100x80000000000000003850884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39ac465baae7d022021-12-22 11:47:25.445root 11241100x80000000000000003850885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d9f365b87a7dbf2021-12-22 11:47:25.445root 11241100x80000000000000003850886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e780e847cab2cc42021-12-22 11:47:25.446root 11241100x80000000000000003850887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490dbfc05484ad1f2021-12-22 11:47:25.446root 11241100x80000000000000003850888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89ffd03b698a0ae2021-12-22 11:47:25.446root 11241100x80000000000000003850889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece60e01bcbee1f42021-12-22 11:47:25.446root 11241100x80000000000000003850890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ebfc3cc93a746e2021-12-22 11:47:25.446root 11241100x80000000000000003850891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae270822d38e5ba2021-12-22 11:47:25.446root 11241100x80000000000000003850892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5d7aeedac074492021-12-22 11:47:25.446root 11241100x80000000000000003850893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae42dfc0831118fd2021-12-22 11:47:25.942root 11241100x80000000000000003850894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2011284fac6722672021-12-22 11:47:25.943root 11241100x80000000000000003850895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21552200069017682021-12-22 11:47:25.943root 11241100x80000000000000003850896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09d7cf5f6481d9e2021-12-22 11:47:25.943root 11241100x80000000000000003850897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c120d842143b9d2021-12-22 11:47:25.943root 11241100x80000000000000003850898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648e1665e64f663c2021-12-22 11:47:25.943root 11241100x80000000000000003850899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e297d4dd7356d03e2021-12-22 11:47:25.944root 11241100x80000000000000003850900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08c04dec69b1ba72021-12-22 11:47:25.944root 11241100x80000000000000003850901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f05c682274e5462021-12-22 11:47:25.944root 11241100x80000000000000003850902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa1f637a6e7a6942021-12-22 11:47:25.944root 11241100x80000000000000003850903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8eb0ae32b7d6e82021-12-22 11:47:25.944root 11241100x80000000000000003850904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f0cf58ec25f7412021-12-22 11:47:25.944root 11241100x80000000000000003850905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1984f3e18b1182362021-12-22 11:47:25.944root 11241100x80000000000000003850906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1b94479b83f4772021-12-22 11:47:25.945root 11241100x80000000000000003850907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f71dc9a237491812021-12-22 11:47:25.945root 11241100x80000000000000003850908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622ca578e2c8390c2021-12-22 11:47:25.945root 11241100x80000000000000003850909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e34a1c12608dcf2021-12-22 11:47:25.945root 11241100x80000000000000003850910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540650e7c01d44102021-12-22 11:47:25.945root 11241100x80000000000000003850911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca58a0c25a3b91d2021-12-22 11:47:25.945root 11241100x80000000000000003850912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bb9b72fcb7dfc82021-12-22 11:47:25.945root 11241100x80000000000000003850913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab270a610dad3de2021-12-22 11:47:25.946root 11241100x80000000000000003850914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5536e6923fd90cda2021-12-22 11:47:25.946root 11241100x80000000000000003850915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd86767cc06274e2021-12-22 11:47:25.946root 11241100x80000000000000003850916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1f0397f659bf3d2021-12-22 11:47:25.946root 11241100x80000000000000003850917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc75999d549e161d2021-12-22 11:47:25.946root 11241100x80000000000000003850918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0772b4ac14b23b2021-12-22 11:47:25.946root 11241100x80000000000000003850919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a611891cbf069a2a2021-12-22 11:47:25.947root 11241100x80000000000000003850920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164a15e81c2730962021-12-22 11:47:25.947root 11241100x80000000000000003850921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d1b656d25154092021-12-22 11:47:25.947root 11241100x80000000000000003850922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7bc2a6bf6657882021-12-22 11:47:25.947root 11241100x80000000000000003850923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5899c94ef17c972021-12-22 11:47:25.947root 11241100x80000000000000003850924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e982be46a0a777e2021-12-22 11:47:25.947root 11241100x80000000000000003850925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75f3234e4eed5842021-12-22 11:47:25.947root 11241100x80000000000000003850926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cee8528b8c05f312021-12-22 11:47:25.948root 11241100x80000000000000003850927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49fdf9027017616f2021-12-22 11:47:25.948root 11241100x80000000000000003850928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8555dda172a970cc2021-12-22 11:47:25.948root 11241100x80000000000000003850929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4a7331462cc4042021-12-22 11:47:25.948root 11241100x80000000000000003850930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd599793ecb4d4e2021-12-22 11:47:25.948root 11241100x80000000000000003850931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e8fea9e32b1b542021-12-22 11:47:25.948root 11241100x80000000000000003850932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7437ef10e1fd5092021-12-22 11:47:25.948root 11241100x80000000000000003850933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8bd1d3bed171da2021-12-22 11:47:25.948root 11241100x80000000000000003850934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931255f5ef7fe0772021-12-22 11:47:25.948root 11241100x80000000000000003850935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:25.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4da19d249abb7e42021-12-22 11:47:25.949root 11241100x80000000000000003850936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f83bef98b8165a2021-12-22 11:47:26.443root 11241100x80000000000000003850937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b31c342dda417c62021-12-22 11:47:26.443root 11241100x80000000000000003850938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffda9042a5ccd5cc2021-12-22 11:47:26.443root 11241100x80000000000000003850939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49bacde11778a73e2021-12-22 11:47:26.443root 11241100x80000000000000003850940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc01f086f9ff91c92021-12-22 11:47:26.443root 11241100x80000000000000003850941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91789d05aa8b6de92021-12-22 11:47:26.444root 11241100x80000000000000003850942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0feb3095eb849abf2021-12-22 11:47:26.444root 11241100x80000000000000003850943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4cebd391aca53e2021-12-22 11:47:26.444root 11241100x80000000000000003850944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a806c7d9e44fae2021-12-22 11:47:26.444root 11241100x80000000000000003850945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838ae9dd2c6979a32021-12-22 11:47:26.444root 11241100x80000000000000003850946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0084fc99f40c9d12021-12-22 11:47:26.444root 11241100x80000000000000003850947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b4ca25aa2788b82021-12-22 11:47:26.444root 11241100x80000000000000003850948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbb8d467cd649da2021-12-22 11:47:26.444root 11241100x80000000000000003850949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46750a6ce6e8d8fb2021-12-22 11:47:26.444root 11241100x80000000000000003850950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf51eed4a5820ec32021-12-22 11:47:26.444root 11241100x80000000000000003850951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53732c6fbe6251032021-12-22 11:47:26.445root 11241100x80000000000000003850952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06b13cfd4ad2f2f2021-12-22 11:47:26.445root 11241100x80000000000000003850953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfebdd3e8501fcd62021-12-22 11:47:26.445root 11241100x80000000000000003850954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48af08df42dda2e2021-12-22 11:47:26.445root 11241100x80000000000000003850955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42edb1755a95f2032021-12-22 11:47:26.445root 11241100x80000000000000003850956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e15cdad7809ccf82021-12-22 11:47:26.445root 11241100x80000000000000003850957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9232e84c68fd7d362021-12-22 11:47:26.445root 11241100x80000000000000003850958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913c575279eb9fa22021-12-22 11:47:26.445root 11241100x80000000000000003850959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28774f64443ddadb2021-12-22 11:47:26.445root 11241100x80000000000000003850960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e70249fef2f0322021-12-22 11:47:26.445root 11241100x80000000000000003850961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7bb5bb197a66df2021-12-22 11:47:26.446root 11241100x80000000000000003850962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e98404fda837bc2021-12-22 11:47:26.446root 11241100x80000000000000003850963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f996c81e611bdefe2021-12-22 11:47:26.446root 11241100x80000000000000003850964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c354a22557a91ff12021-12-22 11:47:26.446root 11241100x80000000000000003850965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e30254fd9dec34a2021-12-22 11:47:26.446root 11241100x80000000000000003850966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b36d61ecfad43cb2021-12-22 11:47:26.446root 11241100x80000000000000003850967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa95f628674424f2021-12-22 11:47:26.446root 11241100x80000000000000003850968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d366dd3a30d0da4c2021-12-22 11:47:26.446root 11241100x80000000000000003850969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381a3db4b5348f942021-12-22 11:47:26.447root 11241100x80000000000000003850970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a03d558448efd42021-12-22 11:47:26.447root 11241100x80000000000000003850971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d7d3d18dc1ba3c2021-12-22 11:47:26.447root 11241100x80000000000000003850972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4f2590c4d171482021-12-22 11:47:26.447root 11241100x80000000000000003850973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0896732d9230a5c92021-12-22 11:47:26.447root 11241100x80000000000000003850974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0031544cbf7d80d2021-12-22 11:47:26.447root 11241100x80000000000000003850975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0853eee9e4b27a42021-12-22 11:47:26.447root 11241100x80000000000000003850976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1bb619a512b20c2021-12-22 11:47:26.447root 11241100x80000000000000003850977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df86e8cd4cbb99d92021-12-22 11:47:26.943root 11241100x80000000000000003850978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ab01a9cee267f52021-12-22 11:47:26.944root 11241100x80000000000000003850979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4cfefa66388de1b2021-12-22 11:47:26.944root 11241100x80000000000000003850980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435bff287285f85a2021-12-22 11:47:26.944root 11241100x80000000000000003850981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f626f1a6407a032021-12-22 11:47:26.944root 11241100x80000000000000003850982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7d6e71ced1f4582021-12-22 11:47:26.944root 11241100x80000000000000003850983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d244666197728f822021-12-22 11:47:26.944root 11241100x80000000000000003850984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fac30122b647852021-12-22 11:47:26.945root 11241100x80000000000000003850985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6280f34fb00145af2021-12-22 11:47:26.945root 11241100x80000000000000003850986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1519da9a1fee6cc32021-12-22 11:47:26.945root 11241100x80000000000000003850987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7226ede07be078482021-12-22 11:47:26.945root 11241100x80000000000000003850988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2741c9e6ba7eddd42021-12-22 11:47:26.945root 11241100x80000000000000003850989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0306d3fbcfbeeb52021-12-22 11:47:26.945root 11241100x80000000000000003850990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725432b39c0833512021-12-22 11:47:26.945root 11241100x80000000000000003850991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7f36c192966b3e2021-12-22 11:47:26.945root 11241100x80000000000000003850992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43120bd699b230482021-12-22 11:47:26.945root 11241100x80000000000000003850993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67debde6e7fe4db2021-12-22 11:47:26.945root 11241100x80000000000000003850994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24a01ff23254bb52021-12-22 11:47:26.945root 11241100x80000000000000003850995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704aff993cf9d87c2021-12-22 11:47:26.945root 11241100x80000000000000003850996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df89027a9986ce482021-12-22 11:47:26.945root 11241100x80000000000000003850997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c209fc25672e62522021-12-22 11:47:26.945root 11241100x80000000000000003850998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dff097605c8f0c62021-12-22 11:47:26.945root 11241100x80000000000000003850999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de384bf7a69bc1a32021-12-22 11:47:26.946root 11241100x80000000000000003851000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1cd7f58330a42b2021-12-22 11:47:26.946root 11241100x80000000000000003851001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f39e7d4415efe12021-12-22 11:47:26.946root 11241100x80000000000000003851002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6d0438e846817f2021-12-22 11:47:26.946root 11241100x80000000000000003851003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0c13785879310f2021-12-22 11:47:26.946root 11241100x80000000000000003851004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2efc44c6fb94bd9b2021-12-22 11:47:26.946root 11241100x80000000000000003851005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119b5e2216f554882021-12-22 11:47:26.946root 11241100x80000000000000003851006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0df014da6c6a272021-12-22 11:47:26.946root 11241100x80000000000000003851007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899f63ceb2c7851e2021-12-22 11:47:26.946root 11241100x80000000000000003851008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03a21f1d0d0dcc22021-12-22 11:47:26.946root 11241100x80000000000000003851009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a30c5f52e1fa212021-12-22 11:47:26.946root 354300x80000000000000003851010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.040{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55456-false10.0.1.12-8000- 11241100x80000000000000003851011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d6380f48b3509a2021-12-22 11:47:27.443root 11241100x80000000000000003851012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508868ae78cb2f6d2021-12-22 11:47:27.443root 11241100x80000000000000003851013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fdb2fc3c6af6b662021-12-22 11:47:27.443root 11241100x80000000000000003851014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cffb8306ce5a0c42021-12-22 11:47:27.443root 11241100x80000000000000003851015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacebc4fba02f5e32021-12-22 11:47:27.443root 11241100x80000000000000003851016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb02e0926f79d3a32021-12-22 11:47:27.443root 11241100x80000000000000003851017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35684982540d84d22021-12-22 11:47:27.443root 11241100x80000000000000003851018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263ea62e215d1ddb2021-12-22 11:47:27.444root 11241100x80000000000000003851019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc67b2536d127c32021-12-22 11:47:27.444root 11241100x80000000000000003851020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223e6ca1ee941ee02021-12-22 11:47:27.444root 11241100x80000000000000003851021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96dc57e71deba6072021-12-22 11:47:27.444root 11241100x80000000000000003851022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f236d3d1e7da502021-12-22 11:47:27.444root 11241100x80000000000000003851023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6acdf011bef68e022021-12-22 11:47:27.444root 11241100x80000000000000003851024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f11587b781cda272021-12-22 11:47:27.445root 11241100x80000000000000003851025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b096baeb8eb08c502021-12-22 11:47:27.445root 11241100x80000000000000003851026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c0c93a076fe37d2021-12-22 11:47:27.445root 11241100x80000000000000003851027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a802f74c6bca5f2021-12-22 11:47:27.445root 11241100x80000000000000003851028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e21e40104af45d52021-12-22 11:47:27.451root 11241100x80000000000000003851029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a59f2d5225680f2021-12-22 11:47:27.451root 11241100x80000000000000003851030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92ab1419ba036a32021-12-22 11:47:27.451root 11241100x80000000000000003851031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001670400bcd3df02021-12-22 11:47:27.451root 11241100x80000000000000003851032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a888ce3e6552ecf22021-12-22 11:47:27.451root 11241100x80000000000000003851033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27cbd3312fdb1cc02021-12-22 11:47:27.452root 11241100x80000000000000003851034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c57e8167cf04fb5f2021-12-22 11:47:27.452root 11241100x80000000000000003851035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d607d326c6692fa62021-12-22 11:47:27.452root 11241100x80000000000000003851036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd524b2218781852021-12-22 11:47:27.452root 11241100x80000000000000003851037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76c72a20085be022021-12-22 11:47:27.452root 11241100x80000000000000003851038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba161d7a192d38b2021-12-22 11:47:27.452root 11241100x80000000000000003851039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbaa59e337296a5c2021-12-22 11:47:27.452root 11241100x80000000000000003851040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3230b1ba9ff2b8ae2021-12-22 11:47:27.452root 11241100x80000000000000003851041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26bcee2db3dba02f2021-12-22 11:47:27.452root 11241100x80000000000000003851042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68bb13c1a8c0fae62021-12-22 11:47:27.453root 11241100x80000000000000003851043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8db3b5bf0a873212021-12-22 11:47:27.453root 11241100x80000000000000003851044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d964236ee2c9453f2021-12-22 11:47:27.453root 11241100x80000000000000003851045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f510a68448c61b42021-12-22 11:47:27.453root 23542300x80000000000000003851046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.712{ec2b6afe-1043-61c3-80c2-39ccb3550000}19067ubuntu/bin/nano/home/ubuntu/./.myfopen.c.swp--- 534500x80000000000000003851047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.713{ec2b6afe-1043-61c3-80c2-39ccb3550000}19067/bin/nanoubuntu 11241100x80000000000000003851048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b316c1769b7dc12021-12-22 11:47:27.714root 11241100x80000000000000003851049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e502d60bcb5dd042021-12-22 11:47:27.714root 11241100x80000000000000003851050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25213df9d781c6b2021-12-22 11:47:27.714root 11241100x80000000000000003851051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081821a0a88db2e82021-12-22 11:47:27.714root 11241100x80000000000000003851052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb28d439d0e5496b2021-12-22 11:47:27.714root 11241100x80000000000000003851053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57aedc443ae02e9c2021-12-22 11:47:27.714root 11241100x80000000000000003851054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3cc71eb3bd148cb2021-12-22 11:47:27.714root 11241100x80000000000000003851055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cca7ec4e0be3b7f2021-12-22 11:47:27.714root 11241100x80000000000000003851056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb338ea9105ea0a2021-12-22 11:47:27.715root 11241100x80000000000000003851057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb1c03c6757fd182021-12-22 11:47:27.715root 11241100x80000000000000003851058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c616f91a7f262ea12021-12-22 11:47:27.715root 11241100x80000000000000003851059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e32d7a0c663ef92021-12-22 11:47:27.715root 11241100x80000000000000003851060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cef5556052ae3842021-12-22 11:47:27.715root 11241100x80000000000000003851061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61e3c459871af362021-12-22 11:47:27.715root 11241100x80000000000000003851062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b404a6b8960fb1f72021-12-22 11:47:27.715root 11241100x80000000000000003851063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0eb53bc94850e432021-12-22 11:47:27.715root 11241100x80000000000000003851064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbdb71fd9eb59ea72021-12-22 11:47:27.715root 11241100x80000000000000003851065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55801ec306cdce922021-12-22 11:47:27.716root 11241100x80000000000000003851066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1ba8ab2c6197bb2021-12-22 11:47:27.716root 11241100x80000000000000003851067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65fcb1dc31e37d172021-12-22 11:47:27.716root 11241100x80000000000000003851068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89349adbb1575b122021-12-22 11:47:27.716root 11241100x80000000000000003851069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557c113549f07cc12021-12-22 11:47:27.716root 11241100x80000000000000003851070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de98d9e67480d7cf2021-12-22 11:47:27.716root 11241100x80000000000000003851071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b03b4a48df135392021-12-22 11:47:27.716root 11241100x80000000000000003851072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b705adfaa090d362021-12-22 11:47:27.716root 11241100x80000000000000003851073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae5a73d2ee01ea32021-12-22 11:47:27.716root 11241100x80000000000000003851074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e378e038281e0a2021-12-22 11:47:27.717root 11241100x80000000000000003851075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b30cab71783ba3b2021-12-22 11:47:27.717root 11241100x80000000000000003851076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c9b8dc332d12de2021-12-22 11:47:27.717root 11241100x80000000000000003851077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2800a6d0c520d612021-12-22 11:47:27.717root 11241100x80000000000000003851078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6db2af9573de45d2021-12-22 11:47:27.717root 11241100x80000000000000003851079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1b57f9c85374352021-12-22 11:47:27.717root 11241100x80000000000000003851080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8989066b127c777f2021-12-22 11:47:27.718root 11241100x80000000000000003851081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a3e971f7d5076b2021-12-22 11:47:27.718root 11241100x80000000000000003851082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61aac9cdf08f32122021-12-22 11:47:27.718root 11241100x80000000000000003851083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c73289a5695e6e42021-12-22 11:47:27.718root 11241100x80000000000000003851084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7f2f23861379092021-12-22 11:47:27.718root 11241100x80000000000000003851085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82355389f8441b32021-12-22 11:47:27.718root 11241100x80000000000000003851086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa4664bf28ca0662021-12-22 11:47:27.719root 11241100x80000000000000003851087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a39f31e9d4063c2021-12-22 11:47:27.719root 11241100x80000000000000003851088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7c03f2a75a9b1f2021-12-22 11:47:27.719root 11241100x80000000000000003851089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b298a8bf1cdf20fa2021-12-22 11:47:27.722root 11241100x80000000000000003851090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c9ccd9addfec042021-12-22 11:47:27.722root 11241100x80000000000000003851091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf3cc4706de77382021-12-22 11:47:27.722root 11241100x80000000000000003851092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7599d1909360a3032021-12-22 11:47:27.723root 11241100x80000000000000003851093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467dbace2bdc8a9d2021-12-22 11:47:27.723root 11241100x80000000000000003851094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452b895b1f655e812021-12-22 11:47:27.723root 11241100x80000000000000003851095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4f370ff75d01c82021-12-22 11:47:27.723root 11241100x80000000000000003851096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cfa1928f6021d002021-12-22 11:47:27.723root 11241100x80000000000000003851097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92b64d4d1ed14b52021-12-22 11:47:27.724root 11241100x80000000000000003851098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268e552b786923662021-12-22 11:47:27.725root 11241100x80000000000000003851099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e781b4af3c8cf992021-12-22 11:47:27.725root 11241100x80000000000000003851100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5363d61497755812021-12-22 11:47:27.725root 11241100x80000000000000003851101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7879040eee7c36942021-12-22 11:47:27.725root 11241100x80000000000000003851102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc693860d20db212021-12-22 11:47:27.726root 11241100x80000000000000003851103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4fbf19f495670c22021-12-22 11:47:27.726root 11241100x80000000000000003851104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66dc0ff3b9ec8fd72021-12-22 11:47:27.726root 11241100x80000000000000003851105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8792d99ef4aac8ef2021-12-22 11:47:27.726root 11241100x80000000000000003851106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3520943e0e7e2bb02021-12-22 11:47:27.726root 11241100x80000000000000003851107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd658f3232e22852021-12-22 11:47:27.726root 11241100x80000000000000003851108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90207c1b20def0672021-12-22 11:47:27.726root 11241100x80000000000000003851109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d276b80d8222052021-12-22 11:47:27.726root 11241100x80000000000000003851110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd84953d995b64d02021-12-22 11:47:27.727root 11241100x80000000000000003851111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9ef5a0cde8a00d2021-12-22 11:47:27.727root 11241100x80000000000000003851112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62bb5d7bb3fb81e2021-12-22 11:47:27.727root 11241100x80000000000000003851113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ad7b4bebb16aa92021-12-22 11:47:27.727root 11241100x80000000000000003851114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c604394fa86476a72021-12-22 11:47:27.728root 11241100x80000000000000003851115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412c3c79bfc89ca42021-12-22 11:47:27.728root 11241100x80000000000000003851116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f8f594e9ee7c912021-12-22 11:47:27.728root 11241100x80000000000000003851117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800dd39de3673e4b2021-12-22 11:47:27.728root 11241100x80000000000000003851118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309e1a2abfe9bce72021-12-22 11:47:27.728root 11241100x80000000000000003851119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.729{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f852d5660c425d2021-12-22 11:47:27.729root 11241100x80000000000000003851120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.729{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429a2f2e484a68f82021-12-22 11:47:27.729root 11241100x80000000000000003851121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:27.729{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c54552c854dd7e12021-12-22 11:47:27.729root 11241100x80000000000000003851122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec4226a790559e22021-12-22 11:47:28.193root 11241100x80000000000000003851123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a697104e76f72d62021-12-22 11:47:28.193root 11241100x80000000000000003851124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688906fc91409e1f2021-12-22 11:47:28.193root 11241100x80000000000000003851125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3afdac5e379aefb92021-12-22 11:47:28.193root 11241100x80000000000000003851126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4603538a371d7b2021-12-22 11:47:28.193root 11241100x80000000000000003851127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6765bc6907655c772021-12-22 11:47:28.194root 11241100x80000000000000003851128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4380dea735fabb02021-12-22 11:47:28.194root 11241100x80000000000000003851129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceba3a65afd5543c2021-12-22 11:47:28.194root 11241100x80000000000000003851130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3571d1d73b98322021-12-22 11:47:28.194root 11241100x80000000000000003851131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5cf5e26e08572c22021-12-22 11:47:28.194root 11241100x80000000000000003851132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910bf5189e3c4a312021-12-22 11:47:28.195root 11241100x80000000000000003851133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e8873de562b74b2021-12-22 11:47:28.195root 11241100x80000000000000003851134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760e597521dcddae2021-12-22 11:47:28.195root 11241100x80000000000000003851135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4727a88c672c3abb2021-12-22 11:47:28.195root 11241100x80000000000000003851136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d442b7cdd0812dd2021-12-22 11:47:28.195root 11241100x80000000000000003851137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e90e914963ddb0d2021-12-22 11:47:28.195root 11241100x80000000000000003851138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b747b7823b0ae3c2021-12-22 11:47:28.195root 11241100x80000000000000003851139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a792088e2a60f542021-12-22 11:47:28.196root 11241100x80000000000000003851140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80c913816fccfd62021-12-22 11:47:28.196root 11241100x80000000000000003851141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d134cd100e0f6592021-12-22 11:47:28.196root 11241100x80000000000000003851142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7363dd59a1c1422021-12-22 11:47:28.196root 11241100x80000000000000003851143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327953f274b842f02021-12-22 11:47:28.196root 11241100x80000000000000003851144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba9ba3e2f5f1ca32021-12-22 11:47:28.196root 11241100x80000000000000003851145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83e66bcf27fe10d2021-12-22 11:47:28.196root 11241100x80000000000000003851146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbbfe003bab234b92021-12-22 11:47:28.196root 11241100x80000000000000003851147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5bf71924606401c2021-12-22 11:47:28.196root 11241100x80000000000000003851148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee93c8acf8497d8a2021-12-22 11:47:28.197root 11241100x80000000000000003851149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7294e11429abd12021-12-22 11:47:28.197root 11241100x80000000000000003851150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9de64516f544ef22021-12-22 11:47:28.197root 11241100x80000000000000003851151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e9bb309f735d062021-12-22 11:47:28.197root 11241100x80000000000000003851152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dec1f19c1f3a8862021-12-22 11:47:28.197root 11241100x80000000000000003851153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b653a0a8bc4ce22021-12-22 11:47:28.197root 11241100x80000000000000003851154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08f4f09a60b3bf22021-12-22 11:47:28.197root 11241100x80000000000000003851155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c9d66dc0e4ebd72021-12-22 11:47:28.197root 11241100x80000000000000003851156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0daf83545845b64d2021-12-22 11:47:28.197root 11241100x80000000000000003851157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b079e5c4b3ce6112021-12-22 11:47:28.197root 11241100x80000000000000003851158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f2406af432ec292021-12-22 11:47:28.198root 11241100x80000000000000003851159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21139d21997181cf2021-12-22 11:47:28.198root 11241100x80000000000000003851160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f155154d415174c82021-12-22 11:47:28.198root 11241100x80000000000000003851161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a8515f73b0ff082021-12-22 11:47:28.198root 11241100x80000000000000003851162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9ed115d7b605c92021-12-22 11:47:28.198root 11241100x80000000000000003851163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a2ae2aa6dadec22021-12-22 11:47:28.198root 11241100x80000000000000003851164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579e303d43d64daa2021-12-22 11:47:28.198root 11241100x80000000000000003851165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103315f665b0097d2021-12-22 11:47:28.198root 11241100x80000000000000003851166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf0c042a76123c62021-12-22 11:47:28.199root 11241100x80000000000000003851167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50feec2cc56c67f2021-12-22 11:47:28.199root 11241100x80000000000000003851168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2076e2c20530bb2021-12-22 11:47:28.199root 11241100x80000000000000003851169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b81a118b7ac81ff2021-12-22 11:47:28.199root 11241100x80000000000000003851170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51a0fe3b0eef5f12021-12-22 11:47:28.199root 11241100x80000000000000003851171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2522e3bc293d7a2021-12-22 11:47:28.199root 11241100x80000000000000003851172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a13fabee994c4992021-12-22 11:47:28.200root 11241100x80000000000000003851173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c98fe3c249602f52021-12-22 11:47:28.200root 11241100x80000000000000003851174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9d41720a46ce5c2021-12-22 11:47:28.200root 11241100x80000000000000003851175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2437b033f52bbc22021-12-22 11:47:28.201root 11241100x80000000000000003851176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51beaae31bb7ef6d2021-12-22 11:47:28.201root 11241100x80000000000000003851177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f9937e53a2a52d2021-12-22 11:47:28.201root 11241100x80000000000000003851178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6315eb3595e1ce0a2021-12-22 11:47:28.201root 11241100x80000000000000003851179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d858be91901d01f12021-12-22 11:47:28.201root 11241100x80000000000000003851180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0f3a4b6af315c92021-12-22 11:47:28.201root 11241100x80000000000000003851181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41b7498a14ed80e2021-12-22 11:47:28.202root 11241100x80000000000000003851182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906903faf830c5bb2021-12-22 11:47:28.202root 11241100x80000000000000003851183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fbe88a206b2aa162021-12-22 11:47:28.202root 11241100x80000000000000003851184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22375abc8a4243872021-12-22 11:47:28.202root 11241100x80000000000000003851185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba92cde0ed50cae42021-12-22 11:47:28.202root 11241100x80000000000000003851186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1189404e4908cc8d2021-12-22 11:47:28.202root 11241100x80000000000000003851187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86cdda3196ce80db2021-12-22 11:47:28.203root 11241100x80000000000000003851188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6fbc181ac5a8c4d2021-12-22 11:47:28.203root 11241100x80000000000000003851189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4ce9576bdb753d2021-12-22 11:47:28.203root 11241100x80000000000000003851190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725e50a7365f2a252021-12-22 11:47:28.203root 11241100x80000000000000003851191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3a67f3a85a8f082021-12-22 11:47:28.204root 11241100x80000000000000003851192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5f56468fc4a6be2021-12-22 11:47:28.204root 11241100x80000000000000003851193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa76925fe9f6b5ee2021-12-22 11:47:28.204root 11241100x80000000000000003851194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd011639891fa1292021-12-22 11:47:28.204root 11241100x80000000000000003851195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e4fb615a97f5872021-12-22 11:47:28.204root 11241100x80000000000000003851196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a70f6ebdd9177f2021-12-22 11:47:28.204root 11241100x80000000000000003851197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20da3669def74ff32021-12-22 11:47:28.204root 11241100x80000000000000003851198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815a7fb3b12fa31f2021-12-22 11:47:28.204root 11241100x80000000000000003851199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f188eb90a44cf0112021-12-22 11:47:28.693root 11241100x80000000000000003851200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de06b5b8913e6bfe2021-12-22 11:47:28.693root 11241100x80000000000000003851201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1844bb2a5bd1ff4e2021-12-22 11:47:28.694root 11241100x80000000000000003851202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14850833814196972021-12-22 11:47:28.694root 11241100x80000000000000003851203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb92d42175ab470c2021-12-22 11:47:28.694root 11241100x80000000000000003851204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6f0076a7e8540b2021-12-22 11:47:28.694root 11241100x80000000000000003851205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de477e92a1ec4b6a2021-12-22 11:47:28.695root 11241100x80000000000000003851206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb247967f317dbef2021-12-22 11:47:28.695root 11241100x80000000000000003851207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611ec402caeab4fc2021-12-22 11:47:28.695root 11241100x80000000000000003851208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b7c59b06d3b3e42021-12-22 11:47:28.695root 11241100x80000000000000003851209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54238f9198bcf3fb2021-12-22 11:47:28.695root 11241100x80000000000000003851210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245cf94b2ddc4a752021-12-22 11:47:28.696root 11241100x80000000000000003851211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f3ac0042e3d4602021-12-22 11:47:28.696root 11241100x80000000000000003851212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa72713f7d0cd442021-12-22 11:47:28.697root 11241100x80000000000000003851213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef8752eb2ccd6182021-12-22 11:47:28.697root 11241100x80000000000000003851214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fddf7acb6c8f3682021-12-22 11:47:28.698root 11241100x80000000000000003851215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761a56ed78ffdbae2021-12-22 11:47:28.698root 11241100x80000000000000003851216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef172c3ee1e7f4cc2021-12-22 11:47:28.698root 11241100x80000000000000003851217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d5a206ef7e06bc2021-12-22 11:47:28.698root 11241100x80000000000000003851218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45323c5d122f0242021-12-22 11:47:28.698root 11241100x80000000000000003851219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347b8feaf310f8652021-12-22 11:47:28.698root 11241100x80000000000000003851220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35210438a2672a792021-12-22 11:47:28.699root 11241100x80000000000000003851221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1212c021a9ba9652021-12-22 11:47:28.699root 11241100x80000000000000003851222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9049adda98d07d2021-12-22 11:47:28.699root 11241100x80000000000000003851223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9869c9ed4e33d8d52021-12-22 11:47:28.699root 11241100x80000000000000003851224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0493f83894a881212021-12-22 11:47:28.699root 11241100x80000000000000003851225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bea3b12a25a7f62021-12-22 11:47:28.699root 11241100x80000000000000003851226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3be29c1e1933e072021-12-22 11:47:28.699root 11241100x80000000000000003851227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4ddb670fe291802021-12-22 11:47:28.699root 11241100x80000000000000003851228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e068b352abd2362021-12-22 11:47:28.700root 11241100x80000000000000003851229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f2a66487117b642021-12-22 11:47:28.700root 11241100x80000000000000003851230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d3daa797f57fe62021-12-22 11:47:28.700root 11241100x80000000000000003851231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9357aa4f8e66f72d2021-12-22 11:47:28.700root 11241100x80000000000000003851232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59c816853fb1dda2021-12-22 11:47:28.700root 11241100x80000000000000003851233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc26b3de14f84c342021-12-22 11:47:28.700root 11241100x80000000000000003851234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f3a6e51d272e3a2021-12-22 11:47:28.700root 11241100x80000000000000003851235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664d441bbe9487142021-12-22 11:47:28.700root 11241100x80000000000000003851236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81707f2de6a49b292021-12-22 11:47:28.700root 11241100x80000000000000003851237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960749be31aebc182021-12-22 11:47:28.700root 11241100x80000000000000003851238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4517553779005d2a2021-12-22 11:47:28.700root 11241100x80000000000000003851239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3939693c42cf5732021-12-22 11:47:28.701root 11241100x80000000000000003851240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bebf9ac3eaee4c12021-12-22 11:47:28.701root 11241100x80000000000000003851241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:28.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27e5a12cd253ea12021-12-22 11:47:28.701root 11241100x80000000000000003851242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d3ca93534f9a742021-12-22 11:47:29.193root 11241100x80000000000000003851243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06d0f61f02d88e72021-12-22 11:47:29.193root 11241100x80000000000000003851244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a674b8c6e25956b22021-12-22 11:47:29.193root 11241100x80000000000000003851245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ee95d711875ae62021-12-22 11:47:29.193root 11241100x80000000000000003851246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580ad3ee15a6f96b2021-12-22 11:47:29.193root 11241100x80000000000000003851247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ae1b19bcbd3d3c2021-12-22 11:47:29.193root 11241100x80000000000000003851248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7580643d1df6a0b42021-12-22 11:47:29.194root 11241100x80000000000000003851249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e171b510ab2ee5f2021-12-22 11:47:29.194root 11241100x80000000000000003851250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3986963814629b2021-12-22 11:47:29.194root 11241100x80000000000000003851251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e345aeb7bda057252021-12-22 11:47:29.194root 11241100x80000000000000003851252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815170423c25fc632021-12-22 11:47:29.194root 11241100x80000000000000003851253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e67cdd085a0ce5a2021-12-22 11:47:29.194root 11241100x80000000000000003851254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5f12bebd1aa0c42021-12-22 11:47:29.194root 11241100x80000000000000003851255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378b2b4b7c194d9b2021-12-22 11:47:29.195root 11241100x80000000000000003851256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c4c38d87f021052021-12-22 11:47:29.195root 11241100x80000000000000003851257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d99bb1b799c9322021-12-22 11:47:29.196root 11241100x80000000000000003851258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71ed4b9b8d261dc2021-12-22 11:47:29.196root 11241100x80000000000000003851259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a127b73bf8629d02021-12-22 11:47:29.196root 11241100x80000000000000003851260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4424a2dbbf489d82021-12-22 11:47:29.196root 11241100x80000000000000003851261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dbc73a18ad48f292021-12-22 11:47:29.196root 11241100x80000000000000003851262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52db646a62d29cfc2021-12-22 11:47:29.197root 11241100x80000000000000003851263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379244da2335eea92021-12-22 11:47:29.197root 11241100x80000000000000003851264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f98f72d459256f2021-12-22 11:47:29.197root 11241100x80000000000000003851265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83be671e63c418c92021-12-22 11:47:29.197root 11241100x80000000000000003851266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c93bd7508306fc92021-12-22 11:47:29.197root 11241100x80000000000000003851267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671853355bba5e112021-12-22 11:47:29.197root 11241100x80000000000000003851268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da772f21d207d95f2021-12-22 11:47:29.197root 11241100x80000000000000003851269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f1b865e1889cbf2021-12-22 11:47:29.197root 11241100x80000000000000003851270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02b6af5dd023e212021-12-22 11:47:29.198root 11241100x80000000000000003851271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b4ab7194eb777b2021-12-22 11:47:29.198root 11241100x80000000000000003851272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6b5706df9841e12021-12-22 11:47:29.198root 11241100x80000000000000003851273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb2fe6e5c16909a2021-12-22 11:47:29.198root 11241100x80000000000000003851274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d022cb76ba7f7c2021-12-22 11:47:29.198root 11241100x80000000000000003851275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a31bdd174cd1edf2021-12-22 11:47:29.198root 11241100x80000000000000003851276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af69ccb8b6cacad2021-12-22 11:47:29.198root 11241100x80000000000000003851277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed8c2557af78d702021-12-22 11:47:29.198root 11241100x80000000000000003851278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe3c6b7371a78e12021-12-22 11:47:29.199root 11241100x80000000000000003851279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea7aa35d22a33282021-12-22 11:47:29.199root 11241100x80000000000000003851280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e130b5fad929c5862021-12-22 11:47:29.199root 11241100x80000000000000003851281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a15caebc93bd8c12021-12-22 11:47:29.199root 11241100x80000000000000003851282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f403bebdf276dd82021-12-22 11:47:29.200root 11241100x80000000000000003851283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c36ada250548592021-12-22 11:47:29.200root 11241100x80000000000000003851284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e1cd13f27721a22021-12-22 11:47:29.200root 11241100x80000000000000003851285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd235fc70050079e2021-12-22 11:47:29.200root 11241100x80000000000000003851286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f6da1b511e41592021-12-22 11:47:29.200root 11241100x80000000000000003851287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb3db07a62dd0c72021-12-22 11:47:29.200root 11241100x80000000000000003851288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a79baed3cbf36292021-12-22 11:47:29.200root 11241100x80000000000000003851289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0f8991f6de9aed2021-12-22 11:47:29.201root 11241100x80000000000000003851290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca97e475331ebfd2021-12-22 11:47:29.201root 11241100x80000000000000003851291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d32eec87a59b822021-12-22 11:47:29.201root 11241100x80000000000000003851292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9b9297d3a678e02021-12-22 11:47:29.693root 11241100x80000000000000003851293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bda5f51044f77ce2021-12-22 11:47:29.693root 11241100x80000000000000003851294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5498d909737b0c6c2021-12-22 11:47:29.693root 11241100x80000000000000003851295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef1c15a25a3eca32021-12-22 11:47:29.693root 11241100x80000000000000003851296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e563330d81a0c1e62021-12-22 11:47:29.693root 11241100x80000000000000003851297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3f42b561bc521a2021-12-22 11:47:29.693root 11241100x80000000000000003851298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d50a0a79d0333292021-12-22 11:47:29.693root 11241100x80000000000000003851299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b9f8dbf87dcdfa2021-12-22 11:47:29.694root 11241100x80000000000000003851300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9a2b670462d10d2021-12-22 11:47:29.694root 11241100x80000000000000003851301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811bacfb10518dab2021-12-22 11:47:29.694root 11241100x80000000000000003851302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50a1465ea66fea02021-12-22 11:47:29.694root 11241100x80000000000000003851303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7062a53a920a58ae2021-12-22 11:47:29.694root 11241100x80000000000000003851304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200cdaefcaea34f52021-12-22 11:47:29.694root 11241100x80000000000000003851305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb2a69cdb278f512021-12-22 11:47:29.694root 11241100x80000000000000003851306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c286db909107df42021-12-22 11:47:29.695root 11241100x80000000000000003851307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cea8ce909ad79392021-12-22 11:47:29.695root 11241100x80000000000000003851308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95897c5aa111b4c52021-12-22 11:47:29.695root 11241100x80000000000000003851309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51ec21ab95611db2021-12-22 11:47:29.695root 11241100x80000000000000003851310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f3e77b1656a13e2021-12-22 11:47:29.695root 11241100x80000000000000003851311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1793cfdf07647fae2021-12-22 11:47:29.695root 11241100x80000000000000003851312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55cede24e1c1c3612021-12-22 11:47:29.695root 11241100x80000000000000003851313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37801ce219624bfd2021-12-22 11:47:29.695root 11241100x80000000000000003851314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1042356ae56d84522021-12-22 11:47:29.695root 11241100x80000000000000003851315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c0505d3b6b49c92021-12-22 11:47:29.695root 11241100x80000000000000003851316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a239dc5a85dab62021-12-22 11:47:29.695root 11241100x80000000000000003851317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64383cd6b17a78012021-12-22 11:47:29.696root 11241100x80000000000000003851318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9656f31b6199b22021-12-22 11:47:29.696root 11241100x80000000000000003851319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b2a4d61771dece2021-12-22 11:47:29.696root 11241100x80000000000000003851320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bcdad9072ab0fc22021-12-22 11:47:29.696root 11241100x80000000000000003851321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b29b306a668d402021-12-22 11:47:29.696root 11241100x80000000000000003851322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28548169394141572021-12-22 11:47:29.696root 11241100x80000000000000003851323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008f69afca0e147b2021-12-22 11:47:29.696root 11241100x80000000000000003851324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf03b493cd6341b2021-12-22 11:47:29.696root 11241100x80000000000000003851325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76dc20cccf25eba2021-12-22 11:47:29.697root 11241100x80000000000000003851326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1b90ec72151ed02021-12-22 11:47:29.697root 11241100x80000000000000003851327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0d6127faaa721e2021-12-22 11:47:29.698root 11241100x80000000000000003851328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9983d23c7ed3268b2021-12-22 11:47:29.698root 11241100x80000000000000003851329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f004fa460528d88b2021-12-22 11:47:29.698root 11241100x80000000000000003851330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72fdabff33b3b23f2021-12-22 11:47:29.699root 11241100x80000000000000003851331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a97eece7e624282021-12-22 11:47:29.699root 11241100x80000000000000003851332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd4393dea78c86b2021-12-22 11:47:29.699root 11241100x80000000000000003851333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a16e9b5da0293f2021-12-22 11:47:29.699root 11241100x80000000000000003851334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81fce76a70e0e612021-12-22 11:47:29.699root 11241100x80000000000000003851335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09fc5741f29ecc642021-12-22 11:47:29.699root 11241100x80000000000000003851336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9bc328f6f2b4f802021-12-22 11:47:29.700root 11241100x80000000000000003851337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd7f58c9f6684d22021-12-22 11:47:29.700root 11241100x80000000000000003851338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d41ae4eb7b41932021-12-22 11:47:29.700root 11241100x80000000000000003851339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8b17d4d48a153b2021-12-22 11:47:29.700root 11241100x80000000000000003851340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918b37cfeb74acf52021-12-22 11:47:29.700root 11241100x80000000000000003851341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8645e631c202774e2021-12-22 11:47:29.700root 11241100x80000000000000003851342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9289d7464352d0c22021-12-22 11:47:29.700root 11241100x80000000000000003851343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e95fd238c8d43602021-12-22 11:47:29.701root 11241100x80000000000000003851344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4e5d1e4338d3a32021-12-22 11:47:29.701root 11241100x80000000000000003851345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32164580d9da7062021-12-22 11:47:29.701root 11241100x80000000000000003851346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2ecd822dc8973c2021-12-22 11:47:29.701root 11241100x80000000000000003851347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb48cb5b16969f82021-12-22 11:47:29.701root 11241100x80000000000000003851348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e62c4247ed18362021-12-22 11:47:29.701root 11241100x80000000000000003851349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6965d84eabeacc2f2021-12-22 11:47:29.701root 11241100x80000000000000003851350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5507951b011631492021-12-22 11:47:29.701root 11241100x80000000000000003851351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5d34a900db561a2021-12-22 11:47:29.701root 11241100x80000000000000003851352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96502c0ece2b72302021-12-22 11:47:29.702root 11241100x80000000000000003851353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830218683826be292021-12-22 11:47:29.702root 11241100x80000000000000003851354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdcc159d088499c02021-12-22 11:47:29.703root 11241100x80000000000000003851355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ba4284f09b6dd82021-12-22 11:47:29.703root 11241100x80000000000000003851356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e2bd601c8a5b032021-12-22 11:47:29.704root 11241100x80000000000000003851357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad95dc14ab358692021-12-22 11:47:29.704root 11241100x80000000000000003851358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b44cfe5285a90a2021-12-22 11:47:29.704root 11241100x80000000000000003851359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8979dc796a9525db2021-12-22 11:47:29.704root 11241100x80000000000000003851360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d801948241cc55762021-12-22 11:47:29.704root 11241100x80000000000000003851361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a0511543c12e042021-12-22 11:47:29.704root 11241100x80000000000000003851362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:29.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa919fdf43636dc62021-12-22 11:47:29.704root 11241100x80000000000000003851363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8782d86730be23482021-12-22 11:47:30.193root 11241100x80000000000000003851364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574d926379f17f822021-12-22 11:47:30.193root 11241100x80000000000000003851365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6c8fec2db6382e2021-12-22 11:47:30.193root 11241100x80000000000000003851366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806b8927d8d3374b2021-12-22 11:47:30.193root 11241100x80000000000000003851367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d969a907f0397f602021-12-22 11:47:30.193root 11241100x80000000000000003851368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa4fc99146fe0042021-12-22 11:47:30.194root 11241100x80000000000000003851369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1c6e4de0ac22c12021-12-22 11:47:30.194root 11241100x80000000000000003851370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a43027968fb4592021-12-22 11:47:30.194root 11241100x80000000000000003851371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd44326dd230f87d2021-12-22 11:47:30.194root 11241100x80000000000000003851372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dded40d8f6ffabec2021-12-22 11:47:30.194root 11241100x80000000000000003851373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1be2938fe271052021-12-22 11:47:30.194root 11241100x80000000000000003851374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9996c140455ee342021-12-22 11:47:30.194root 11241100x80000000000000003851375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74c7ae8d44cf4092021-12-22 11:47:30.195root 11241100x80000000000000003851376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832b7bf6aba736992021-12-22 11:47:30.195root 11241100x80000000000000003851377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631d0d7d35f855a42021-12-22 11:47:30.195root 11241100x80000000000000003851378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526780e05fc6f47a2021-12-22 11:47:30.195root 11241100x80000000000000003851379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86cb3472555faafb2021-12-22 11:47:30.195root 11241100x80000000000000003851380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5dbc04c2ab86c512021-12-22 11:47:30.195root 11241100x80000000000000003851381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a786a7deb02f53db2021-12-22 11:47:30.195root 11241100x80000000000000003851382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a422127553987a3f2021-12-22 11:47:30.196root 11241100x80000000000000003851383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7bd385d8dec7342021-12-22 11:47:30.196root 11241100x80000000000000003851384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7afe554a425bd29e2021-12-22 11:47:30.196root 11241100x80000000000000003851385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4c1d715df90e202021-12-22 11:47:30.196root 11241100x80000000000000003851386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761419a72a8f6fd82021-12-22 11:47:30.196root 11241100x80000000000000003851387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f108862f78131e32021-12-22 11:47:30.196root 11241100x80000000000000003851388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de504c0dbedb646c2021-12-22 11:47:30.197root 11241100x80000000000000003851389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc14cfc27c5d9cb92021-12-22 11:47:30.197root 11241100x80000000000000003851390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6deea9834ab28c1b2021-12-22 11:47:30.197root 11241100x80000000000000003851391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebf38c1bf0793d02021-12-22 11:47:30.197root 11241100x80000000000000003851392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f846dbe9152aa92021-12-22 11:47:30.197root 11241100x80000000000000003851393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723a51a6c07ffcf62021-12-22 11:47:30.197root 11241100x80000000000000003851394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dddd70d14bdaf5562021-12-22 11:47:30.198root 11241100x80000000000000003851395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d301a037e6a6532021-12-22 11:47:30.198root 11241100x80000000000000003851396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059a8d2ee668ce412021-12-22 11:47:30.198root 11241100x80000000000000003851397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5c3afe6980b7b12021-12-22 11:47:30.198root 11241100x80000000000000003851398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b5e900958d02932021-12-22 11:47:30.199root 11241100x80000000000000003851399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b98ed88858d0ba82021-12-22 11:47:30.199root 11241100x80000000000000003851400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6006bf76fbcc96f62021-12-22 11:47:30.199root 11241100x80000000000000003851401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3540d4fb8a1a532021-12-22 11:47:30.199root 11241100x80000000000000003851402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340204b23fe0b6792021-12-22 11:47:30.199root 11241100x80000000000000003851403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b993ecad9bb614b42021-12-22 11:47:30.199root 11241100x80000000000000003851404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e904c3c9cd8adde2021-12-22 11:47:30.199root 11241100x80000000000000003851405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1030d04ada226742021-12-22 11:47:30.200root 11241100x80000000000000003851406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813fe1c76bbefe9f2021-12-22 11:47:30.200root 11241100x80000000000000003851407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b8a6e8a8e0eb522021-12-22 11:47:30.200root 11241100x80000000000000003851408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f9e845da72f3132021-12-22 11:47:30.200root 11241100x80000000000000003851409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c60fd85faf809382021-12-22 11:47:30.200root 11241100x80000000000000003851410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826a9d25dde273592021-12-22 11:47:30.200root 11241100x80000000000000003851411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95bd5a2d90df1ecc2021-12-22 11:47:30.201root 11241100x80000000000000003851412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676f9f9e8973e4bf2021-12-22 11:47:30.201root 11241100x80000000000000003851413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410ab870350886042021-12-22 11:47:30.201root 11241100x80000000000000003851414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f68ddcf912568172021-12-22 11:47:30.693root 11241100x80000000000000003851415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f848c42c365316e2021-12-22 11:47:30.693root 11241100x80000000000000003851416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756891218e7f03012021-12-22 11:47:30.694root 11241100x80000000000000003851417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525058e7c980b1222021-12-22 11:47:30.694root 11241100x80000000000000003851418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e39bef345ac7942021-12-22 11:47:30.694root 11241100x80000000000000003851419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca37a16df47e8692021-12-22 11:47:30.694root 11241100x80000000000000003851420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae995da94c6f1932021-12-22 11:47:30.694root 11241100x80000000000000003851421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc86119b05f8b442021-12-22 11:47:30.694root 11241100x80000000000000003851422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebcc6891ad8cde1e2021-12-22 11:47:30.694root 11241100x80000000000000003851423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c98a478dd77e3042021-12-22 11:47:30.694root 11241100x80000000000000003851424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10960bc46f2ed7a2021-12-22 11:47:30.694root 11241100x80000000000000003851425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9f03a06345877a2021-12-22 11:47:30.694root 11241100x80000000000000003851426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b9f75f3a80c7c82021-12-22 11:47:30.694root 11241100x80000000000000003851427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96385288adc60f332021-12-22 11:47:30.695root 11241100x80000000000000003851428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42aafce634a6e36c2021-12-22 11:47:30.695root 11241100x80000000000000003851429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b66542533fe4af12021-12-22 11:47:30.695root 11241100x80000000000000003851430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60cc804f56350c822021-12-22 11:47:30.695root 11241100x80000000000000003851431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748ea8f45ee9a6df2021-12-22 11:47:30.695root 11241100x80000000000000003851432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f4731b57d63a3f2021-12-22 11:47:30.695root 11241100x80000000000000003851433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a87064990ced41122021-12-22 11:47:30.695root 11241100x80000000000000003851434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114fbc77a46058c72021-12-22 11:47:30.696root 11241100x80000000000000003851435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c36fa375d009a02021-12-22 11:47:30.696root 11241100x80000000000000003851436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168654689cb7519f2021-12-22 11:47:30.696root 11241100x80000000000000003851437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b09606a46da5bc52021-12-22 11:47:30.696root 11241100x80000000000000003851438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f73e7905bdb686c2021-12-22 11:47:30.696root 11241100x80000000000000003851439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34fa5b6db7705c092021-12-22 11:47:30.696root 11241100x80000000000000003851440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c443253ea49f0e2021-12-22 11:47:30.696root 11241100x80000000000000003851441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0234a332acce3e2021-12-22 11:47:30.697root 11241100x80000000000000003851442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad35dc0dde228592021-12-22 11:47:30.697root 11241100x80000000000000003851443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c724bf13b0b33c82021-12-22 11:47:30.697root 11241100x80000000000000003851444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9bbed330fae871a2021-12-22 11:47:30.697root 11241100x80000000000000003851445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a543137cb3c076c2021-12-22 11:47:30.697root 11241100x80000000000000003851446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2935388a1aa7b2db2021-12-22 11:47:30.697root 11241100x80000000000000003851447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03902d371e179cb62021-12-22 11:47:30.697root 11241100x80000000000000003851448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6609cc90212b9f222021-12-22 11:47:31.193root 11241100x80000000000000003851449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22de2853490c5002021-12-22 11:47:31.193root 11241100x80000000000000003851450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ea94ccd98adb5c2021-12-22 11:47:31.193root 11241100x80000000000000003851451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2ade2ede6ac5042021-12-22 11:47:31.193root 11241100x80000000000000003851452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fbb987c8f26ccba2021-12-22 11:47:31.193root 11241100x80000000000000003851453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d6a921f87847912021-12-22 11:47:31.193root 11241100x80000000000000003851454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7292adc1b1519e0a2021-12-22 11:47:31.194root 11241100x80000000000000003851455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec47f9cb6770dc422021-12-22 11:47:31.194root 11241100x80000000000000003851456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0faf873f8f4038c2021-12-22 11:47:31.194root 11241100x80000000000000003851457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4baef396f609adc52021-12-22 11:47:31.194root 11241100x80000000000000003851458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8acb7815874b0e0f2021-12-22 11:47:31.194root 11241100x80000000000000003851459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2591835948db382021-12-22 11:47:31.194root 11241100x80000000000000003851460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac984875d57c5fa2021-12-22 11:47:31.194root 11241100x80000000000000003851461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b75813310083382021-12-22 11:47:31.194root 11241100x80000000000000003851462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5ea1b43893f4352021-12-22 11:47:31.194root 11241100x80000000000000003851463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55338486a9c10d262021-12-22 11:47:31.194root 11241100x80000000000000003851464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4e5b8ad2ede0a82021-12-22 11:47:31.194root 11241100x80000000000000003851465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43132c20b75ca6302021-12-22 11:47:31.195root 11241100x80000000000000003851466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e869b949cfe5af832021-12-22 11:47:31.195root 11241100x80000000000000003851467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce26bd2d1af8cbf92021-12-22 11:47:31.195root 11241100x80000000000000003851468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05072784fb510222021-12-22 11:47:31.195root 11241100x80000000000000003851469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e481b229cdda40b2021-12-22 11:47:31.195root 11241100x80000000000000003851470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c0dabcce2d8cd12021-12-22 11:47:31.195root 11241100x80000000000000003851471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1470ebc79352a0cf2021-12-22 11:47:31.196root 11241100x80000000000000003851472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66fac792f849f2f2021-12-22 11:47:31.196root 11241100x80000000000000003851473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c773ad05acab67222021-12-22 11:47:31.196root 11241100x80000000000000003851474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158d7c1e7349314a2021-12-22 11:47:31.196root 11241100x80000000000000003851475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2024b8de83c148a2021-12-22 11:47:31.196root 11241100x80000000000000003851476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f71ce6dc0d1d9a2021-12-22 11:47:31.196root 11241100x80000000000000003851477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c2644cf291674c2021-12-22 11:47:31.196root 11241100x80000000000000003851478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d46184fb4526962021-12-22 11:47:31.196root 11241100x80000000000000003851479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712e20eee548f15d2021-12-22 11:47:31.196root 11241100x80000000000000003851480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f154bd75763e35b2021-12-22 11:47:31.196root 11241100x80000000000000003851481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06aba4e39498c7d42021-12-22 11:47:31.197root 11241100x80000000000000003851482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c9f929cfa043552021-12-22 11:47:31.197root 11241100x80000000000000003851483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f62898108ff44722021-12-22 11:47:31.197root 11241100x80000000000000003851484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2ba20cbb7a74202021-12-22 11:47:31.197root 11241100x80000000000000003851485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74773d1d263676532021-12-22 11:47:31.197root 11241100x80000000000000003851486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17cd03553384ef022021-12-22 11:47:31.197root 11241100x80000000000000003851487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee8a0c6183f8e6c2021-12-22 11:47:31.197root 11241100x80000000000000003851488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be503cff14ef3af52021-12-22 11:47:31.197root 11241100x80000000000000003851489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787233e4907af6432021-12-22 11:47:31.197root 11241100x80000000000000003851490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11ac0c73cd879122021-12-22 11:47:31.197root 11241100x80000000000000003851491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c734c73ee5a386502021-12-22 11:47:31.197root 11241100x80000000000000003851492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88262aa2e883844e2021-12-22 11:47:31.198root 11241100x80000000000000003851493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2769568e983b732021-12-22 11:47:31.198root 11241100x80000000000000003851494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed7ebec4f9a85932021-12-22 11:47:31.198root 11241100x80000000000000003851495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed765804900e73a2021-12-22 11:47:31.198root 11241100x80000000000000003851496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9625db7c5bb5b0762021-12-22 11:47:31.198root 11241100x80000000000000003851497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bebb115546ee7daf2021-12-22 11:47:31.198root 11241100x80000000000000003851498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f681478b8cc54842021-12-22 11:47:31.198root 11241100x80000000000000003851499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064d660ddc0ab30c2021-12-22 11:47:31.198root 11241100x80000000000000003851500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85cddd82f5815e72021-12-22 11:47:31.198root 11241100x80000000000000003851501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061b622e972418312021-12-22 11:47:31.198root 11241100x80000000000000003851502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5154b0f6a080ee1d2021-12-22 11:47:31.199root 154100x80000000000000003851503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.607{ec2b6afe-1053-61c3-6884-0ad168550000}19068/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 11241100x80000000000000003851504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.610{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3528b33ecc2adcd2021-12-22 11:47:31.610root 11241100x80000000000000003851505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.610{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4d23a173c2418d2021-12-22 11:47:31.610root 11241100x80000000000000003851506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.610{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a360687cc2f2822021-12-22 11:47:31.610root 11241100x80000000000000003851507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.611{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9c707ae12c127c2021-12-22 11:47:31.611root 11241100x80000000000000003851508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.612{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aeb634814998b722021-12-22 11:47:31.612root 11241100x80000000000000003851509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.612{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc64d3cc865e8942021-12-22 11:47:31.612root 11241100x80000000000000003851510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.612{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32507e99ee5df0412021-12-22 11:47:31.612root 11241100x80000000000000003851511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.612{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b26a692eca37d72021-12-22 11:47:31.612root 11241100x80000000000000003851512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.613{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e840eeaa790fd1402021-12-22 11:47:31.613root 11241100x80000000000000003851513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.613{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3c8049e4b0c4ef2021-12-22 11:47:31.613root 11241100x80000000000000003851514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.613{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ebece6f78190a72021-12-22 11:47:31.613root 11241100x80000000000000003851515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.614{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f476fed77a785ed42021-12-22 11:47:31.614root 11241100x80000000000000003851516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.614{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ed24f19255dac32021-12-22 11:47:31.614root 11241100x80000000000000003851517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.614{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ae41660ba393192021-12-22 11:47:31.614root 11241100x80000000000000003851518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.614{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565cd92d8706b3bb2021-12-22 11:47:31.614root 11241100x80000000000000003851519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.615{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18d8adc740d52af2021-12-22 11:47:31.615root 11241100x80000000000000003851520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.615{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a607266c17d0ba2021-12-22 11:47:31.615root 11241100x80000000000000003851521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.615{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7767acb14ef860f02021-12-22 11:47:31.615root 11241100x80000000000000003851522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.615{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16cc2f80e18e7b292021-12-22 11:47:31.615root 11241100x80000000000000003851523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.616{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c96b3a07eca9ec2021-12-22 11:47:31.616root 11241100x80000000000000003851524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.616{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445f26c7afabc8d22021-12-22 11:47:31.616root 11241100x80000000000000003851525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.616{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81dbdd3833f7310d2021-12-22 11:47:31.616root 11241100x80000000000000003851526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.616{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6750aadf7b1daf2021-12-22 11:47:31.616root 11241100x80000000000000003851527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.616{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9946f1acd57a1ef42021-12-22 11:47:31.616root 11241100x80000000000000003851528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.616{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1751b4370a30f5a2021-12-22 11:47:31.616root 11241100x80000000000000003851529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.616{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73433a07984315c12021-12-22 11:47:31.616root 11241100x80000000000000003851530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.616{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e012beb869801da2021-12-22 11:47:31.616root 11241100x80000000000000003851531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.617{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ff0d9c741c47242021-12-22 11:47:31.617root 11241100x80000000000000003851532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.617{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d5b1d707c070032021-12-22 11:47:31.617root 11241100x80000000000000003851533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.617{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac506cefe4e46862021-12-22 11:47:31.617root 11241100x80000000000000003851534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.617{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84371d959d80c882021-12-22 11:47:31.617root 11241100x80000000000000003851535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.617{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e898cb35c2787d2021-12-22 11:47:31.617root 11241100x80000000000000003851536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.617{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0389896d0916f41e2021-12-22 11:47:31.617root 11241100x80000000000000003851537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.618{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c6dd15b354c6262021-12-22 11:47:31.618root 11241100x80000000000000003851538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.618{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fb8b51c0bacb612021-12-22 11:47:31.618root 11241100x80000000000000003851539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.618{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b258341d8fff7a92021-12-22 11:47:31.618root 11241100x80000000000000003851540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.618{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935202bc0537c1572021-12-22 11:47:31.618root 11241100x80000000000000003851541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.618{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29470482c91c0bc12021-12-22 11:47:31.618root 534500x80000000000000003851542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.620{ec2b6afe-1053-61c3-6884-0ad168550000}19068/bin/psroot 11241100x80000000000000003851543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c8a9cee853802a2021-12-22 11:47:31.943root 11241100x80000000000000003851544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df44a5f65a38cdf2021-12-22 11:47:31.943root 11241100x80000000000000003851545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43629acc9676b4792021-12-22 11:47:31.943root 11241100x80000000000000003851546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a26c747e3d6ed512021-12-22 11:47:31.943root 11241100x80000000000000003851547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065b3f1193bf2f0c2021-12-22 11:47:31.943root 11241100x80000000000000003851548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c12908c96ee3f62021-12-22 11:47:31.943root 11241100x80000000000000003851549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822c5c7ec3e85ae02021-12-22 11:47:31.944root 11241100x80000000000000003851550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca5548c92e7f4272021-12-22 11:47:31.944root 11241100x80000000000000003851551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe937eb43ac0c042021-12-22 11:47:31.944root 11241100x80000000000000003851552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823ba093b08dc0292021-12-22 11:47:31.944root 11241100x80000000000000003851553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6200eb0903a4fd2021-12-22 11:47:31.945root 11241100x80000000000000003851554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4074442e33ef4d122021-12-22 11:47:31.945root 11241100x80000000000000003851555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da33166cd20d91a82021-12-22 11:47:31.945root 11241100x80000000000000003851556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee0189595819c0e2021-12-22 11:47:31.945root 11241100x80000000000000003851557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446f24b7ddf1408a2021-12-22 11:47:31.946root 11241100x80000000000000003851558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8461a612d9f10edf2021-12-22 11:47:31.946root 11241100x80000000000000003851559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783f30434d3940772021-12-22 11:47:31.946root 11241100x80000000000000003851560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1fed1805e987e142021-12-22 11:47:31.946root 11241100x80000000000000003851561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d212775f5e1a33662021-12-22 11:47:31.946root 11241100x80000000000000003851562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08e80ddb4be0d892021-12-22 11:47:31.946root 11241100x80000000000000003851563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585be35bfc7ad2322021-12-22 11:47:31.946root 11241100x80000000000000003851564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5286c98f3068f5902021-12-22 11:47:31.947root 11241100x80000000000000003851565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448a77d0864da8b62021-12-22 11:47:31.947root 11241100x80000000000000003851566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11dfcba0df030062021-12-22 11:47:31.947root 11241100x80000000000000003851567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4357844dcf7d812021-12-22 11:47:31.947root 11241100x80000000000000003851568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8f69b79fb8e6fc2021-12-22 11:47:31.947root 11241100x80000000000000003851569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf0c11f61acf077c2021-12-22 11:47:31.948root 11241100x80000000000000003851570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8d3d8d957bdfe32021-12-22 11:47:31.948root 11241100x80000000000000003851571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680b5ae04038f9362021-12-22 11:47:31.948root 11241100x80000000000000003851572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054834b9760951b92021-12-22 11:47:31.948root 11241100x80000000000000003851573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f62c69000180832021-12-22 11:47:31.948root 11241100x80000000000000003851574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36c08693ef5a2d02021-12-22 11:47:31.948root 11241100x80000000000000003851575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9f6be5cfc1f2352021-12-22 11:47:31.949root 11241100x80000000000000003851576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f4a20533e875e62021-12-22 11:47:31.949root 11241100x80000000000000003851577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6fb765e84b37622021-12-22 11:47:31.949root 11241100x80000000000000003851578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5226ecca77cda582021-12-22 11:47:31.949root 11241100x80000000000000003851579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1779897bdcaf3e02021-12-22 11:47:31.949root 11241100x80000000000000003851580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5694c016dac93a5e2021-12-22 11:47:31.949root 11241100x80000000000000003851581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6af17c9cb2a2412021-12-22 11:47:31.949root 11241100x80000000000000003851582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8272f2f51a3645a52021-12-22 11:47:31.949root 11241100x80000000000000003851583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b72f19a13f21a82021-12-22 11:47:31.950root 11241100x80000000000000003851584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8e8592e239b0bd2021-12-22 11:47:31.950root 11241100x80000000000000003851585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6fca2199f20bf012021-12-22 11:47:31.950root 11241100x80000000000000003851586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf81c467d9a346d22021-12-22 11:47:31.950root 11241100x80000000000000003851587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61fe871381bbc4f2021-12-22 11:47:31.950root 11241100x80000000000000003851588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48e993145673f1d2021-12-22 11:47:31.950root 11241100x80000000000000003851589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:31.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604f082741152ab62021-12-22 11:47:31.950root 354300x80000000000000003851590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.145{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55458-false10.0.1.12-8000- 11241100x80000000000000003851591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a5904334b024dd2021-12-22 11:47:32.443root 11241100x80000000000000003851592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ba8df6c06ef5a52021-12-22 11:47:32.443root 11241100x80000000000000003851593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e871f2a790b7c8562021-12-22 11:47:32.443root 11241100x80000000000000003851594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801f642433d056862021-12-22 11:47:32.444root 11241100x80000000000000003851595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bcdbf006a3055d2021-12-22 11:47:32.444root 11241100x80000000000000003851596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f667f47624d1f32021-12-22 11:47:32.444root 11241100x80000000000000003851597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27b6c6741a78d282021-12-22 11:47:32.444root 11241100x80000000000000003851598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55cbc9885bcf11932021-12-22 11:47:32.444root 11241100x80000000000000003851599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b735fa44e18f112021-12-22 11:47:32.444root 11241100x80000000000000003851600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87044537b32db53f2021-12-22 11:47:32.444root 11241100x80000000000000003851601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b921099fa60544bf2021-12-22 11:47:32.444root 11241100x80000000000000003851602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f2da798c1148f42021-12-22 11:47:32.444root 11241100x80000000000000003851603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1131f38640a18ea12021-12-22 11:47:32.444root 11241100x80000000000000003851604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86026e0c468f68212021-12-22 11:47:32.444root 11241100x80000000000000003851605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3c20d6867ffae42021-12-22 11:47:32.445root 11241100x80000000000000003851606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e924d850f9631c4f2021-12-22 11:47:32.445root 11241100x80000000000000003851607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1fc783ce65c3c32021-12-22 11:47:32.445root 11241100x80000000000000003851608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5952fc472ac2f28f2021-12-22 11:47:32.445root 11241100x80000000000000003851609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f32cdb7f220c8a02021-12-22 11:47:32.445root 11241100x80000000000000003851610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044fb52e555bfc2d2021-12-22 11:47:32.448root 11241100x80000000000000003851611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a86a592db563d552021-12-22 11:47:32.448root 11241100x80000000000000003851612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32aba80a4d1a7cb62021-12-22 11:47:32.448root 11241100x80000000000000003851613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c03f6441191ac22021-12-22 11:47:32.449root 11241100x80000000000000003851614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2487e48e52815bd32021-12-22 11:47:32.449root 11241100x80000000000000003851615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e7261b3d53d20d2021-12-22 11:47:32.449root 11241100x80000000000000003851616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eeecb6afe3925912021-12-22 11:47:32.449root 11241100x80000000000000003851617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47209400ea812d712021-12-22 11:47:32.449root 11241100x80000000000000003851618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376430d70c1de79b2021-12-22 11:47:32.449root 11241100x80000000000000003851619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8557e8392c9a17db2021-12-22 11:47:32.449root 11241100x80000000000000003851620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17b7db9507ca4c32021-12-22 11:47:32.449root 11241100x80000000000000003851621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41ebcf8295a89bb2021-12-22 11:47:32.450root 11241100x80000000000000003851622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b519f2cce51193a32021-12-22 11:47:32.450root 11241100x80000000000000003851623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f525bbd708b3e45e2021-12-22 11:47:32.450root 11241100x80000000000000003851624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2dd8d94c5c5ada32021-12-22 11:47:32.450root 11241100x80000000000000003851625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124af58b920f5b282021-12-22 11:47:32.450root 11241100x80000000000000003851626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d6a4c9e86179be2021-12-22 11:47:32.450root 11241100x80000000000000003851627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde15ada1c4bccf12021-12-22 11:47:32.450root 11241100x80000000000000003851628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e745eb3acec9522021-12-22 11:47:32.450root 11241100x80000000000000003851629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd725a98681e75a2021-12-22 11:47:32.450root 11241100x80000000000000003851630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd200d5b7dc100ea2021-12-22 11:47:32.450root 11241100x80000000000000003851631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78742607603441382021-12-22 11:47:32.451root 11241100x80000000000000003851632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215089cdaba717bc2021-12-22 11:47:32.943root 11241100x80000000000000003851633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a54240a1615d012021-12-22 11:47:32.943root 11241100x80000000000000003851634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ce4ff374ca2a542021-12-22 11:47:32.943root 11241100x80000000000000003851635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e74f52ed4b49592021-12-22 11:47:32.943root 11241100x80000000000000003851636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8084f39d303750cd2021-12-22 11:47:32.944root 11241100x80000000000000003851637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66170e4e2b3bf822021-12-22 11:47:32.944root 11241100x80000000000000003851638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d42482c72f220a2021-12-22 11:47:32.944root 11241100x80000000000000003851639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db35bd6479c90c32021-12-22 11:47:32.944root 11241100x80000000000000003851640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95204c39c667ca72021-12-22 11:47:32.944root 11241100x80000000000000003851641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928adc925fab7d5c2021-12-22 11:47:32.944root 11241100x80000000000000003851642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44cfb95fc88953d72021-12-22 11:47:32.944root 11241100x80000000000000003851643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4f2547923d06fe2021-12-22 11:47:32.944root 11241100x80000000000000003851644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3114a213b2da4e12021-12-22 11:47:32.944root 11241100x80000000000000003851645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7f76f686e619e62021-12-22 11:47:32.944root 11241100x80000000000000003851646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30ec77e13aceec02021-12-22 11:47:32.944root 11241100x80000000000000003851647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3073d9dcd4f40f2021-12-22 11:47:32.944root 11241100x80000000000000003851648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8df4825d30f1d032021-12-22 11:47:32.944root 11241100x80000000000000003851649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b680c73272ed9b8a2021-12-22 11:47:32.945root 11241100x80000000000000003851650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5766b0c6cc7bb5142021-12-22 11:47:32.945root 11241100x80000000000000003851651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad98b019e7fa9a602021-12-22 11:47:32.945root 11241100x80000000000000003851652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070f25233733566e2021-12-22 11:47:32.945root 11241100x80000000000000003851653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b863e6d899732272021-12-22 11:47:32.945root 11241100x80000000000000003851654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162282f4da93643c2021-12-22 11:47:32.945root 11241100x80000000000000003851655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e265d9bcdc7bf62021-12-22 11:47:32.945root 11241100x80000000000000003851656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fecb4623b25f4372021-12-22 11:47:32.945root 11241100x80000000000000003851657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522d2ef444dbb2fd2021-12-22 11:47:32.945root 11241100x80000000000000003851658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e000be2e624fb2042021-12-22 11:47:32.945root 11241100x80000000000000003851659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14883f584d197fa2021-12-22 11:47:32.945root 11241100x80000000000000003851660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b394ae5d9a965c5e2021-12-22 11:47:32.945root 11241100x80000000000000003851661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1e6cb2c120106b2021-12-22 11:47:32.945root 11241100x80000000000000003851662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef43be281cc41662021-12-22 11:47:32.945root 11241100x80000000000000003851663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25326948d4bd09162021-12-22 11:47:32.945root 11241100x80000000000000003851664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629cb3c361307c1f2021-12-22 11:47:32.945root 11241100x80000000000000003851665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5962d7b684e0b492021-12-22 11:47:32.946root 11241100x80000000000000003851666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cb4a84732531582021-12-22 11:47:32.946root 11241100x80000000000000003851667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62773e86029822112021-12-22 11:47:32.946root 11241100x80000000000000003851668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e64c7af1f09cc2a2021-12-22 11:47:32.946root 11241100x80000000000000003851669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ec22e9237255162021-12-22 11:47:32.946root 11241100x80000000000000003851670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96bfb5e304976412021-12-22 11:47:32.946root 11241100x80000000000000003851671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8628caeacc90fd2021-12-22 11:47:32.946root 11241100x80000000000000003851672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d664f88f976b90702021-12-22 11:47:32.946root 11241100x80000000000000003851673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0949092308cddc42021-12-22 11:47:32.946root 11241100x80000000000000003851674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103af07ec45e5dd82021-12-22 11:47:32.946root 11241100x80000000000000003851675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88782407097c342e2021-12-22 11:47:32.946root 11241100x80000000000000003851676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1209c87db77040ee2021-12-22 11:47:32.946root 11241100x80000000000000003851677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc44a4e488265c622021-12-22 11:47:32.947root 11241100x80000000000000003851678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04b0dc1adc34b612021-12-22 11:47:32.947root 11241100x80000000000000003851679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62b709b7063af312021-12-22 11:47:32.947root 11241100x80000000000000003851680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270211fdc365a45c2021-12-22 11:47:32.948root 11241100x80000000000000003851681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa12b98b7997fb5a2021-12-22 11:47:32.948root 11241100x80000000000000003851682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06d6a778f79ef952021-12-22 11:47:32.948root 11241100x80000000000000003851683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:32.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ed21772fe219d42021-12-22 11:47:32.948root 11241100x80000000000000003851684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.143{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-22 11:47:33.143root 11241100x80000000000000003851685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ad4697c6793fd32021-12-22 11:47:33.443root 11241100x80000000000000003851686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fde15dd76cfeaa42021-12-22 11:47:33.443root 11241100x80000000000000003851687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ee2e0d1c447c3f2021-12-22 11:47:33.443root 11241100x80000000000000003851688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78362818175df1162021-12-22 11:47:33.443root 11241100x80000000000000003851689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84f4e54aca128a52021-12-22 11:47:33.443root 11241100x80000000000000003851690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b33cd466d42a2e12021-12-22 11:47:33.444root 11241100x80000000000000003851691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e4346d80daaf4c2021-12-22 11:47:33.444root 11241100x80000000000000003851692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1d96e4310be18b2021-12-22 11:47:33.444root 11241100x80000000000000003851693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9358496d80d6f262021-12-22 11:47:33.444root 11241100x80000000000000003851694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974d5ea0694c79ab2021-12-22 11:47:33.444root 11241100x80000000000000003851695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99aa2b11bfb9d3672021-12-22 11:47:33.444root 11241100x80000000000000003851696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9edacc331eb9182021-12-22 11:47:33.444root 11241100x80000000000000003851697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34c8ae74e6fa0412021-12-22 11:47:33.444root 11241100x80000000000000003851698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cae81003cbb038a2021-12-22 11:47:33.444root 11241100x80000000000000003851699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdef59bca11088822021-12-22 11:47:33.445root 11241100x80000000000000003851700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3959a9b4d077c7502021-12-22 11:47:33.445root 11241100x80000000000000003851701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c8a82f7382d4c72021-12-22 11:47:33.445root 11241100x80000000000000003851702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ef9f076cdad2512021-12-22 11:47:33.445root 11241100x80000000000000003851703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9463fd97128c55a2021-12-22 11:47:33.445root 11241100x80000000000000003851704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0129860e0014b0d2021-12-22 11:47:33.445root 11241100x80000000000000003851705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcae89d725f449f2021-12-22 11:47:33.446root 11241100x80000000000000003851706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d52df09b8c6e4a2021-12-22 11:47:33.446root 11241100x80000000000000003851707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2f0c39c2c133c92021-12-22 11:47:33.446root 11241100x80000000000000003851708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf085ddf49d0a882021-12-22 11:47:33.446root 11241100x80000000000000003851709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99bca85d6e666212021-12-22 11:47:33.446root 11241100x80000000000000003851710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c44bfabae6744b02021-12-22 11:47:33.446root 11241100x80000000000000003851711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0943a87659f7e782021-12-22 11:47:33.446root 11241100x80000000000000003851712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109e2fce63ea2cd12021-12-22 11:47:33.446root 11241100x80000000000000003851713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed14bc12ed11339b2021-12-22 11:47:33.447root 11241100x80000000000000003851714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210d9a7bf3f8539d2021-12-22 11:47:33.447root 11241100x80000000000000003851715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b38136b5ed7b7322021-12-22 11:47:33.447root 11241100x80000000000000003851716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5011d76a68155dbf2021-12-22 11:47:33.447root 11241100x80000000000000003851717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29683e95fb8167f22021-12-22 11:47:33.447root 11241100x80000000000000003851718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a412ad2b594a7b2021-12-22 11:47:33.447root 11241100x80000000000000003851719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34839a1ac0f7e7b02021-12-22 11:47:33.447root 11241100x80000000000000003851720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcec4ac5ab787e3a2021-12-22 11:47:33.447root 11241100x80000000000000003851721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fd620b2f0aaf392021-12-22 11:47:33.447root 11241100x80000000000000003851722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f538b75cd089d42021-12-22 11:47:33.448root 11241100x80000000000000003851723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3216bbc41d6a5f592021-12-22 11:47:33.448root 11241100x80000000000000003851724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a6f0cebddd4ef22021-12-22 11:47:33.448root 11241100x80000000000000003851725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94d6b680e00be4a2021-12-22 11:47:33.448root 11241100x80000000000000003851726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa0ed546d0622fc2021-12-22 11:47:33.448root 11241100x80000000000000003851727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f5938df2d506e22021-12-22 11:47:33.448root 11241100x80000000000000003851728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05786620634fcc862021-12-22 11:47:33.448root 11241100x80000000000000003851729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b701a1b2143c2822021-12-22 11:47:33.449root 11241100x80000000000000003851730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a318e6f90c47961e2021-12-22 11:47:33.449root 11241100x80000000000000003851731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58686afb689d4f512021-12-22 11:47:33.449root 11241100x80000000000000003851732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2b44ee9f1dc0972021-12-22 11:47:33.449root 11241100x80000000000000003851733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ad327baf4ddaf22021-12-22 11:47:33.449root 11241100x80000000000000003851734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cfd106d61ba165d2021-12-22 11:47:33.449root 11241100x80000000000000003851735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782ac2e9eaef35fa2021-12-22 11:47:33.450root 11241100x80000000000000003851736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c1d70738e4b7a22021-12-22 11:47:33.450root 11241100x80000000000000003851737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285d938ba99436152021-12-22 11:47:33.450root 11241100x80000000000000003851738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dada3e14829e6d262021-12-22 11:47:33.450root 11241100x80000000000000003851739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77d96b71aa4d2b92021-12-22 11:47:33.450root 11241100x80000000000000003851740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d3194ec43c9f842021-12-22 11:47:33.450root 11241100x80000000000000003851741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67bff2d252bbca492021-12-22 11:47:33.451root 11241100x80000000000000003851742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85803535115945152021-12-22 11:47:33.451root 11241100x80000000000000003851743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3edf632cf2131bbc2021-12-22 11:47:33.451root 11241100x80000000000000003851744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a822aeb63d93622021-12-22 11:47:33.451root 11241100x80000000000000003851745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da4798cf12bd0d2b2021-12-22 11:47:33.451root 11241100x80000000000000003851746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654c495153955c9b2021-12-22 11:47:33.452root 11241100x80000000000000003851747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442609bc3acba2e32021-12-22 11:47:33.452root 11241100x80000000000000003851748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ec0a00771228442021-12-22 11:47:33.452root 11241100x80000000000000003851749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96046f0edfb17422021-12-22 11:47:33.452root 11241100x80000000000000003851750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2bbaf70a16e7edc2021-12-22 11:47:33.452root 11241100x80000000000000003851751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac80faa55846c55f2021-12-22 11:47:33.453root 11241100x80000000000000003851752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653eb7d5d1a7c7d12021-12-22 11:47:33.453root 11241100x80000000000000003851753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac41f9d576da5302021-12-22 11:47:33.453root 11241100x80000000000000003851754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac131093b467d4442021-12-22 11:47:33.453root 11241100x80000000000000003851755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.405f17a41becbd9e2021-12-22 11:47:33.453root 11241100x80000000000000003851756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a39f49183e7d11f2021-12-22 11:47:33.453root 11241100x80000000000000003851757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1897ac748bf3768b2021-12-22 11:47:33.454root 11241100x80000000000000003851758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b106a245a37d193c2021-12-22 11:47:33.454root 11241100x80000000000000003851759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc4d64e6436fdb42021-12-22 11:47:33.454root 11241100x80000000000000003851760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95f01f493e79d3c2021-12-22 11:47:33.454root 11241100x80000000000000003851761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07452cab539d75b82021-12-22 11:47:33.454root 11241100x80000000000000003851762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20bfa1e8dcb76e6a2021-12-22 11:47:33.454root 11241100x80000000000000003851763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a74a9dd484a46da2021-12-22 11:47:33.455root 11241100x80000000000000003851764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c9e71b50313f362021-12-22 11:47:33.455root 11241100x80000000000000003851765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f5c8e8570ac8642021-12-22 11:47:33.455root 11241100x80000000000000003851766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28910e73374cc8f72021-12-22 11:47:33.455root 11241100x80000000000000003851767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6cee33db6583172021-12-22 11:47:33.455root 11241100x80000000000000003851768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f31abae113c57a2021-12-22 11:47:33.455root 11241100x80000000000000003851769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4596cc3f3b9d1aa2021-12-22 11:47:33.456root 11241100x80000000000000003851770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f104d752653554c2021-12-22 11:47:33.942root 11241100x80000000000000003851771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d58d4bf35a0ca52021-12-22 11:47:33.943root 11241100x80000000000000003851772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804ff616573f7d232021-12-22 11:47:33.943root 11241100x80000000000000003851773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63003165a0c79c6f2021-12-22 11:47:33.943root 11241100x80000000000000003851774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863632365a2a36462021-12-22 11:47:33.944root 11241100x80000000000000003851775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad57b51dfb0bc192021-12-22 11:47:33.944root 11241100x80000000000000003851776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e423a93971a20ff2021-12-22 11:47:33.944root 11241100x80000000000000003851777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a5191ebc1975352021-12-22 11:47:33.945root 11241100x80000000000000003851778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027006575435bc262021-12-22 11:47:33.945root 11241100x80000000000000003851779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1760fdc0ba41e9ed2021-12-22 11:47:33.945root 11241100x80000000000000003851780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64553cad147490852021-12-22 11:47:33.946root 11241100x80000000000000003851781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b66f851d54665aa2021-12-22 11:47:33.946root 11241100x80000000000000003851782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9802498585b374142021-12-22 11:47:33.946root 11241100x80000000000000003851783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2660d3fdf9be2412021-12-22 11:47:33.947root 11241100x80000000000000003851784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d595165189710df22021-12-22 11:47:33.947root 11241100x80000000000000003851785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599c63e1e00991222021-12-22 11:47:33.947root 11241100x80000000000000003851786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950adfe60e6fb07c2021-12-22 11:47:33.947root 11241100x80000000000000003851787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d568092b8aa0d552021-12-22 11:47:33.950root 11241100x80000000000000003851788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95de7542ae046b222021-12-22 11:47:33.950root 11241100x80000000000000003851789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda46b594f44490a2021-12-22 11:47:33.950root 11241100x80000000000000003851790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f05ef45db5019bd2021-12-22 11:47:33.950root 11241100x80000000000000003851791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd867c41eff7ca122021-12-22 11:47:33.950root 11241100x80000000000000003851792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223af410d48277002021-12-22 11:47:33.950root 11241100x80000000000000003851793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab91e0ae4833e462021-12-22 11:47:33.950root 11241100x80000000000000003851794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2069fc44ddcd78f2021-12-22 11:47:33.950root 11241100x80000000000000003851795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf1b87515f3f6bf2021-12-22 11:47:33.950root 11241100x80000000000000003851796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb8727f46c535fb2021-12-22 11:47:33.950root 11241100x80000000000000003851797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb06828bc6e87f82021-12-22 11:47:33.950root 11241100x80000000000000003851798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b427e9005ead739d2021-12-22 11:47:33.950root 11241100x80000000000000003851799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f75e6006a4d7c42021-12-22 11:47:33.950root 11241100x80000000000000003851800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08759236c9ddf182021-12-22 11:47:33.951root 11241100x80000000000000003851801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25a94185f1f87ea2021-12-22 11:47:33.951root 11241100x80000000000000003851802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59873b6a650b798e2021-12-22 11:47:33.951root 11241100x80000000000000003851803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3854ec16e7f9c2642021-12-22 11:47:33.951root 11241100x80000000000000003851804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4db889b12c9d1e2021-12-22 11:47:33.951root 11241100x80000000000000003851805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2ca746f8ee9d752021-12-22 11:47:33.951root 11241100x80000000000000003851806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23caf5d3b93d3d5e2021-12-22 11:47:33.951root 11241100x80000000000000003851807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6b1b50c59da4072021-12-22 11:47:33.951root 11241100x80000000000000003851808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61680e381190aa212021-12-22 11:47:33.951root 11241100x80000000000000003851809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ddbf05f1b4ebf62021-12-22 11:47:33.951root 11241100x80000000000000003851810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159bb2ddef2ce0be2021-12-22 11:47:33.951root 11241100x80000000000000003851811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f2448323661b882021-12-22 11:47:33.951root 11241100x80000000000000003851812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7863eb51fed5cb2021-12-22 11:47:33.951root 11241100x80000000000000003851813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b345a485a35861f42021-12-22 11:47:33.951root 11241100x80000000000000003851814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2404fc40b803ad202021-12-22 11:47:33.951root 11241100x80000000000000003851815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a06e1c1ecda08b32021-12-22 11:47:33.952root 11241100x80000000000000003851816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7b8773eb5a506d2021-12-22 11:47:33.952root 11241100x80000000000000003851817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfbb78a5fe903232021-12-22 11:47:33.952root 11241100x80000000000000003851818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a51981a875f9812021-12-22 11:47:33.952root 354300x80000000000000003851819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:33.959{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-42524-false10.0.1.12-8089- 154100x80000000000000003851820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.428{ec2b6afe-1056-61c3-80d2-7ce071550000}19069/bin/nano-----nano myfopen.c/home/ubuntuubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 11241100x80000000000000003851821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.429{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ff95daaccc8d8f2021-12-22 11:47:34.429root 11241100x80000000000000003851822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.430{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a6df625c1f61102021-12-22 11:47:34.430root 11241100x80000000000000003851823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.430{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db3d6a2f2afe14e2021-12-22 11:47:34.430root 11241100x80000000000000003851824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.430{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef0a135b01eacd32021-12-22 11:47:34.430root 11241100x80000000000000003851825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.430{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8457d01eff4221a92021-12-22 11:47:34.430root 11241100x80000000000000003851826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.430{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b14e029058ea24e2021-12-22 11:47:34.430root 11241100x80000000000000003851827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.430{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4e167b4fe34fca2021-12-22 11:47:34.430root 11241100x80000000000000003851828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.431{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e85b6b8ca3ca532021-12-22 11:47:34.431root 11241100x80000000000000003851829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.431{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276ece331a7f5d022021-12-22 11:47:34.431root 11241100x80000000000000003851830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.431{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d8f5a015c428a82021-12-22 11:47:34.431root 11241100x80000000000000003851831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.431{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7741d657a429c3742021-12-22 11:47:34.431root 11241100x80000000000000003851832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.431{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ac2ddac295edbc2021-12-22 11:47:34.431root 11241100x80000000000000003851833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.431{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0883da2bcd75616a2021-12-22 11:47:34.431root 11241100x80000000000000003851834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.432{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1d44315f7a8ca62021-12-22 11:47:34.432root 11241100x80000000000000003851835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.432{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa77078b4a8ed322021-12-22 11:47:34.432root 11241100x80000000000000003851836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.432{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65e24dea5b81ec92021-12-22 11:47:34.432root 11241100x80000000000000003851837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.432{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b25f1ce0464e6f2021-12-22 11:47:34.432root 11241100x80000000000000003851838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.432{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b1f9cacccc97462021-12-22 11:47:34.432root 11241100x80000000000000003851839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.432{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96cc6ca75ff93b7a2021-12-22 11:47:34.432root 11241100x80000000000000003851840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.432{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5bea57e708e97d02021-12-22 11:47:34.432root 11241100x80000000000000003851841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.433{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417b2948a31659232021-12-22 11:47:34.433root 11241100x80000000000000003851842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.433{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e58b58b89916dfb2021-12-22 11:47:34.433root 11241100x80000000000000003851843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.433{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb4eaabeff3ebfe2021-12-22 11:47:34.433root 11241100x80000000000000003851844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.433{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6665ccbcf8d96bb72021-12-22 11:47:34.433root 11241100x80000000000000003851845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.433{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd38842a4f9806332021-12-22 11:47:34.433root 11241100x80000000000000003851846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.433{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9136b2f8a3b771ac2021-12-22 11:47:34.433root 11241100x80000000000000003851847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.433{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c79556d7095ac022021-12-22 11:47:34.433root 11241100x80000000000000003851848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.434{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9c5127889645502021-12-22 11:47:34.434root 11241100x80000000000000003851849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.434{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a552b3062c7d83c62021-12-22 11:47:34.434root 11241100x80000000000000003851850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.434{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe385faaefd1c46a2021-12-22 11:47:34.434root 11241100x80000000000000003851851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.434{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8e545e6a8f33bb2021-12-22 11:47:34.434root 11241100x80000000000000003851852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.434{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ef22ca67847df82021-12-22 11:47:34.434root 11241100x80000000000000003851853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.434{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed8395793bf242e2021-12-22 11:47:34.434root 11241100x80000000000000003851854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.434{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7448a4726fdbe2032021-12-22 11:47:34.434root 11241100x80000000000000003851855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.435{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eafa2c891e9e68c2021-12-22 11:47:34.435root 11241100x80000000000000003851856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.435{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24813f27e7e8e3232021-12-22 11:47:34.435root 11241100x80000000000000003851857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.435{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a9b8fcf311af9f2021-12-22 11:47:34.435root 11241100x80000000000000003851858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.435{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248fe389e4b131a62021-12-22 11:47:34.435root 11241100x80000000000000003851859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.435{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96d4a155cf1a9f12021-12-22 11:47:34.435root 11241100x80000000000000003851860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.435{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe12c8fc55d20aed2021-12-22 11:47:34.435root 11241100x80000000000000003851861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.436{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196f4ba6dc50db572021-12-22 11:47:34.436root 11241100x80000000000000003851862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.436{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608e4284357954b02021-12-22 11:47:34.436root 11241100x80000000000000003851863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.436{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a5611341675c8e2021-12-22 11:47:34.436root 11241100x80000000000000003851864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.436{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab08c34a386def52021-12-22 11:47:34.436root 11241100x80000000000000003851865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.436{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f241b1c5a2d7908f2021-12-22 11:47:34.436root 11241100x80000000000000003851866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.436{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0b50ac0a5fdecc2021-12-22 11:47:34.436root 11241100x80000000000000003851867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.436{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4db6438f9e2d8ea2021-12-22 11:47:34.436root 11241100x80000000000000003851868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.436{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75f3b57559ace402021-12-22 11:47:34.436root 11241100x80000000000000003851869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.437{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63365383a4049a672021-12-22 11:47:34.437root 11241100x80000000000000003851870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.437{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10490f3c8859c4942021-12-22 11:47:34.437root 11241100x80000000000000003851871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.437{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5e7af0adef2ed32021-12-22 11:47:34.437root 11241100x80000000000000003851872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.437{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f780c269bbd6852021-12-22 11:47:34.437root 11241100x80000000000000003851873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.437{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468c3fabe8cf79082021-12-22 11:47:34.437root 11241100x80000000000000003851874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.437{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4ef667db78582e2021-12-22 11:47:34.437root 11241100x80000000000000003851875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.437{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384924e6e16cf6e72021-12-22 11:47:34.437root 11241100x80000000000000003851876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.437{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e07df061699b3b32021-12-22 11:47:34.437root 11241100x80000000000000003851877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.437{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adfeae95a92274812021-12-22 11:47:34.437root 11241100x80000000000000003851878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.438{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5af991a70d219fb2021-12-22 11:47:34.438root 11241100x80000000000000003851879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.438{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e519d0b4a5387cd2021-12-22 11:47:34.438root 11241100x80000000000000003851880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.438{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f6a8c521cd15d32021-12-22 11:47:34.438root 11241100x80000000000000003851881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.438{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc49992e028912f62021-12-22 11:47:34.438root 11241100x80000000000000003851882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.438{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e11f168780093f2021-12-22 11:47:34.438root 11241100x80000000000000003851883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.438{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741093d148362d292021-12-22 11:47:34.438root 11241100x80000000000000003851884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.438{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c3bfd9667e7db62021-12-22 11:47:34.438root 11241100x80000000000000003851885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.438{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e9e2d8df630bbd2021-12-22 11:47:34.438root 11241100x80000000000000003851886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.439{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e4b83368d12f732021-12-22 11:47:34.439root 11241100x80000000000000003851887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.439{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0a270fa1d0f3102021-12-22 11:47:34.439root 11241100x80000000000000003851888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.439{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f1d9a605ee74742021-12-22 11:47:34.439root 11241100x80000000000000003851889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.439{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243ceb7f9410b5c42021-12-22 11:47:34.439root 11241100x80000000000000003851890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.439{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c0ed07eca4a5262021-12-22 11:47:34.439root 11241100x80000000000000003851891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.439{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed45a65492b8ca2c2021-12-22 11:47:34.439root 11241100x80000000000000003851892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.439{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ff176027ff00382021-12-22 11:47:34.439root 11241100x80000000000000003851893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.440{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b618ef9cb4eeff22021-12-22 11:47:34.440root 11241100x80000000000000003851894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.447{ec2b6afe-1056-61c3-80d2-7ce071550000}19069/bin/nano/home/ubuntu/.myfopen.c.swp2021-12-22 11:47:34.447ubuntu 11241100x80000000000000003851895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d5d676e836bd8a2021-12-22 11:47:34.693root 11241100x80000000000000003851896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a984806b93d444ac2021-12-22 11:47:34.693root 11241100x80000000000000003851897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae0f201f86957552021-12-22 11:47:34.693root 11241100x80000000000000003851898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f04bffffba451a2021-12-22 11:47:34.693root 11241100x80000000000000003851899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ec0d26a0d627222021-12-22 11:47:34.693root 11241100x80000000000000003851900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453996b3dda17b342021-12-22 11:47:34.693root 11241100x80000000000000003851901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7904ec57af2a6612021-12-22 11:47:34.694root 11241100x80000000000000003851902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31292b7dde65301a2021-12-22 11:47:34.694root 11241100x80000000000000003851903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8f57af8f445f072021-12-22 11:47:34.694root 11241100x80000000000000003851904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c790e712648852d32021-12-22 11:47:34.694root 11241100x80000000000000003851905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da666bc40dd9ac712021-12-22 11:47:34.694root 11241100x80000000000000003851906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3546d2eb6f83d5022021-12-22 11:47:34.694root 11241100x80000000000000003851907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137fd3e9e369e36d2021-12-22 11:47:34.694root 11241100x80000000000000003851908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54fa53e932aae4ed2021-12-22 11:47:34.694root 11241100x80000000000000003851909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0ef3fa7d163ba62021-12-22 11:47:34.695root 11241100x80000000000000003851910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e8fb1d14a60ca92021-12-22 11:47:34.695root 11241100x80000000000000003851911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e3043cd6623d252021-12-22 11:47:34.695root 11241100x80000000000000003851912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4fc074a316ac9222021-12-22 11:47:34.695root 11241100x80000000000000003851913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2f6c9734161a862021-12-22 11:47:34.695root 11241100x80000000000000003851914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ac0030c0d5af442021-12-22 11:47:34.695root 11241100x80000000000000003851915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a219dfca9e64873d2021-12-22 11:47:34.696root 11241100x80000000000000003851916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8cd9b316c1d861e2021-12-22 11:47:34.696root 11241100x80000000000000003851917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb20aab87a3e024a2021-12-22 11:47:34.696root 11241100x80000000000000003851918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec49d370e3cd5092021-12-22 11:47:34.696root 11241100x80000000000000003851919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b9ff9512c3befa2021-12-22 11:47:34.696root 11241100x80000000000000003851920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b951d6bc87ba6132021-12-22 11:47:34.696root 11241100x80000000000000003851921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4924ebc2147185b72021-12-22 11:47:34.696root 11241100x80000000000000003851922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aad91db00a7fba92021-12-22 11:47:34.697root 11241100x80000000000000003851923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d517020a37386cb12021-12-22 11:47:34.697root 11241100x80000000000000003851924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0312459e3ee3272021-12-22 11:47:34.697root 11241100x80000000000000003851925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f04c66582dace62021-12-22 11:47:34.697root 11241100x80000000000000003851926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4639dae8dc9b0922021-12-22 11:47:34.697root 11241100x80000000000000003851927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6bc44d94fa4e762021-12-22 11:47:34.697root 11241100x80000000000000003851928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384c9f2c76a527e62021-12-22 11:47:34.698root 11241100x80000000000000003851929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c1f2420f94263e2021-12-22 11:47:34.698root 11241100x80000000000000003851930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137e837a00b2fced2021-12-22 11:47:34.698root 11241100x80000000000000003851931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cafa206938fc7b52021-12-22 11:47:34.698root 11241100x80000000000000003851932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299c84e395b4bb082021-12-22 11:47:34.698root 11241100x80000000000000003851933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a918e2f2266e659e2021-12-22 11:47:34.698root 11241100x80000000000000003851934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b181fbe1fec6832021-12-22 11:47:34.699root 11241100x80000000000000003851935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edaf2b59e564775c2021-12-22 11:47:34.699root 11241100x80000000000000003851936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d60dfabcbaae60a2021-12-22 11:47:34.699root 11241100x80000000000000003851937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df84470f51da47362021-12-22 11:47:34.699root 11241100x80000000000000003851938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5cf6f701e2e29622021-12-22 11:47:34.699root 11241100x80000000000000003851939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3080d0c7fb9ec7bf2021-12-22 11:47:34.699root 11241100x80000000000000003851940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca007ab787bef1c2021-12-22 11:47:34.699root 11241100x80000000000000003851941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d4b8d9905621a402021-12-22 11:47:34.699root 11241100x80000000000000003851942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349a8cb370f8d12d2021-12-22 11:47:34.699root 11241100x80000000000000003851943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1a16c2a6d1a70d2021-12-22 11:47:34.699root 11241100x80000000000000003851944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b09c95206dd30452021-12-22 11:47:34.699root 11241100x80000000000000003851945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f007998e3e5723332021-12-22 11:47:34.700root 11241100x80000000000000003851946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4872f9c1dfc61a2f2021-12-22 11:47:34.700root 11241100x80000000000000003851947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b88f7899187e8fb2021-12-22 11:47:34.700root 11241100x80000000000000003851948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f202a4bd78501ef62021-12-22 11:47:34.700root 11241100x80000000000000003851949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d1ed607dc39ec42021-12-22 11:47:34.700root 11241100x80000000000000003851950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c936b4fdf0055792021-12-22 11:47:34.700root 11241100x80000000000000003851951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356788d8c6b19c0a2021-12-22 11:47:34.700root 11241100x80000000000000003851952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8902785a1ab354672021-12-22 11:47:34.700root 11241100x80000000000000003851953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64e4d592740f6372021-12-22 11:47:34.700root 11241100x80000000000000003851954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697d02ace951773b2021-12-22 11:47:34.700root 11241100x80000000000000003851955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874e9f814eed95662021-12-22 11:47:34.701root 11241100x80000000000000003851956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7ab39a8ce5cc262021-12-22 11:47:34.701root 11241100x80000000000000003851957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d78d9c4ffee23c2021-12-22 11:47:34.701root 11241100x80000000000000003851958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4cef39777a0664c2021-12-22 11:47:34.701root 11241100x80000000000000003851959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c22ae7b9e56ed622021-12-22 11:47:34.701root 11241100x80000000000000003851960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6fc8f2946cb57b2021-12-22 11:47:34.701root 11241100x80000000000000003851961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d763cfeb3198ae2021-12-22 11:47:34.701root 11241100x80000000000000003851962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f72b714736817302021-12-22 11:47:34.701root 11241100x80000000000000003851963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601e10c1824b78bc2021-12-22 11:47:34.701root 11241100x80000000000000003851964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8505ab9bac2339382021-12-22 11:47:34.701root 11241100x80000000000000003851965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd9e8600861ddc32021-12-22 11:47:34.702root 11241100x80000000000000003851966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:34.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67eb445bd788a0272021-12-22 11:47:34.702root 11241100x80000000000000003851967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8590ef3ff8f7972021-12-22 11:47:35.193root 11241100x80000000000000003851968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3eb17310c64c952021-12-22 11:47:35.194root 11241100x80000000000000003851969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a5520a2a32f18f2021-12-22 11:47:35.194root 11241100x80000000000000003851970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0482ddc1e0161ba22021-12-22 11:47:35.194root 11241100x80000000000000003851971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec89ee8e3803ea22021-12-22 11:47:35.194root 11241100x80000000000000003851972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f6d670ef0b1aa32021-12-22 11:47:35.194root 11241100x80000000000000003851973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56196c7ff516a2ec2021-12-22 11:47:35.194root 11241100x80000000000000003851974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a48f25a66a4cfbe2021-12-22 11:47:35.194root 11241100x80000000000000003851975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b174858167f92992021-12-22 11:47:35.195root 11241100x80000000000000003851976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f229b19519950e672021-12-22 11:47:35.195root 11241100x80000000000000003851977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961ef50ce6c4924f2021-12-22 11:47:35.195root 11241100x80000000000000003851978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d271143853a958ad2021-12-22 11:47:35.195root 11241100x80000000000000003851979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dbd8c7856d15ba52021-12-22 11:47:35.195root 11241100x80000000000000003851980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06dbbb2a5ebae6332021-12-22 11:47:35.195root 11241100x80000000000000003851981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192189f72ac02cfb2021-12-22 11:47:35.198root 11241100x80000000000000003851982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9398add498e31542021-12-22 11:47:35.198root 11241100x80000000000000003851983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf0cef28dbd9def2021-12-22 11:47:35.198root 11241100x80000000000000003851984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95337a87ae5d8d22021-12-22 11:47:35.198root 11241100x80000000000000003851985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a679a2691f611c22021-12-22 11:47:35.198root 11241100x80000000000000003851986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285dc938e0765d342021-12-22 11:47:35.198root 11241100x80000000000000003851987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dea08d082d6a7222021-12-22 11:47:35.198root 11241100x80000000000000003851988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e32e634c8a29992021-12-22 11:47:35.199root 11241100x80000000000000003851989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809210535069ed7e2021-12-22 11:47:35.199root 11241100x80000000000000003851990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94fe9388a9ba04262021-12-22 11:47:35.199root 11241100x80000000000000003851991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f1190d37048d622021-12-22 11:47:35.199root 11241100x80000000000000003851992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81932453e851eb9c2021-12-22 11:47:35.199root 11241100x80000000000000003851993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81785d10b0c5f66e2021-12-22 11:47:35.199root 11241100x80000000000000003851994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eef31eeb50b73fd2021-12-22 11:47:35.199root 11241100x80000000000000003851995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ded3b88ea278bd2021-12-22 11:47:35.199root 11241100x80000000000000003851996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7f625ff01cbf612021-12-22 11:47:35.200root 11241100x80000000000000003851997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ca09fd1e10a3042021-12-22 11:47:35.200root 11241100x80000000000000003851998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81217ab89b65b20b2021-12-22 11:47:35.200root 11241100x80000000000000003851999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4206bcf92508ea2021-12-22 11:47:35.200root 11241100x80000000000000003852000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a856893524549f242021-12-22 11:47:35.200root 11241100x80000000000000003852001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5200ff22c6f9bdac2021-12-22 11:47:35.200root 11241100x80000000000000003852002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387191b037b61b4b2021-12-22 11:47:35.200root 11241100x80000000000000003852003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec6a2291d24f69b2021-12-22 11:47:35.200root 11241100x80000000000000003852004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd37154f0d31d122021-12-22 11:47:35.200root 11241100x80000000000000003852005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfd733be8c547982021-12-22 11:47:35.200root 11241100x80000000000000003852006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274787025ca4fef62021-12-22 11:47:35.201root 11241100x80000000000000003852007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43542d1618baf5282021-12-22 11:47:35.201root 11241100x80000000000000003852008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d227dc969436bf042021-12-22 11:47:35.201root 11241100x80000000000000003852009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab367b9ab15a61292021-12-22 11:47:35.201root 11241100x80000000000000003852010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1083ad78f0c5f7292021-12-22 11:47:35.201root 11241100x80000000000000003852011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8a0742023a0e3f2021-12-22 11:47:35.201root 11241100x80000000000000003852012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe6c1f9cd061dfd2021-12-22 11:47:35.201root 11241100x80000000000000003852013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1707e18df612702021-12-22 11:47:35.201root 11241100x80000000000000003852014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c491453899245f2021-12-22 11:47:35.201root 11241100x80000000000000003852015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d41981c9a7db3862021-12-22 11:47:35.201root 11241100x80000000000000003852016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051afda617319cd42021-12-22 11:47:35.202root 11241100x80000000000000003852017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d011357a156b052021-12-22 11:47:35.202root 11241100x80000000000000003852018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ff9e5185241eaf2021-12-22 11:47:35.202root 11241100x80000000000000003852019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edeb0dce9b2163f62021-12-22 11:47:35.693root 11241100x80000000000000003852020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47065893007860f2021-12-22 11:47:35.693root 11241100x80000000000000003852021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf2841f89e68e862021-12-22 11:47:35.693root 11241100x80000000000000003852022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81684492fd5ab432021-12-22 11:47:35.694root 11241100x80000000000000003852023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe7647082d96b602021-12-22 11:47:35.694root 11241100x80000000000000003852024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c30973b99c0ca22021-12-22 11:47:35.694root 11241100x80000000000000003852025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53d0bd3e862caa12021-12-22 11:47:35.694root 11241100x80000000000000003852026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48aa87277c2ec2992021-12-22 11:47:35.694root 11241100x80000000000000003852027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b7d3cfcf7d819112021-12-22 11:47:35.694root 11241100x80000000000000003852028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24372d2f41416da42021-12-22 11:47:35.694root 11241100x80000000000000003852029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb181d8fe8af1e22021-12-22 11:47:35.695root 11241100x80000000000000003852030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e2312d18563d0a2021-12-22 11:47:35.695root 11241100x80000000000000003852031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9e8e9e768b29f52021-12-22 11:47:35.695root 11241100x80000000000000003852032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9188e8f38ef362c02021-12-22 11:47:35.695root 11241100x80000000000000003852033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30e3eb1cdb6b2c52021-12-22 11:47:35.695root 11241100x80000000000000003852034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1256689868f77f212021-12-22 11:47:35.695root 11241100x80000000000000003852035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8896e02e69057b8d2021-12-22 11:47:35.696root 11241100x80000000000000003852036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6764e2ebf19dac452021-12-22 11:47:35.696root 11241100x80000000000000003852037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47b57414268f5572021-12-22 11:47:35.696root 11241100x80000000000000003852038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af6267c69179e582021-12-22 11:47:35.696root 11241100x80000000000000003852039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28bf42acc90a91342021-12-22 11:47:35.696root 11241100x80000000000000003852040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbbd88f094e0aa622021-12-22 11:47:35.697root 11241100x80000000000000003852041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8188f75668f89932021-12-22 11:47:35.697root 11241100x80000000000000003852042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0194e00811cd2f4e2021-12-22 11:47:35.697root 11241100x80000000000000003852043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776384561f766b842021-12-22 11:47:35.697root 11241100x80000000000000003852044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e179500d8e62036c2021-12-22 11:47:35.697root 11241100x80000000000000003852045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6368aede4a0e8672021-12-22 11:47:35.698root 11241100x80000000000000003852046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f7fa066141a0272021-12-22 11:47:35.698root 11241100x80000000000000003852047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373bbc05756387db2021-12-22 11:47:35.698root 11241100x80000000000000003852048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3661f49b7433662021-12-22 11:47:35.699root 11241100x80000000000000003852049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541ef1fa8422c9ce2021-12-22 11:47:35.699root 11241100x80000000000000003852050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d706aec4dcb4d0d2021-12-22 11:47:35.699root 11241100x80000000000000003852051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b279e1eb0bace04f2021-12-22 11:47:35.699root 11241100x80000000000000003852052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c7bb21d4f3f57b2021-12-22 11:47:35.700root 11241100x80000000000000003852053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77a6ee4eb0f94812021-12-22 11:47:35.700root 11241100x80000000000000003852054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2c6d096decad012021-12-22 11:47:35.700root 11241100x80000000000000003852055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185fc9f7907998f72021-12-22 11:47:35.700root 11241100x80000000000000003852056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a3ed01214c92da2021-12-22 11:47:35.701root 11241100x80000000000000003852057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13eac68369100faf2021-12-22 11:47:35.701root 11241100x80000000000000003852058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754b2a0d0d997b992021-12-22 11:47:35.701root 11241100x80000000000000003852059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060a5a0ad4b031382021-12-22 11:47:35.701root 11241100x80000000000000003852060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.201b76524e6a6be72021-12-22 11:47:35.701root 11241100x80000000000000003852061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b5a39cb42c39fa2021-12-22 11:47:35.702root 11241100x80000000000000003852062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769df573f87215b62021-12-22 11:47:35.702root 11241100x80000000000000003852063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7ff349de6c180b2021-12-22 11:47:35.702root 11241100x80000000000000003852064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1208d3424a638ed2021-12-22 11:47:35.702root 11241100x80000000000000003852065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d0c3b66d5e7bf92021-12-22 11:47:35.703root 11241100x80000000000000003852066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902bce388578bf452021-12-22 11:47:35.704root 11241100x80000000000000003852067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a42e5287b0f6d92021-12-22 11:47:35.704root 11241100x80000000000000003852068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efdaaec37f5bda0d2021-12-22 11:47:35.704root 11241100x80000000000000003852069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e61da26f993c1e2021-12-22 11:47:35.704root 11241100x80000000000000003852070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7ada902dcd4a3a2021-12-22 11:47:35.704root 11241100x80000000000000003852071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2acca2c730056f502021-12-22 11:47:35.704root 11241100x80000000000000003852072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a709269ef1c45262021-12-22 11:47:35.704root 11241100x80000000000000003852073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe70296c597d25a2021-12-22 11:47:35.704root 11241100x80000000000000003852074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e636cf327164f1b22021-12-22 11:47:35.705root 11241100x80000000000000003852075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34874bb9519996d52021-12-22 11:47:35.705root 11241100x80000000000000003852076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe12bba82fc4fa4b2021-12-22 11:47:35.705root 11241100x80000000000000003852077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:35.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1760412111fa185f2021-12-22 11:47:35.705root 23542300x80000000000000003852078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.145{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000003852079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cfb31257d9ad2732021-12-22 11:47:36.146root 11241100x80000000000000003852080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed440aee01ef798e2021-12-22 11:47:36.146root 11241100x80000000000000003852081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e991141e13c3742021-12-22 11:47:36.147root 11241100x80000000000000003852082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efdb992da601e8202021-12-22 11:47:36.147root 11241100x80000000000000003852083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c85437a77f78072021-12-22 11:47:36.148root 11241100x80000000000000003852084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601d8078992f46aa2021-12-22 11:47:36.148root 11241100x80000000000000003852085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e19e8c27ae9a872021-12-22 11:47:36.148root 11241100x80000000000000003852086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f4280ce24461002021-12-22 11:47:36.148root 11241100x80000000000000003852087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28159ce51a918b732021-12-22 11:47:36.149root 11241100x80000000000000003852088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f4415b6dfa559d2021-12-22 11:47:36.149root 11241100x80000000000000003852089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06f740c539db56c2021-12-22 11:47:36.149root 11241100x80000000000000003852090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6beb05079914a96b2021-12-22 11:47:36.150root 11241100x80000000000000003852091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4560c0e5f65a002021-12-22 11:47:36.150root 11241100x80000000000000003852092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9da278a742dc8942021-12-22 11:47:36.150root 11241100x80000000000000003852093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3ccf33b2a6ffff2021-12-22 11:47:36.150root 11241100x80000000000000003852094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca686674aea7ca42021-12-22 11:47:36.150root 11241100x80000000000000003852095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c352d1133980cbb12021-12-22 11:47:36.150root 11241100x80000000000000003852096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7601e290b16de0442021-12-22 11:47:36.150root 11241100x80000000000000003852097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9552e3052fb3a9602021-12-22 11:47:36.150root 11241100x80000000000000003852098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4477ad83980ef82021-12-22 11:47:36.150root 11241100x80000000000000003852099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5a9cc64a2e939d2021-12-22 11:47:36.151root 11241100x80000000000000003852100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8338ae46879799b2021-12-22 11:47:36.151root 11241100x80000000000000003852101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a349cc685cdf842021-12-22 11:47:36.151root 11241100x80000000000000003852102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000650bf78d717d62021-12-22 11:47:36.151root 11241100x80000000000000003852103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e3702e582c8d692021-12-22 11:47:36.151root 11241100x80000000000000003852104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3715204de0362e2e2021-12-22 11:47:36.151root 11241100x80000000000000003852105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5077a1a35515a5802021-12-22 11:47:36.151root 11241100x80000000000000003852106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dcab6c3d60540a62021-12-22 11:47:36.151root 11241100x80000000000000003852107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9922fc9698d291a2021-12-22 11:47:36.152root 11241100x80000000000000003852108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0508b5c78035113d2021-12-22 11:47:36.152root 11241100x80000000000000003852109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15b6980599e1d112021-12-22 11:47:36.152root 11241100x80000000000000003852110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376d0ba792091ba72021-12-22 11:47:36.152root 11241100x80000000000000003852111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3e60075b1182f52021-12-22 11:47:36.152root 11241100x80000000000000003852112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2245a264684ec81e2021-12-22 11:47:36.152root 11241100x80000000000000003852113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e85269b8f2b26162021-12-22 11:47:36.152root 11241100x80000000000000003852114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2327d29e9ed0b1082021-12-22 11:47:36.152root 11241100x80000000000000003852115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da3baa61758782f2021-12-22 11:47:36.152root 11241100x80000000000000003852116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66dc13e31de8e56d2021-12-22 11:47:36.152root 11241100x80000000000000003852117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206256fed235b4302021-12-22 11:47:36.153root 11241100x80000000000000003852118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133170828fee35852021-12-22 11:47:36.153root 11241100x80000000000000003852119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15115fe9b8e048e62021-12-22 11:47:36.153root 11241100x80000000000000003852120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e6212f2e5053742021-12-22 11:47:36.153root 11241100x80000000000000003852121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7289f7c60b13a3b2021-12-22 11:47:36.153root 11241100x80000000000000003852122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb8e72b31fbab072021-12-22 11:47:36.153root 11241100x80000000000000003852123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aad88a9243aeb882021-12-22 11:47:36.153root 11241100x80000000000000003852124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d16c6eb20580192021-12-22 11:47:36.443root 11241100x80000000000000003852125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca44cf73eebdb722021-12-22 11:47:36.443root 11241100x80000000000000003852126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9584a1b96a5ccbeb2021-12-22 11:47:36.444root 11241100x80000000000000003852127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d357dec2d9ecc2bf2021-12-22 11:47:36.444root 11241100x80000000000000003852128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b03b7d9c4cdfa172021-12-22 11:47:36.444root 11241100x80000000000000003852129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdce5c37c1e315872021-12-22 11:47:36.444root 11241100x80000000000000003852130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb17d0d463aace12021-12-22 11:47:36.444root 11241100x80000000000000003852131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2338e4cea3fcb3742021-12-22 11:47:36.444root 11241100x80000000000000003852132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42de087b71587f002021-12-22 11:47:36.445root 11241100x80000000000000003852133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dec096a567392972021-12-22 11:47:36.445root 11241100x80000000000000003852134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ffb86e39092abf2021-12-22 11:47:36.445root 11241100x80000000000000003852135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7f49303b681b2e2021-12-22 11:47:36.445root 11241100x80000000000000003852136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d89bfe2580e2672021-12-22 11:47:36.445root 11241100x80000000000000003852137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4dc992ca6afb4b52021-12-22 11:47:36.445root 11241100x80000000000000003852138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534520f9731eadcb2021-12-22 11:47:36.445root 11241100x80000000000000003852139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb3999bb95e3b2b2021-12-22 11:47:36.445root 11241100x80000000000000003852140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e42818e2aea3452021-12-22 11:47:36.445root 11241100x80000000000000003852141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5fd5936b39c9df2021-12-22 11:47:36.445root 11241100x80000000000000003852142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec74ab54d342b522021-12-22 11:47:36.445root 11241100x80000000000000003852143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d601811963593162021-12-22 11:47:36.445root 11241100x80000000000000003852144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5bd91be5d522c82021-12-22 11:47:36.445root 11241100x80000000000000003852145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b13af46dda5b8992021-12-22 11:47:36.445root 11241100x80000000000000003852146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9975a767c3fdca2c2021-12-22 11:47:36.446root 11241100x80000000000000003852147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c17248132b7b6f2021-12-22 11:47:36.446root 11241100x80000000000000003852148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba751e3a0d4c8b72021-12-22 11:47:36.446root 11241100x80000000000000003852149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0a48c60704fa582021-12-22 11:47:36.446root 11241100x80000000000000003852150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94f7ea729cb0f002021-12-22 11:47:36.446root 11241100x80000000000000003852151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3806ed0c4064fb2021-12-22 11:47:36.446root 11241100x80000000000000003852152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e9850ca6f5abd52021-12-22 11:47:36.446root 11241100x80000000000000003852153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468fad91720674882021-12-22 11:47:36.446root 11241100x80000000000000003852154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323718844de7ebb72021-12-22 11:47:36.446root 11241100x80000000000000003852155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2cf4170005c0c12021-12-22 11:47:36.446root 11241100x80000000000000003852156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436dc64ddf5c53e62021-12-22 11:47:36.446root 11241100x80000000000000003852157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012ea480e9aa42252021-12-22 11:47:36.447root 11241100x80000000000000003852158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e469783cf24e54a2021-12-22 11:47:36.447root 11241100x80000000000000003852159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f097912f3a44a402021-12-22 11:47:36.447root 11241100x80000000000000003852160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8be0b28dd254a112021-12-22 11:47:36.447root 11241100x80000000000000003852161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77d0e2e376e41f72021-12-22 11:47:36.447root 11241100x80000000000000003852162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f06f047ccb83bb12021-12-22 11:47:36.447root 11241100x80000000000000003852163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24d4dd12a8ac7682021-12-22 11:47:36.447root 11241100x80000000000000003852164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f22a5f70517a6de2021-12-22 11:47:36.447root 11241100x80000000000000003852165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2876d16c2526e552021-12-22 11:47:36.447root 11241100x80000000000000003852166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caef18de1e03e0482021-12-22 11:47:36.943root 11241100x80000000000000003852167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39c3c89ef1c42a42021-12-22 11:47:36.943root 11241100x80000000000000003852168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12843f86877a96d12021-12-22 11:47:36.944root 11241100x80000000000000003852169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a83ce9c4125a4d2021-12-22 11:47:36.944root 11241100x80000000000000003852170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4a44e812affae32021-12-22 11:47:36.944root 11241100x80000000000000003852171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8c84cef08c8c8c2021-12-22 11:47:36.944root 11241100x80000000000000003852172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3458d7c4016e93a2021-12-22 11:47:36.944root 11241100x80000000000000003852173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c431585be660901f2021-12-22 11:47:36.944root 11241100x80000000000000003852174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05129afb8c47a6a92021-12-22 11:47:36.945root 11241100x80000000000000003852175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c041b9dfdef683ae2021-12-22 11:47:36.945root 11241100x80000000000000003852176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06f26a4e33c2c482021-12-22 11:47:36.945root 11241100x80000000000000003852177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c575767e84cc90e2021-12-22 11:47:36.945root 11241100x80000000000000003852178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10dc571f6d851db72021-12-22 11:47:36.945root 11241100x80000000000000003852179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e3883fa84f3db32021-12-22 11:47:36.945root 11241100x80000000000000003852180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49aa69fd70e40052021-12-22 11:47:36.945root 11241100x80000000000000003852181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f5a5a5878c8a5b2021-12-22 11:47:36.946root 11241100x80000000000000003852182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b6c7f7a045214e2021-12-22 11:47:36.946root 11241100x80000000000000003852183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3071c027bf92323a2021-12-22 11:47:36.946root 11241100x80000000000000003852184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7208b48fb1ccf842021-12-22 11:47:36.946root 11241100x80000000000000003852185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7dbe9c6b1df60732021-12-22 11:47:36.946root 11241100x80000000000000003852186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17eb4bd3e89fafe12021-12-22 11:47:36.946root 11241100x80000000000000003852187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4617d003f4aef2bf2021-12-22 11:47:36.946root 11241100x80000000000000003852188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03bb0463be3a2ab42021-12-22 11:47:36.946root 11241100x80000000000000003852189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99683d43daed8d8b2021-12-22 11:47:36.946root 11241100x80000000000000003852190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199b055422d7fce12021-12-22 11:47:36.946root 11241100x80000000000000003852191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81ca06e4635036c2021-12-22 11:47:36.946root 11241100x80000000000000003852192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6c88af08007e762021-12-22 11:47:36.946root 11241100x80000000000000003852193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0516802782aa2ad72021-12-22 11:47:36.946root 11241100x80000000000000003852194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c283db98e0cf36822021-12-22 11:47:36.946root 11241100x80000000000000003852195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e92bca800638af52021-12-22 11:47:36.946root 11241100x80000000000000003852196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d722ae8c9f54ef022021-12-22 11:47:36.947root 11241100x80000000000000003852197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a39ad78d190f36a2021-12-22 11:47:36.947root 11241100x80000000000000003852198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a834aeccd0627072021-12-22 11:47:36.947root 11241100x80000000000000003852199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd636953a5fd7e5d2021-12-22 11:47:36.947root 11241100x80000000000000003852200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64537c5122063ad2021-12-22 11:47:36.947root 11241100x80000000000000003852201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2cb4bf57bfadd042021-12-22 11:47:36.947root 11241100x80000000000000003852202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53159a08f74ffc002021-12-22 11:47:36.947root 11241100x80000000000000003852203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35560ec34ce8be7c2021-12-22 11:47:36.947root 11241100x80000000000000003852204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b971a5bb0deae8092021-12-22 11:47:36.947root 11241100x80000000000000003852205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2eb3a8423217ac2021-12-22 11:47:36.947root 11241100x80000000000000003852206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88376a9a59653692021-12-22 11:47:36.947root 11241100x80000000000000003852207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da62a07c3be039a22021-12-22 11:47:36.948root 11241100x80000000000000003852208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bedc6023ac01a73b2021-12-22 11:47:36.948root 11241100x80000000000000003852209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1bae2496b80fb3d2021-12-22 11:47:36.948root 11241100x80000000000000003852210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3363614ad281696f2021-12-22 11:47:36.948root 11241100x80000000000000003852211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2409c18e0be2722021-12-22 11:47:36.948root 11241100x80000000000000003852212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b0b24a122389802021-12-22 11:47:36.948root 11241100x80000000000000003852213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570f409bedee67632021-12-22 11:47:36.948root 11241100x80000000000000003852214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e64f679e52667622021-12-22 11:47:36.948root 11241100x80000000000000003852215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea93b8a5f24da2e72021-12-22 11:47:36.948root 11241100x80000000000000003852216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1719d8ddb52ea9982021-12-22 11:47:36.948root 354300x80000000000000003852217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.233{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55462-false10.0.1.12-8000- 11241100x80000000000000003852218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265c9b331197ca7b2021-12-22 11:47:37.233root 11241100x80000000000000003852219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bceecd1eb4e9da8d2021-12-22 11:47:37.234root 11241100x80000000000000003852220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9a2c547a6a42a72021-12-22 11:47:37.234root 11241100x80000000000000003852221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4f0d6c95dc5e522021-12-22 11:47:37.234root 11241100x80000000000000003852222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eea462ed67f3a4d2021-12-22 11:47:37.234root 11241100x80000000000000003852223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ee86b1657d878d2021-12-22 11:47:37.234root 11241100x80000000000000003852224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17704dee31292322021-12-22 11:47:37.234root 11241100x80000000000000003852225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0c83699b6172f62021-12-22 11:47:37.234root 11241100x80000000000000003852226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6673667a8be52f52021-12-22 11:47:37.234root 11241100x80000000000000003852227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43a5a59b35e8b662021-12-22 11:47:37.234root 11241100x80000000000000003852228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806e873cc645868d2021-12-22 11:47:37.234root 11241100x80000000000000003852229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b308ea27d27a64832021-12-22 11:47:37.235root 11241100x80000000000000003852230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6569012486a9b72021-12-22 11:47:37.235root 11241100x80000000000000003852231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc37f10da1830ee72021-12-22 11:47:37.235root 11241100x80000000000000003852232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7c2540a49d4aac2021-12-22 11:47:37.235root 11241100x80000000000000003852233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19bb1eb81ad21f432021-12-22 11:47:37.235root 11241100x80000000000000003852234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2442f281e9586b72021-12-22 11:47:37.235root 11241100x80000000000000003852235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c443777f26c7fd2021-12-22 11:47:37.235root 11241100x80000000000000003852236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823bb87864d541e32021-12-22 11:47:37.235root 11241100x80000000000000003852237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a457cfb75022f892021-12-22 11:47:37.235root 11241100x80000000000000003852238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d9451cce6658ac2021-12-22 11:47:37.236root 11241100x80000000000000003852239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b2431eb95839102021-12-22 11:47:37.236root 11241100x80000000000000003852240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c11c60002e612982021-12-22 11:47:37.236root 11241100x80000000000000003852241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2afe5802a0622f1d2021-12-22 11:47:37.236root 11241100x80000000000000003852242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c8dbdd250893b12021-12-22 11:47:37.236root 11241100x80000000000000003852243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d65b65bf3afc4072021-12-22 11:47:37.236root 11241100x80000000000000003852244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ee961afcadd4282021-12-22 11:47:37.236root 11241100x80000000000000003852245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b131d2bf3cb97c2b2021-12-22 11:47:37.236root 11241100x80000000000000003852246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df78d132fcb4c82f2021-12-22 11:47:37.236root 11241100x80000000000000003852247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150fc15cae56fa0e2021-12-22 11:47:37.236root 11241100x80000000000000003852248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4afd7fd87726c092021-12-22 11:47:37.236root 11241100x80000000000000003852249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d267fb513cea0222021-12-22 11:47:37.236root 11241100x80000000000000003852250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed6fa4c9d4c995a2021-12-22 11:47:37.236root 11241100x80000000000000003852251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8edeb5f5bf28cf2021-12-22 11:47:37.236root 11241100x80000000000000003852252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce96ae629265df8f2021-12-22 11:47:37.236root 11241100x80000000000000003852253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5e2cc56fda08772021-12-22 11:47:37.237root 11241100x80000000000000003852254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f8588de23e5c532021-12-22 11:47:37.237root 11241100x80000000000000003852255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44aab2f8b9744042021-12-22 11:47:37.237root 11241100x80000000000000003852256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b96790a43b17c262021-12-22 11:47:37.237root 11241100x80000000000000003852257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5825c8752feafee42021-12-22 11:47:37.237root 11241100x80000000000000003852258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4051c695a3dfec882021-12-22 11:47:37.237root 11241100x80000000000000003852259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fed983a1a25b3c72021-12-22 11:47:37.237root 11241100x80000000000000003852260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfdbfe1ead99b0c62021-12-22 11:47:37.237root 11241100x80000000000000003852261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fffb16dd3d3ded2021-12-22 11:47:37.237root 11241100x80000000000000003852262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6a14f16b694ac92021-12-22 11:47:37.237root 11241100x80000000000000003852263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8964521dd671002021-12-22 11:47:37.238root 11241100x80000000000000003852264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd89dc9542c670c2021-12-22 11:47:37.238root 11241100x80000000000000003852265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec875d3dd8067402021-12-22 11:47:37.238root 11241100x80000000000000003852266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd92df5acbae5c372021-12-22 11:47:37.238root 11241100x80000000000000003852267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66876fb0481f10162021-12-22 11:47:37.238root 11241100x80000000000000003852268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e50adbdb6c21fa2021-12-22 11:47:37.238root 11241100x80000000000000003852269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc62f98fe0cb30e32021-12-22 11:47:37.238root 11241100x80000000000000003852270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9106684c82fd302021-12-22 11:47:37.238root 11241100x80000000000000003852271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0cf39e8c27b0e72021-12-22 11:47:37.238root 11241100x80000000000000003852272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3adcdea65331a7d2021-12-22 11:47:37.238root 11241100x80000000000000003852273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e226b0f84fe70a2021-12-22 11:47:37.238root 11241100x80000000000000003852274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb48b4628096ac62021-12-22 11:47:37.238root 11241100x80000000000000003852275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1439dc311b4ff4bd2021-12-22 11:47:37.238root 11241100x80000000000000003852276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d057ad0d2a76b3442021-12-22 11:47:37.239root 11241100x80000000000000003852277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48aa61ff50c01e082021-12-22 11:47:37.239root 11241100x80000000000000003852278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603ed36ed7402e172021-12-22 11:47:37.239root 11241100x80000000000000003852279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eae393fd8acab882021-12-22 11:47:37.239root 11241100x80000000000000003852280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb6a3e7e77d1f322021-12-22 11:47:37.239root 11241100x80000000000000003852281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428b32cf113086cf2021-12-22 11:47:37.239root 11241100x80000000000000003852282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cba2255ad3cf4552021-12-22 11:47:37.239root 11241100x80000000000000003852283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1fe943bcfea8182021-12-22 11:47:37.239root 11241100x80000000000000003852284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47ae77590a1d2e42021-12-22 11:47:37.239root 11241100x80000000000000003852285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428fc939254862b52021-12-22 11:47:37.239root 11241100x80000000000000003852286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5322bb5c73bd6a7d2021-12-22 11:47:37.239root 11241100x80000000000000003852287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6ead7ebd0578962021-12-22 11:47:37.239root 11241100x80000000000000003852288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2cdd4415f5ad182021-12-22 11:47:37.240root 11241100x80000000000000003852289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad7af68a8985b952021-12-22 11:47:37.240root 11241100x80000000000000003852290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c961e69cb2907f2021-12-22 11:47:37.240root 11241100x80000000000000003852291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98fefda790c669be2021-12-22 11:47:37.240root 11241100x80000000000000003852292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b45ef0f6efdd642021-12-22 11:47:37.240root 11241100x80000000000000003852293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dcd4dfe07d0f9fb2021-12-22 11:47:37.240root 11241100x80000000000000003852294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf8303785551ec92021-12-22 11:47:37.240root 11241100x80000000000000003852295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306edcacfc0783e72021-12-22 11:47:37.240root 11241100x80000000000000003852296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf24ebbd083ebe852021-12-22 11:47:37.240root 11241100x80000000000000003852297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d85594f6be00f12021-12-22 11:47:37.240root 11241100x80000000000000003852298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab2cbfbdc4aa93a2021-12-22 11:47:37.241root 11241100x80000000000000003852299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87951829a1cea50e2021-12-22 11:47:37.241root 11241100x80000000000000003852300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ad47bba08092cc2021-12-22 11:47:37.241root 11241100x80000000000000003852301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e75868dda1ba6e2021-12-22 11:47:37.241root 11241100x80000000000000003852302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7303d5f7cd944a72021-12-22 11:47:37.241root 11241100x80000000000000003852303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccaeeaaf1d27d1052021-12-22 11:47:37.241root 11241100x80000000000000003852304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd23dffca51f7b382021-12-22 11:47:37.241root 11241100x80000000000000003852305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e08b412128938b2021-12-22 11:47:37.241root 11241100x80000000000000003852306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296bba4fff93f56e2021-12-22 11:47:37.241root 11241100x80000000000000003852307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4049dfba8a3f16162021-12-22 11:47:37.242root 11241100x80000000000000003852308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb42920c01562af82021-12-22 11:47:37.242root 11241100x80000000000000003852309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac6ede7381b3f882021-12-22 11:47:37.242root 11241100x80000000000000003852310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0fa0046d6fafa62021-12-22 11:47:37.242root 11241100x80000000000000003852311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008f255016a12bb32021-12-22 11:47:37.242root 11241100x80000000000000003852312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70eaeb8c8c02587e2021-12-22 11:47:37.242root 11241100x80000000000000003852313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feafc19ca442dbd92021-12-22 11:47:37.242root 11241100x80000000000000003852314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193a4010e31a14b72021-12-22 11:47:37.242root 11241100x80000000000000003852315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa08ec54d2975d32021-12-22 11:47:37.242root 11241100x80000000000000003852316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433bfb357377cd532021-12-22 11:47:37.242root 11241100x80000000000000003852317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c59079b048bbc92021-12-22 11:47:37.242root 11241100x80000000000000003852318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49056c805aca66602021-12-22 11:47:37.243root 11241100x80000000000000003852319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec033ee8369257302021-12-22 11:47:37.243root 11241100x80000000000000003852320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8589fcd4d36aa5382021-12-22 11:47:37.243root 11241100x80000000000000003852321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee6e7c716747ce52021-12-22 11:47:37.243root 11241100x80000000000000003852322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287abffcfd66df6d2021-12-22 11:47:37.243root 11241100x80000000000000003852323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b3b3e403e7105d2021-12-22 11:47:37.243root 11241100x80000000000000003852324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440e676ddc7270112021-12-22 11:47:37.243root 11241100x80000000000000003852325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17c2e192cdb067a2021-12-22 11:47:37.243root 11241100x80000000000000003852326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73502ef229eece42021-12-22 11:47:37.243root 11241100x80000000000000003852327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99af771e085d09bc2021-12-22 11:47:37.243root 11241100x80000000000000003852328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35213a8ac05574e52021-12-22 11:47:37.243root 11241100x80000000000000003852329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0d80d659f8f2612021-12-22 11:47:37.243root 11241100x80000000000000003852330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b736b13a75cb2fc72021-12-22 11:47:37.244root 11241100x80000000000000003852331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828aa6daa3f76dc32021-12-22 11:47:37.244root 11241100x80000000000000003852332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7c6a9a066cc7952021-12-22 11:47:37.244root 11241100x80000000000000003852333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a7f04cfaf6bc0c2021-12-22 11:47:37.244root 11241100x80000000000000003852334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bfc06732edf47d72021-12-22 11:47:37.244root 11241100x80000000000000003852335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d127008ecf4cfcf2021-12-22 11:47:37.244root 11241100x80000000000000003852336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:37.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d6b8ff97a928a32021-12-22 11:47:37.244root 354300x80000000000000003852381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:43.066{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55464-false10.0.1.12-8000- 11241100x80000000000000003852382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:43.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926dd36a50d0e0ec2021-12-22 11:47:43.442root 11241100x80000000000000003852383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:43.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375600cb39c395812021-12-22 11:47:43.942root 23542300x80000000000000003852384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:44.340{ec2b6afe-1056-61c3-80d2-7ce071550000}19069ubuntu/bin/nano/home/ubuntu/./.myfopen.c.swp--- 534500x80000000000000003852385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:44.340{ec2b6afe-1056-61c3-80d2-7ce071550000}19069/bin/nanoubuntu 11241100x80000000000000003852386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:44.340{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cad7da0943a25f82021-12-22 11:47:44.340root 11241100x80000000000000003852387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:44.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3075df7071cb2572021-12-22 11:47:44.692root 11241100x80000000000000003852388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea4502f7d2b0b812021-12-22 11:47:44.693root 11241100x80000000000000003852389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db8fab1b00336772021-12-22 11:47:44.693root 11241100x80000000000000003852390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:45.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd619a7056861b12021-12-22 11:47:45.192root 11241100x80000000000000003852391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a63a059c1f25422021-12-22 11:47:45.193root 11241100x80000000000000003852392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606ba83cfdebf5b52021-12-22 11:47:45.193root 11241100x80000000000000003852393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:45.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568988d9056d4ee02021-12-22 11:47:45.692root 11241100x80000000000000003852394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a51ffa35b9bc1d2021-12-22 11:47:45.693root 11241100x80000000000000003852395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2840ebfcf6962ce02021-12-22 11:47:45.693root 11241100x80000000000000003852396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:46.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac26f2112c1ca0d2021-12-22 11:47:46.192root 11241100x80000000000000003852397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d99deb78e64a1792021-12-22 11:47:46.193root 11241100x80000000000000003852398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5b7e470ca8fe2d2021-12-22 11:47:46.193root 11241100x80000000000000003852399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a012407086075d22021-12-22 11:47:46.694root 11241100x80000000000000003852400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7888c200a5b77fa62021-12-22 11:47:46.694root 11241100x80000000000000003852401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73750cb32430bfb22021-12-22 11:47:46.694root 11241100x80000000000000003852402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:47.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623dbf072432f70f2021-12-22 11:47:47.192root 11241100x80000000000000003852403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dced5b194761ebe02021-12-22 11:47:47.193root 11241100x80000000000000003852404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d44c4732adb19c902021-12-22 11:47:47.193root 11241100x80000000000000003852405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:47.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e659cbe455ab74162021-12-22 11:47:47.692root 11241100x80000000000000003852406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7241c69b432e6af92021-12-22 11:47:47.693root 11241100x80000000000000003852407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0f24d191b083742021-12-22 11:47:47.693root 354300x80000000000000003852408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:48.119{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55466-false10.0.1.12-8000- 11241100x80000000000000003852409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:48.119{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f8dfd612f948982021-12-22 11:47:48.119root 11241100x80000000000000003852410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:48.119{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef1a658d1bec70b2021-12-22 11:47:48.119root 11241100x80000000000000003852411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:48.119{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a395281c600193cc2021-12-22 11:47:48.119root 11241100x80000000000000003852412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732635a188c2e6d22021-12-22 11:47:48.443root 11241100x80000000000000003852413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986bdf36686f92542021-12-22 11:47:48.443root 11241100x80000000000000003852414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c614fca3600bd02021-12-22 11:47:48.443root 11241100x80000000000000003852415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee82c8414f94ff982021-12-22 11:47:48.444root 11241100x80000000000000003852416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:48.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c471a76636ceeeb2021-12-22 11:47:48.942root 11241100x80000000000000003852417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b50938b40441d52021-12-22 11:47:48.943root 11241100x80000000000000003852418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e11ea97d535c082021-12-22 11:47:48.943root 11241100x80000000000000003852419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ecf177056a32e22021-12-22 11:47:48.943root 11241100x80000000000000003852420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:49.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a74a65b69ba249d2021-12-22 11:47:49.442root 11241100x80000000000000003852421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134ce6a1fd362e0a2021-12-22 11:47:49.443root 11241100x80000000000000003852422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf227e5a48eb4c9a2021-12-22 11:47:49.443root 11241100x80000000000000003852423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e56e7467981023f2021-12-22 11:47:49.443root 11241100x80000000000000003852424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:49.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b726a1f18143d0192021-12-22 11:47:49.942root 11241100x80000000000000003852425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca882e83e564d5842021-12-22 11:47:49.943root 11241100x80000000000000003852426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70713664d77fb7242021-12-22 11:47:49.943root 11241100x80000000000000003852427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c803259e425947d02021-12-22 11:47:49.943root 11241100x80000000000000003852428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:50.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d4ed3080e4b0e92021-12-22 11:47:50.442root 11241100x80000000000000003852429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e09e9cf49342af2021-12-22 11:47:50.443root 11241100x80000000000000003852430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38bbde4bcb1459db2021-12-22 11:47:50.443root 11241100x80000000000000003852431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818c7e5e5e8157662021-12-22 11:47:50.443root 11241100x80000000000000003852432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:50.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5f4bc5913106392021-12-22 11:47:50.942root 11241100x80000000000000003852433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc4dfb42612cfd42021-12-22 11:47:50.943root 11241100x80000000000000003852434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859d760b428e2ca62021-12-22 11:47:50.943root 11241100x80000000000000003852435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f750ed9c87d02bc42021-12-22 11:47:50.943root 11241100x80000000000000003852436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:51.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d018af630d55c6cf2021-12-22 11:47:51.442root 11241100x80000000000000003852437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79442c88add2d392021-12-22 11:47:51.443root 11241100x80000000000000003852438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be7c4a6c24b6a9d2021-12-22 11:47:51.443root 11241100x80000000000000003852439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a91a102baf43c12021-12-22 11:47:51.443root 11241100x80000000000000003852440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:51.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db578841a16a9a72021-12-22 11:47:51.942root 11241100x80000000000000003852441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a292ea8a0135882021-12-22 11:47:51.943root 11241100x80000000000000003852442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d94074157a8e792021-12-22 11:47:51.943root 11241100x80000000000000003852443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1405a370720e42fb2021-12-22 11:47:51.943root 11241100x80000000000000003852444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:52.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe81f8f9cbc51d82021-12-22 11:47:52.442root 11241100x80000000000000003852445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593569506f73c7d32021-12-22 11:47:52.443root 11241100x80000000000000003852446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb6588d30acbd022021-12-22 11:47:52.443root 11241100x80000000000000003852447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94f2e07a51bee502021-12-22 11:47:52.443root 11241100x80000000000000003852448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:52.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcdfb3f5688eb7a52021-12-22 11:47:52.942root 11241100x80000000000000003852449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1069352b506a1bc2021-12-22 11:47:52.943root 11241100x80000000000000003852450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106d283e43d632ac2021-12-22 11:47:52.943root 11241100x80000000000000003852451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b270c7938b93c9212021-12-22 11:47:52.943root 11241100x80000000000000003852452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:53.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02862f874f7a6add2021-12-22 11:47:53.442root 11241100x80000000000000003852453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e010200dab8fb7582021-12-22 11:47:53.443root 11241100x80000000000000003852454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbacb3737e9caad82021-12-22 11:47:53.443root 11241100x80000000000000003852455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76946197792097c02021-12-22 11:47:53.443root 11241100x80000000000000003852456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:53.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14abed18867d49e02021-12-22 11:47:53.942root 11241100x80000000000000003852457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a9829e42c509f22021-12-22 11:47:53.943root 11241100x80000000000000003852458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a502db7e3f6a672021-12-22 11:47:53.943root 11241100x80000000000000003852459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfe144f49f6d67a2021-12-22 11:47:53.943root 354300x80000000000000003852460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:54.116{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55468-false10.0.1.12-8000- 11241100x80000000000000003852461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa35410dd9137052021-12-22 11:47:54.443root 11241100x80000000000000003852462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1c6014756062fd2021-12-22 11:47:54.443root 11241100x80000000000000003852463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859cf6dd579fafb02021-12-22 11:47:54.443root 11241100x80000000000000003852464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1223394308ba092021-12-22 11:47:54.443root 11241100x80000000000000003852465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1488a72243a70b712021-12-22 11:47:54.443root 11241100x80000000000000003852466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3159f882c3a01a02021-12-22 11:47:54.943root 11241100x80000000000000003852467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77508f4af550248c2021-12-22 11:47:54.943root 11241100x80000000000000003852468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3781297fae535a792021-12-22 11:47:54.943root 11241100x80000000000000003852469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e50323812d3e3c2021-12-22 11:47:54.943root 11241100x80000000000000003852470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187f40187e72ca132021-12-22 11:47:54.943root 11241100x80000000000000003852471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d744bf5b41fd742021-12-22 11:47:55.443root 11241100x80000000000000003852472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a12587b35fd67da2021-12-22 11:47:55.443root 11241100x80000000000000003852473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a8513cd71071e732021-12-22 11:47:55.443root 11241100x80000000000000003852474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54be901c86a5c6522021-12-22 11:47:55.443root 11241100x80000000000000003852475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5cc136080ac6842021-12-22 11:47:55.443root 534500x80000000000000003852476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:55.818{00000000-0000-0000-0000-000000000000}19070<unknown process>ubuntu 11241100x80000000000000003852477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:55.819{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5854b75899aa55db2021-12-22 11:47:55.819root 11241100x80000000000000003852478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:55.819{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a57704da13eeff2021-12-22 11:47:55.819root 11241100x80000000000000003852479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:55.819{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338c80b173de0afd2021-12-22 11:47:55.819root 11241100x80000000000000003852480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:55.820{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b996482d3459eb172021-12-22 11:47:55.820root 11241100x80000000000000003852481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:55.820{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca39498a27c9b1c2021-12-22 11:47:55.820root 11241100x80000000000000003852482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:55.820{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a943eaa5b31b662021-12-22 11:47:55.820root 534500x80000000000000003852483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:55.820{00000000-0000-0000-0000-000000000000}19071<unknown process>ubuntu 11241100x80000000000000003852484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:55.820{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash/tmp/sh-thd.Ah5vG72021-12-22 11:47:55.820ubuntu 23542300x80000000000000003852485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:55.820{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702ubuntu/bin/bash/tmp/sh-thd.Ah5vG7--- 11241100x80000000000000003852486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37fdfaaa09f13652021-12-22 11:47:56.193root 11241100x80000000000000003852487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d715be7bd12eb6f2021-12-22 11:47:56.193root 11241100x80000000000000003852488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10087c39c73b8922021-12-22 11:47:56.193root 11241100x80000000000000003852489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbbf5451a0afea02021-12-22 11:47:56.193root 11241100x80000000000000003852490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb92e5f7a508523f2021-12-22 11:47:56.193root 11241100x80000000000000003852491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c80b6c7288dcaf92021-12-22 11:47:56.193root 11241100x80000000000000003852492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49191a2b920c3542021-12-22 11:47:56.193root 11241100x80000000000000003852493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464b81ccffb273cd2021-12-22 11:47:56.193root 11241100x80000000000000003852494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6101e80f607d4282021-12-22 11:47:56.193root 11241100x80000000000000003852495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ced08c90e77e1a2021-12-22 11:47:56.693root 11241100x80000000000000003852496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa733a5a426a4e972021-12-22 11:47:56.693root 11241100x80000000000000003852497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1a33a2ce46ac1b2021-12-22 11:47:56.693root 11241100x80000000000000003852498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5117998ecad74902021-12-22 11:47:56.693root 11241100x80000000000000003852499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af9b6dbd97eae732021-12-22 11:47:56.693root 11241100x80000000000000003852500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747f47868c8ada642021-12-22 11:47:56.693root 11241100x80000000000000003852501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d664a8b9f2b01d6a2021-12-22 11:47:56.693root 11241100x80000000000000003852502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ccbff450a0e8be32021-12-22 11:47:56.694root 11241100x80000000000000003852503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9250559957ab0f2021-12-22 11:47:56.694root 11241100x80000000000000003852504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97e5702af8fb50f2021-12-22 11:47:57.193root 11241100x80000000000000003852505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083f0f592f29f7ac2021-12-22 11:47:57.193root 11241100x80000000000000003852506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a73e4ed78f4a0362021-12-22 11:47:57.193root 11241100x80000000000000003852507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91713c369d6bc582021-12-22 11:47:57.193root 11241100x80000000000000003852508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54164b201095c3c2021-12-22 11:47:57.193root 11241100x80000000000000003852509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79592263562a7ab2021-12-22 11:47:57.193root 11241100x80000000000000003852510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8a393cab8c40ac2021-12-22 11:47:57.193root 11241100x80000000000000003852511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326f3f4c6837a1502021-12-22 11:47:57.194root 11241100x80000000000000003852512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b3b5a084886a512021-12-22 11:47:57.194root 11241100x80000000000000003852513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a925abf34e61d4a42021-12-22 11:47:57.693root 11241100x80000000000000003852514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b55e34df87db3432021-12-22 11:47:57.693root 11241100x80000000000000003852515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121329d093f546382021-12-22 11:47:57.693root 11241100x80000000000000003852516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48cb0bd95d4896222021-12-22 11:47:57.693root 11241100x80000000000000003852517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801a52b0d37f744a2021-12-22 11:47:57.693root 11241100x80000000000000003852518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9402556a97519e442021-12-22 11:47:57.693root 11241100x80000000000000003852519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c442a1410f2d712021-12-22 11:47:57.693root 11241100x80000000000000003852520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54070d79f150b8342021-12-22 11:47:57.694root 11241100x80000000000000003852521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c10c884f287e1af2021-12-22 11:47:57.694root 11241100x80000000000000003852522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4e7e5fc40657372021-12-22 11:47:58.193root 11241100x80000000000000003852523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c031d3319410c12021-12-22 11:47:58.193root 11241100x80000000000000003852524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ff529943ea97262021-12-22 11:47:58.193root 11241100x80000000000000003852525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7ff9bff9a6c5202021-12-22 11:47:58.193root 11241100x80000000000000003852526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6d28ad705f84622021-12-22 11:47:58.193root 11241100x80000000000000003852527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ba8117daaa26642021-12-22 11:47:58.193root 11241100x80000000000000003852528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f96db7b7dd67aa82021-12-22 11:47:58.193root 11241100x80000000000000003852529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0484b69b897341a2021-12-22 11:47:58.194root 11241100x80000000000000003852530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795df52b92e242db2021-12-22 11:47:58.194root 11241100x80000000000000003852531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2430de930c381b6e2021-12-22 11:47:58.693root 11241100x80000000000000003852532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e11edf7b6343dd2021-12-22 11:47:58.693root 11241100x80000000000000003852533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb055da240cfb0b2021-12-22 11:47:58.693root 11241100x80000000000000003852534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae92c630cfa0b99f2021-12-22 11:47:58.693root 11241100x80000000000000003852535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a440e5c81b0191da2021-12-22 11:47:58.693root 11241100x80000000000000003852536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a50a466828602872021-12-22 11:47:58.694root 11241100x80000000000000003852537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1895241c74fbfe412021-12-22 11:47:58.694root 11241100x80000000000000003852538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6890e4962538d4292021-12-22 11:47:58.694root 11241100x80000000000000003852539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4a64b57e724f4e2021-12-22 11:47:58.694root 11241100x80000000000000003852540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4bef55c3373eca2021-12-22 11:47:59.193root 11241100x80000000000000003852541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc447c04ec1e1fb2021-12-22 11:47:59.193root 11241100x80000000000000003852542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653bbdc43516ad9e2021-12-22 11:47:59.193root 11241100x80000000000000003852543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66321c66b0220c282021-12-22 11:47:59.193root 11241100x80000000000000003852544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4cd2c240f0efeef2021-12-22 11:47:59.193root 11241100x80000000000000003852545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cae515ab337498a2021-12-22 11:47:59.193root 11241100x80000000000000003852546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a21e85012ce8842021-12-22 11:47:59.194root 11241100x80000000000000003852547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884359922b9af2ab2021-12-22 11:47:59.194root 11241100x80000000000000003852548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e17f7b74888150c2021-12-22 11:47:59.194root 11241100x80000000000000003852549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd93984199410332021-12-22 11:47:59.693root 11241100x80000000000000003852550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3dbd32c31025882021-12-22 11:47:59.693root 11241100x80000000000000003852551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3983d7e3b8a17ec12021-12-22 11:47:59.693root 11241100x80000000000000003852552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4effaa48af749e2021-12-22 11:47:59.693root 11241100x80000000000000003852553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65d007c97aeafe62021-12-22 11:47:59.693root 11241100x80000000000000003852554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbc84913eb52d1b2021-12-22 11:47:59.693root 11241100x80000000000000003852555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700b30ce27ace6762021-12-22 11:47:59.694root 11241100x80000000000000003852556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9f29f0466360702021-12-22 11:47:59.694root 11241100x80000000000000003852557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:47:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee277164c8d95932021-12-22 11:47:59.694root 354300x80000000000000003852558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:00.044{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55470-false10.0.1.12-8000- 11241100x80000000000000003852559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:00.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4495f4ac965caa262021-12-22 11:48:00.045root 11241100x80000000000000003852560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:00.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113ed2d10a21aeec2021-12-22 11:48:00.045root 11241100x80000000000000003852561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:00.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ad415912dc61fb2021-12-22 11:48:00.045root 11241100x80000000000000003852562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:00.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55422bf8c71e5e632021-12-22 11:48:00.045root 11241100x80000000000000003852563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:00.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af38e738a53c99402021-12-22 11:48:00.046root 11241100x80000000000000003852564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:00.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b38e94145ff607642021-12-22 11:48:00.046root 11241100x80000000000000003852565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:00.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e446d3ee4ba57882021-12-22 11:48:00.046root 11241100x80000000000000003852566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:00.047{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d99f0b94dcbf1382021-12-22 11:48:00.047root 11241100x80000000000000003852567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:00.047{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba78133566e1f102021-12-22 11:48:00.047root 11241100x80000000000000003852568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:00.047{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9357ab83243f5c2021-12-22 11:48:00.047root 11241100x80000000000000003852569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52269009d4712a692021-12-22 11:48:00.443root 11241100x80000000000000003852570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69eb30ec9d9899d62021-12-22 11:48:00.443root 11241100x80000000000000003852571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61ea164394e584e2021-12-22 11:48:00.443root 11241100x80000000000000003852572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2eedbe311abf1252021-12-22 11:48:00.443root 11241100x80000000000000003852573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898087b3fce199f12021-12-22 11:48:00.444root 11241100x80000000000000003852574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5625edffffbcce952021-12-22 11:48:00.444root 11241100x80000000000000003852575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45377a8df95d6c692021-12-22 11:48:00.444root 11241100x80000000000000003852576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a536ee083be2903b2021-12-22 11:48:00.444root 11241100x80000000000000003852577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa80cdd7871e8b3e2021-12-22 11:48:00.445root 11241100x80000000000000003852578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8fa89137bc25602021-12-22 11:48:00.445root 11241100x80000000000000003852579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb774853b0b99e22021-12-22 11:48:00.943root 11241100x80000000000000003852580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6533c59cae40802021-12-22 11:48:00.943root 11241100x80000000000000003852581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2963b1821e4b5392021-12-22 11:48:00.943root 11241100x80000000000000003852582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9734e3334131d42021-12-22 11:48:00.943root 11241100x80000000000000003852583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b873d3322c58ef282021-12-22 11:48:00.943root 11241100x80000000000000003852584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0fe98a97cf700862021-12-22 11:48:00.943root 11241100x80000000000000003852585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e10a526aff349b2021-12-22 11:48:00.943root 11241100x80000000000000003852586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16f433f494766f82021-12-22 11:48:00.943root 11241100x80000000000000003852587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74f8e7960a90d1e2021-12-22 11:48:00.944root 11241100x80000000000000003852588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e86b80a936d0c322021-12-22 11:48:00.944root 11241100x80000000000000003852589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97360854922328022021-12-22 11:48:01.443root 11241100x80000000000000003852590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641fc3d7a68b86ef2021-12-22 11:48:01.443root 11241100x80000000000000003852591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce915bfbdaedd5cb2021-12-22 11:48:01.443root 11241100x80000000000000003852592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7754298ed872167d2021-12-22 11:48:01.443root 11241100x80000000000000003852593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81898248aa45af42021-12-22 11:48:01.443root 11241100x80000000000000003852594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b9fe9cbd6f3e8d2021-12-22 11:48:01.443root 11241100x80000000000000003852595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dffd6f481e023a8b2021-12-22 11:48:01.443root 11241100x80000000000000003852596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3330ea27b874f0362021-12-22 11:48:01.443root 11241100x80000000000000003852597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2009a09d191a3be42021-12-22 11:48:01.443root 11241100x80000000000000003852598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db301001aa460e712021-12-22 11:48:01.443root 11241100x80000000000000003852599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67020879e80cfa62021-12-22 11:48:01.943root 11241100x80000000000000003852600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51654d27041754d72021-12-22 11:48:01.943root 11241100x80000000000000003852601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbc0b0f712c8d452021-12-22 11:48:01.943root 11241100x80000000000000003852602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a30de2edeaf9ae72021-12-22 11:48:01.943root 11241100x80000000000000003852603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8211a2313f0856a2021-12-22 11:48:01.943root 11241100x80000000000000003852604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b70999e36cc43432021-12-22 11:48:01.943root 11241100x80000000000000003852605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68be0ec114e86ad82021-12-22 11:48:01.943root 11241100x80000000000000003852606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9519f80520008a2021-12-22 11:48:01.943root 11241100x80000000000000003852607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1726750be98708272021-12-22 11:48:01.943root 11241100x80000000000000003852608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69599026a277b422021-12-22 11:48:01.944root 11241100x80000000000000003852609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9696a9eedc468b5a2021-12-22 11:48:02.443root 11241100x80000000000000003852610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bbf358590312d032021-12-22 11:48:02.443root 11241100x80000000000000003852611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8d37a14dbe1d172021-12-22 11:48:02.443root 11241100x80000000000000003852612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d3ddd1053a08c82021-12-22 11:48:02.443root 11241100x80000000000000003852613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baeff913173a5e412021-12-22 11:48:02.443root 11241100x80000000000000003852614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d8654fcbaaeb622021-12-22 11:48:02.443root 11241100x80000000000000003852615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d9e7218f702be42021-12-22 11:48:02.443root 11241100x80000000000000003852616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ed974a9a8c2af52021-12-22 11:48:02.443root 11241100x80000000000000003852617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85bfbdc62fed37f32021-12-22 11:48:02.443root 11241100x80000000000000003852618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ccfb8b10e4a8b1b2021-12-22 11:48:02.443root 11241100x80000000000000003852619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b7e4e5906ff35a2021-12-22 11:48:02.943root 11241100x80000000000000003852620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ab9cfd476a52d22021-12-22 11:48:02.943root 11241100x80000000000000003852621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85329fc83252788d2021-12-22 11:48:02.943root 11241100x80000000000000003852622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9096afd0e0383932021-12-22 11:48:02.943root 11241100x80000000000000003852623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed979e468dcf2d052021-12-22 11:48:02.943root 11241100x80000000000000003852624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf30c6585bb781b2021-12-22 11:48:02.943root 11241100x80000000000000003852625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f66a67babe3f2b92021-12-22 11:48:02.943root 11241100x80000000000000003852626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0c1ad961e89a292021-12-22 11:48:02.944root 11241100x80000000000000003852627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6d9fde7a28ca892021-12-22 11:48:02.944root 11241100x80000000000000003852628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def882049f03a0942021-12-22 11:48:02.944root 11241100x80000000000000003852629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:03.143{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-22 11:48:03.143root 11241100x80000000000000003852630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39fd945b8dc282bd2021-12-22 11:48:03.443root 11241100x80000000000000003852631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a33be009fbd2d22021-12-22 11:48:03.443root 11241100x80000000000000003852632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65acd379213f2db82021-12-22 11:48:03.443root 11241100x80000000000000003852633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0bf2e81b92f816c2021-12-22 11:48:03.443root 11241100x80000000000000003852634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5e672e25d83d392021-12-22 11:48:03.443root 11241100x80000000000000003852635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4601c1a6285ec242021-12-22 11:48:03.443root 11241100x80000000000000003852636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade243708c5377a32021-12-22 11:48:03.444root 11241100x80000000000000003852637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13428c854713559e2021-12-22 11:48:03.444root 11241100x80000000000000003852638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345d4ba6e887d9c02021-12-22 11:48:03.444root 11241100x80000000000000003852639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53d343d6ba524ad2021-12-22 11:48:03.444root 11241100x80000000000000003852640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980f38771d0543aa2021-12-22 11:48:03.444root 11241100x80000000000000003852641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792a81cce57c19622021-12-22 11:48:03.943root 11241100x80000000000000003852642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b290ffe0b212a842021-12-22 11:48:03.943root 11241100x80000000000000003852643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0302d4d5d3eaab3a2021-12-22 11:48:03.943root 11241100x80000000000000003852644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3d13e045b5a2372021-12-22 11:48:03.943root 11241100x80000000000000003852645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c691e97dad32a95d2021-12-22 11:48:03.943root 11241100x80000000000000003852646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67fda6dc3f205012021-12-22 11:48:03.943root 11241100x80000000000000003852647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081b6b806842f4f32021-12-22 11:48:03.943root 11241100x80000000000000003852648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e13a1c0e2f184ff12021-12-22 11:48:03.944root 11241100x80000000000000003852649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0baaa4e6ec42d72021-12-22 11:48:03.944root 11241100x80000000000000003852650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add6a2c58d38c9ab2021-12-22 11:48:03.944root 11241100x80000000000000003852651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de19fd48aa35f162021-12-22 11:48:03.944root 11241100x80000000000000003852652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0916e0603bd170c42021-12-22 11:48:04.443root 11241100x80000000000000003852653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc747c095e169e0a2021-12-22 11:48:04.443root 11241100x80000000000000003852654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d25853ad9cb7872021-12-22 11:48:04.443root 11241100x80000000000000003852655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde80b4b21d0980f2021-12-22 11:48:04.443root 11241100x80000000000000003852656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c9b94d487bb46d2021-12-22 11:48:04.443root 11241100x80000000000000003852657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8bb42287c351202021-12-22 11:48:04.443root 11241100x80000000000000003852658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52261d0934e8f2a82021-12-22 11:48:04.443root 11241100x80000000000000003852659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6d12aebecf96db2021-12-22 11:48:04.443root 11241100x80000000000000003852660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6efedb2b67d122612021-12-22 11:48:04.443root 11241100x80000000000000003852661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfbecbcfea096a9a2021-12-22 11:48:04.444root 11241100x80000000000000003852662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e752abe04bb8232021-12-22 11:48:04.444root 11241100x80000000000000003852663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.babc2f778ab12bf42021-12-22 11:48:04.943root 11241100x80000000000000003852664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a44d4e907b00c962021-12-22 11:48:04.943root 11241100x80000000000000003852665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b9da1983f3a2c62021-12-22 11:48:04.943root 11241100x80000000000000003852666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7c05b9a69c02212021-12-22 11:48:04.943root 11241100x80000000000000003852667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2288b3cd83aa7c62021-12-22 11:48:04.943root 11241100x80000000000000003852668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7648912bce5c79522021-12-22 11:48:04.943root 11241100x80000000000000003852669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47f0907dfaf24932021-12-22 11:48:04.943root 11241100x80000000000000003852670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e39a810ebd13ad2021-12-22 11:48:04.944root 11241100x80000000000000003852671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316e66fd24568e462021-12-22 11:48:04.944root 11241100x80000000000000003852672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a277cedf227747e2021-12-22 11:48:04.944root 11241100x80000000000000003852673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c214333704663b592021-12-22 11:48:04.944root 11241100x80000000000000003852674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562651c7268946392021-12-22 11:48:05.443root 11241100x80000000000000003852675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d1254669780c6d2021-12-22 11:48:05.443root 11241100x80000000000000003852676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95157771839954782021-12-22 11:48:05.443root 11241100x80000000000000003852677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27f5777746a90aa2021-12-22 11:48:05.443root 11241100x80000000000000003852678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dcdc0d6f747d83e2021-12-22 11:48:05.443root 11241100x80000000000000003852679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d61abe042773772021-12-22 11:48:05.443root 11241100x80000000000000003852680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e7eb539b1719ee2021-12-22 11:48:05.443root 11241100x80000000000000003852681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab784198b278d1312021-12-22 11:48:05.444root 11241100x80000000000000003852682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cfb5c0505da48152021-12-22 11:48:05.444root 11241100x80000000000000003852683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cf221759a56fde2021-12-22 11:48:05.444root 11241100x80000000000000003852684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4cab5211b66a722021-12-22 11:48:05.444root 534500x80000000000000003852685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.645{00000000-0000-0000-0000-000000000000}19072<unknown process>ubuntu 534500x80000000000000003852686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.646{00000000-0000-0000-0000-000000000000}19073<unknown process>ubuntu 11241100x80000000000000003852687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.647{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash/tmp/sh-thd.qvoflK2021-12-22 11:48:05.647ubuntu 23542300x80000000000000003852688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.647{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702ubuntu/bin/bash/tmp/sh-thd.qvoflK--- 11241100x80000000000000003852689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2597ee7d771d6e2021-12-22 11:48:05.943root 11241100x80000000000000003852690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf95caf637cca0b2021-12-22 11:48:05.943root 11241100x80000000000000003852691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15848a4d23e47d882021-12-22 11:48:05.943root 11241100x80000000000000003852692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc271c4efba28d52021-12-22 11:48:05.943root 11241100x80000000000000003852693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10bcf414b3a735112021-12-22 11:48:05.943root 11241100x80000000000000003852694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753617dae087eecb2021-12-22 11:48:05.944root 11241100x80000000000000003852695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b22eb4d696c2c32021-12-22 11:48:05.944root 11241100x80000000000000003852696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f836eaf0bfc4362021-12-22 11:48:05.944root 11241100x80000000000000003852697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b5a86dfd94624f2021-12-22 11:48:05.944root 11241100x80000000000000003852698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dba122a11c8ab9d2021-12-22 11:48:05.944root 11241100x80000000000000003852699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d03b8aac555c3b2021-12-22 11:48:05.945root 11241100x80000000000000003852700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff30e8fe244205562021-12-22 11:48:05.945root 11241100x80000000000000003852701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86e7eefda563ab62021-12-22 11:48:05.945root 11241100x80000000000000003852702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf6b3a29c1e76692021-12-22 11:48:05.945root 11241100x80000000000000003852703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b378056c2824862021-12-22 11:48:05.945root 11241100x80000000000000003852704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ecaaf2cf67b8f62021-12-22 11:48:05.945root 11241100x80000000000000003852705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b291faf9406161a92021-12-22 11:48:05.945root 11241100x80000000000000003852706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d2bb3afc0a2a102021-12-22 11:48:05.945root 11241100x80000000000000003852707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df8e10e18ae84f42021-12-22 11:48:05.946root 11241100x80000000000000003852708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb61414fa52b068e2021-12-22 11:48:05.946root 11241100x80000000000000003852709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b792aa75245282c2021-12-22 11:48:05.946root 11241100x80000000000000003852710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bd50ccdb47c4252021-12-22 11:48:05.947root 11241100x80000000000000003852711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d258aacbb2737102021-12-22 11:48:05.947root 11241100x80000000000000003852712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60df6c4da398fcfa2021-12-22 11:48:05.947root 11241100x80000000000000003852713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba690a509a642a22021-12-22 11:48:05.948root 11241100x80000000000000003852714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce57b3ad02e147a42021-12-22 11:48:05.948root 11241100x80000000000000003852715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436ada7acef887402021-12-22 11:48:05.948root 11241100x80000000000000003852716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d2e689e38787a92021-12-22 11:48:05.948root 11241100x80000000000000003852717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa41eeb841bf59622021-12-22 11:48:05.948root 354300x80000000000000003852718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.028{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55472-false10.0.1.12-8000- 11241100x80000000000000003852719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f372a86bac418922021-12-22 11:48:06.443root 11241100x80000000000000003852720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3f5a61fced6b232021-12-22 11:48:06.443root 11241100x80000000000000003852721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7d65eb2f844c782021-12-22 11:48:06.443root 11241100x80000000000000003852722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa48224df3176fd2021-12-22 11:48:06.443root 11241100x80000000000000003852723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19617b396a3dd4e92021-12-22 11:48:06.443root 11241100x80000000000000003852724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914ff4ef78cf2e5b2021-12-22 11:48:06.443root 11241100x80000000000000003852725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b391a157509c306f2021-12-22 11:48:06.443root 11241100x80000000000000003852726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c7b76de8477a4592021-12-22 11:48:06.443root 11241100x80000000000000003852727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9aa68238018a3022021-12-22 11:48:06.444root 11241100x80000000000000003852728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4db50af0f9f0e72021-12-22 11:48:06.444root 11241100x80000000000000003852729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc20d4d1df38b2e72021-12-22 11:48:06.444root 11241100x80000000000000003852730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee770beeebc74c062021-12-22 11:48:06.444root 11241100x80000000000000003852731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62c07e402a03cd52021-12-22 11:48:06.444root 11241100x80000000000000003852732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8981eabae512332021-12-22 11:48:06.444root 11241100x80000000000000003852733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6bd899c59a709942021-12-22 11:48:06.444root 11241100x80000000000000003852734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7e5f23a68b9c2e2021-12-22 11:48:06.444root 534500x80000000000000003852735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.843{00000000-0000-0000-0000-000000000000}19074<unknown process>ubuntu 11241100x80000000000000003852736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.844{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e85ed7c5b0217c2021-12-22 11:48:06.844root 11241100x80000000000000003852737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.844{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cdd0b19ce7013892021-12-22 11:48:06.844root 11241100x80000000000000003852738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.844{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f192751bb3dda732021-12-22 11:48:06.844root 11241100x80000000000000003852739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.844{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26aff29810972ea52021-12-22 11:48:06.844root 11241100x80000000000000003852740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.844{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17645466d6ead6e2021-12-22 11:48:06.844root 11241100x80000000000000003852741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.844{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf18bccaaa6fc3c02021-12-22 11:48:06.844root 11241100x80000000000000003852742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.844{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619af2da8abe31192021-12-22 11:48:06.844root 11241100x80000000000000003852743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.844{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7f277b3e87d3502021-12-22 11:48:06.844root 11241100x80000000000000003852744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.844{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5e73ce19f44e5a2021-12-22 11:48:06.844root 11241100x80000000000000003852745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.844{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3a4800a2c344862021-12-22 11:48:06.844root 11241100x80000000000000003852746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.845{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb193ec9fe3f40b2021-12-22 11:48:06.845root 11241100x80000000000000003852747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.845{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b77054253f802812021-12-22 11:48:06.845root 11241100x80000000000000003852748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.845{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a6183188ede64f2021-12-22 11:48:06.845root 534500x80000000000000003852749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.845{00000000-0000-0000-0000-000000000000}19075<unknown process>ubuntu 11241100x80000000000000003852750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.845{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674d67d58fbe1c912021-12-22 11:48:06.845root 11241100x80000000000000003852751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.845{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d881ad37718dbfac2021-12-22 11:48:06.845root 11241100x80000000000000003852752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.845{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9deee270f51bf49c2021-12-22 11:48:06.845root 11241100x80000000000000003852753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.845{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45366f7a2e1452132021-12-22 11:48:06.845root 11241100x80000000000000003852754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.845{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee23770fe94cb1602021-12-22 11:48:06.845root 11241100x80000000000000003852755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.845{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f99eb0d4e3a2d8e2021-12-22 11:48:06.845root 11241100x80000000000000003852756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.845{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9785ee6230c548e82021-12-22 11:48:06.845root 11241100x80000000000000003852757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.845{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab55b497d6ad8d82021-12-22 11:48:06.845root 11241100x80000000000000003852758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.845{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b252a71879a7122021-12-22 11:48:06.845root 11241100x80000000000000003852759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.845{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0fa8ff699ba9a4d2021-12-22 11:48:06.845root 11241100x80000000000000003852760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.845{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5282b15a6c504b322021-12-22 11:48:06.845root 11241100x80000000000000003852761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.845{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cd62dae1c5bd332021-12-22 11:48:06.845root 11241100x80000000000000003852762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.845{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8296bf9b9f894e052021-12-22 11:48:06.845root 11241100x80000000000000003852763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.845{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash/tmp/sh-thd.q2DIgq2021-12-22 11:48:06.845ubuntu 23542300x80000000000000003852764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:06.845{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702ubuntu/bin/bash/tmp/sh-thd.q2DIgq--- 11241100x80000000000000003852765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b0e7cf8898115c2021-12-22 11:48:07.193root 11241100x80000000000000003852766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78c2b15002c80f12021-12-22 11:48:07.193root 11241100x80000000000000003852767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd2daa4f23c50a92021-12-22 11:48:07.193root 11241100x80000000000000003852768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5a925a4c5d1f892021-12-22 11:48:07.194root 11241100x80000000000000003852769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3ba0df19ef32022021-12-22 11:48:07.194root 11241100x80000000000000003852770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e10bd49b4c5d39a2021-12-22 11:48:07.194root 11241100x80000000000000003852771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be5fa93c4475b432021-12-22 11:48:07.194root 11241100x80000000000000003852772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae858f6323fd4942021-12-22 11:48:07.194root 11241100x80000000000000003852773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7760fbe9c5aa31762021-12-22 11:48:07.194root 11241100x80000000000000003852774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1384ebec2fc95ad62021-12-22 11:48:07.194root 11241100x80000000000000003852775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa1f9a9b91d90f22021-12-22 11:48:07.194root 11241100x80000000000000003852776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a441f36ae3eee8b2021-12-22 11:48:07.194root 11241100x80000000000000003852777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc11bd93e492e6012021-12-22 11:48:07.194root 11241100x80000000000000003852778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4bdc8caf1146c52021-12-22 11:48:07.194root 11241100x80000000000000003852779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6449d0919ce1aa2021-12-22 11:48:07.194root 11241100x80000000000000003852780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36507435a42858852021-12-22 11:48:07.195root 11241100x80000000000000003852781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c5f752e56725252021-12-22 11:48:07.195root 11241100x80000000000000003852782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a3af518784cd812021-12-22 11:48:07.195root 11241100x80000000000000003852783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36e3729f0f5746f2021-12-22 11:48:07.195root 11241100x80000000000000003852784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82844df0fa43d242021-12-22 11:48:07.195root 11241100x80000000000000003852785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b1ff66e55854642021-12-22 11:48:07.693root 11241100x80000000000000003852786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5685892d6e64876e2021-12-22 11:48:07.694root 11241100x80000000000000003852787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0865afa5b51c4ac12021-12-22 11:48:07.694root 11241100x80000000000000003852788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bccd156a2e72eb6e2021-12-22 11:48:07.694root 11241100x80000000000000003852789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d500187ea9075a2021-12-22 11:48:07.694root 11241100x80000000000000003852790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e27ca1ec6fc7e762021-12-22 11:48:07.694root 11241100x80000000000000003852791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7a57c32591a5782021-12-22 11:48:07.694root 11241100x80000000000000003852792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ffe155bdf7ca732021-12-22 11:48:07.695root 11241100x80000000000000003852793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6457348eeda5fb562021-12-22 11:48:07.695root 11241100x80000000000000003852794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89e9911c1978cb02021-12-22 11:48:07.695root 11241100x80000000000000003852795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdd0c50655f1da52021-12-22 11:48:07.695root 11241100x80000000000000003852796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed29294fa11f92a2021-12-22 11:48:07.695root 11241100x80000000000000003852797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68def10d5a40ba2b2021-12-22 11:48:07.695root 11241100x80000000000000003852798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa156f24df1d99c82021-12-22 11:48:07.696root 11241100x80000000000000003852799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18255ff159904de2021-12-22 11:48:07.696root 11241100x80000000000000003852800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09a42eb76891c572021-12-22 11:48:07.696root 11241100x80000000000000003852801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0448f883564888752021-12-22 11:48:07.696root 11241100x80000000000000003852802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51bea9bdf05f54542021-12-22 11:48:07.696root 11241100x80000000000000003852803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0353037b31c3a9b2021-12-22 11:48:07.696root 11241100x80000000000000003852804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9b7db25d0fa32d2021-12-22 11:48:07.696root 11241100x80000000000000003852805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319c97ffe0f61c4d2021-12-22 11:48:08.193root 11241100x80000000000000003852806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da00b6500ecfb4a2021-12-22 11:48:08.193root 11241100x80000000000000003852807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a505becec3fe5db2021-12-22 11:48:08.193root 11241100x80000000000000003852808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d5e71be4305e402021-12-22 11:48:08.193root 11241100x80000000000000003852809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b939b2b8e5e8ca2021-12-22 11:48:08.193root 11241100x80000000000000003852810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c54337909efa252021-12-22 11:48:08.194root 11241100x80000000000000003852811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557a5c63fa156d212021-12-22 11:48:08.194root 11241100x80000000000000003852812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d89fe49940762112021-12-22 11:48:08.194root 11241100x80000000000000003852813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07e3a7c31e9ef382021-12-22 11:48:08.194root 11241100x80000000000000003852814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b254de5b9eb094ff2021-12-22 11:48:08.194root 11241100x80000000000000003852815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a141a6bda1a7ee2021-12-22 11:48:08.195root 11241100x80000000000000003852816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75c651a7616f1f02021-12-22 11:48:08.195root 11241100x80000000000000003852817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc4c20c7ad605bd2021-12-22 11:48:08.195root 11241100x80000000000000003852818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87bb2a5c37fe08f2021-12-22 11:48:08.195root 11241100x80000000000000003852819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26114879fa6e1cfe2021-12-22 11:48:08.195root 11241100x80000000000000003852820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38cdd4863f5ddcb2021-12-22 11:48:08.196root 11241100x80000000000000003852821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99aaf0fc0a8080672021-12-22 11:48:08.196root 11241100x80000000000000003852822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c43c2faae9eda62021-12-22 11:48:08.196root 11241100x80000000000000003852823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf963cb1c8c3c672021-12-22 11:48:08.196root 11241100x80000000000000003852824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1c49a9bea9d9122021-12-22 11:48:08.197root 11241100x80000000000000003852825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e56d559cf26c8732021-12-22 11:48:08.693root 11241100x80000000000000003852826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bea9fa52f573ee32021-12-22 11:48:08.693root 11241100x80000000000000003852827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9484f263d0c8e82021-12-22 11:48:08.693root 11241100x80000000000000003852828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f838470fad566f2021-12-22 11:48:08.693root 11241100x80000000000000003852829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255d22050f37f6792021-12-22 11:48:08.693root 11241100x80000000000000003852830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149eb65f65c99d5d2021-12-22 11:48:08.694root 11241100x80000000000000003852831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb19af0081f141482021-12-22 11:48:08.694root 11241100x80000000000000003852832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb63ae2d45705e832021-12-22 11:48:08.694root 11241100x80000000000000003852833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e86ed7aaf440ba92021-12-22 11:48:08.694root 11241100x80000000000000003852834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb9755214c829f92021-12-22 11:48:08.694root 11241100x80000000000000003852835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b4812b7517eac12021-12-22 11:48:08.694root 11241100x80000000000000003852836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee6de5d1fba01f1b2021-12-22 11:48:08.694root 11241100x80000000000000003852837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b745ab0bf9f000592021-12-22 11:48:08.694root 11241100x80000000000000003852838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e95694ea2b33722021-12-22 11:48:08.694root 11241100x80000000000000003852839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9022fcc5becefc2e2021-12-22 11:48:08.694root 11241100x80000000000000003852840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ce19054978e03c2021-12-22 11:48:08.694root 11241100x80000000000000003852841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e37ab55e9ccaa792021-12-22 11:48:08.694root 11241100x80000000000000003852842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ce7b90185392622021-12-22 11:48:08.694root 11241100x80000000000000003852843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9baa4f04320d6042021-12-22 11:48:08.694root 11241100x80000000000000003852844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843e110bf835f9da2021-12-22 11:48:08.694root 23542300x80000000000000003852845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.987{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000003852846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.988{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7b5169014789262021-12-22 11:48:08.988root 11241100x80000000000000003852847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.988{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8589cf86a143fa32021-12-22 11:48:08.988root 11241100x80000000000000003852848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.988{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b6ce28efaa6e752021-12-22 11:48:08.988root 11241100x80000000000000003852849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.988{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73eebe2b7897d2f42021-12-22 11:48:08.988root 11241100x80000000000000003852850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.988{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52bdb67e48d49442021-12-22 11:48:08.988root 11241100x80000000000000003852851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.988{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08703a01033b7062021-12-22 11:48:08.988root 11241100x80000000000000003852852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.988{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78dda174e312eb62021-12-22 11:48:08.988root 11241100x80000000000000003852853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.988{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7413c5d9e798f92021-12-22 11:48:08.988root 11241100x80000000000000003852854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.989{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2116ae73689e620f2021-12-22 11:48:08.989root 11241100x80000000000000003852855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.989{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdcf0578615c52902021-12-22 11:48:08.989root 11241100x80000000000000003852856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.989{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b516979278befd2021-12-22 11:48:08.989root 11241100x80000000000000003852857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.989{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6ef1aab93ee8712021-12-22 11:48:08.989root 11241100x80000000000000003852858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.989{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a756ad778f51c9892021-12-22 11:48:08.989root 11241100x80000000000000003852859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.989{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c514c7cdb5c5562021-12-22 11:48:08.989root 11241100x80000000000000003852860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.990{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8d88234e3303192021-12-22 11:48:08.990root 11241100x80000000000000003852861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.990{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c599889ba25ccd9e2021-12-22 11:48:08.990root 11241100x80000000000000003852862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.990{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362e67c9878520ef2021-12-22 11:48:08.990root 11241100x80000000000000003852863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.990{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c2baacb2a85b9d2021-12-22 11:48:08.990root 11241100x80000000000000003852864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.991{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb743bb4f9749a02021-12-22 11:48:08.991root 11241100x80000000000000003852865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.991{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20cc98bde917ec02021-12-22 11:48:08.991root 11241100x80000000000000003852866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:08.992{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81672b9075504bd2021-12-22 11:48:08.992root 154100x80000000000000003852867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.225{ec2b6afe-1079-61c3-883b-e178d1550000}19076/bin/mv-----mv evil_preload.c prog.c/home/ubuntuubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 534500x80000000000000003852868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.227{ec2b6afe-1079-61c3-883b-e178d1550000}19076/bin/mvubuntu 11241100x80000000000000003852869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd5f1bf862a1ad42021-12-22 11:48:09.442root 11241100x80000000000000003852870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07184db833c18a902021-12-22 11:48:09.443root 11241100x80000000000000003852871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c66869f267e3042021-12-22 11:48:09.443root 11241100x80000000000000003852872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e3cab1da263dec2021-12-22 11:48:09.443root 11241100x80000000000000003852873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c05162fb9ccade2021-12-22 11:48:09.443root 11241100x80000000000000003852874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a6b3a14bb82f642021-12-22 11:48:09.444root 11241100x80000000000000003852875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18330a2f179d51132021-12-22 11:48:09.444root 11241100x80000000000000003852876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a2457e726f1fbd2021-12-22 11:48:09.444root 11241100x80000000000000003852877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac34df3b4d36af82021-12-22 11:48:09.444root 11241100x80000000000000003852878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1517ee644e527f942021-12-22 11:48:09.444root 11241100x80000000000000003852879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a070ce450da1ee2021-12-22 11:48:09.444root 11241100x80000000000000003852880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335689f33ac1a5d82021-12-22 11:48:09.445root 11241100x80000000000000003852881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c09726d1dbdfbb32021-12-22 11:48:09.445root 11241100x80000000000000003852882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3f2fd1f92f8f532021-12-22 11:48:09.445root 11241100x80000000000000003852883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431355ef17a514b62021-12-22 11:48:09.445root 11241100x80000000000000003852884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2877711aacc43f6a2021-12-22 11:48:09.445root 11241100x80000000000000003852885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b66fea0bacd3382021-12-22 11:48:09.445root 11241100x80000000000000003852886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a88c534d5763162021-12-22 11:48:09.445root 11241100x80000000000000003852887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8485a745965772d12021-12-22 11:48:09.445root 11241100x80000000000000003852888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4a7ae0ddba91462021-12-22 11:48:09.446root 11241100x80000000000000003852889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790cebb8d5cac26f2021-12-22 11:48:09.446root 11241100x80000000000000003852890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c615e65b9342f62021-12-22 11:48:09.446root 11241100x80000000000000003852891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb0520d5504c80a2021-12-22 11:48:09.446root 11241100x80000000000000003852892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0a08bc37e7985b2021-12-22 11:48:09.446root 11241100x80000000000000003852893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeff7b01778072992021-12-22 11:48:09.446root 11241100x80000000000000003852894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ce44883f0688d72021-12-22 11:48:09.446root 11241100x80000000000000003852895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0a17cc1ee3aa8d2021-12-22 11:48:09.446root 11241100x80000000000000003852896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d94af3e4d52d8f2021-12-22 11:48:09.448root 11241100x80000000000000003852897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0eddb0d1689df52021-12-22 11:48:09.448root 11241100x80000000000000003852898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a47297afe7e1952021-12-22 11:48:09.448root 11241100x80000000000000003852899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec102738ab496bf2021-12-22 11:48:09.449root 11241100x80000000000000003852900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7fe8bdc2e54633c2021-12-22 11:48:09.449root 11241100x80000000000000003852901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96dade684b74b5662021-12-22 11:48:09.449root 11241100x80000000000000003852902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81dac1c5c73d9ae92021-12-22 11:48:09.449root 11241100x80000000000000003852903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd4c90fa53e86202021-12-22 11:48:09.449root 11241100x80000000000000003852904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd3c304e4675ec352021-12-22 11:48:09.449root 11241100x80000000000000003852905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a014ad1563e7a62021-12-22 11:48:09.449root 11241100x80000000000000003852906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26923bf8114adabc2021-12-22 11:48:09.942root 11241100x80000000000000003852907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0e919f89180d872021-12-22 11:48:09.943root 11241100x80000000000000003852908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9faac6e3da8a3ce2021-12-22 11:48:09.944root 11241100x80000000000000003852909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295f93d6971279532021-12-22 11:48:09.944root 11241100x80000000000000003852910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3b83016b1de5bf2021-12-22 11:48:09.944root 11241100x80000000000000003852911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb21add242d9bdae2021-12-22 11:48:09.944root 11241100x80000000000000003852912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e00b98e6a452d52021-12-22 11:48:09.945root 11241100x80000000000000003852913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85404312b97038ff2021-12-22 11:48:09.945root 11241100x80000000000000003852914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522928f423b828fd2021-12-22 11:48:09.945root 11241100x80000000000000003852915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad259b0ab5c4d842021-12-22 11:48:09.945root 11241100x80000000000000003852916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c0315597c06ba62021-12-22 11:48:09.946root 11241100x80000000000000003852917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19fa8123eb0b6fb62021-12-22 11:48:09.946root 11241100x80000000000000003852918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7500cf1d213b79162021-12-22 11:48:09.946root 11241100x80000000000000003852919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8492a14114e3482021-12-22 11:48:09.946root 11241100x80000000000000003852920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8dbaa93dcc08932021-12-22 11:48:09.946root 11241100x80000000000000003852921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1191375f9bff84152021-12-22 11:48:09.947root 11241100x80000000000000003852922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8c2adfb8e31b652021-12-22 11:48:09.947root 11241100x80000000000000003852923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aba436b4e1616a02021-12-22 11:48:09.947root 11241100x80000000000000003852924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d32ebc8a7a271722021-12-22 11:48:09.947root 11241100x80000000000000003852925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b70e842f36ca252021-12-22 11:48:09.947root 11241100x80000000000000003852926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06f83001dffcd592021-12-22 11:48:09.947root 11241100x80000000000000003852927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc38f59178fce9362021-12-22 11:48:09.948root 11241100x80000000000000003852928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274063df4bda831d2021-12-22 11:48:09.948root 11241100x80000000000000003852929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09983529b112d9c22021-12-22 11:48:09.948root 11241100x80000000000000003852930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9cd4ac3af8ee982021-12-22 11:48:09.948root 11241100x80000000000000003852931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5f998fe767d7bd2021-12-22 11:48:09.948root 11241100x80000000000000003852932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d772a42d9c739fa2021-12-22 11:48:09.948root 11241100x80000000000000003852933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de70f39ba2e946772021-12-22 11:48:09.948root 11241100x80000000000000003852934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e894f940f53da7d32021-12-22 11:48:09.948root 11241100x80000000000000003852935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ed1027c73e91402021-12-22 11:48:09.948root 11241100x80000000000000003852936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27621e6f5ce5b3382021-12-22 11:48:09.949root 11241100x80000000000000003852937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171c628ddc4880702021-12-22 11:48:09.949root 11241100x80000000000000003852938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632c2afa66a8c38d2021-12-22 11:48:09.949root 11241100x80000000000000003852939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65474d7d199b2272021-12-22 11:48:09.950root 11241100x80000000000000003852940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392f32f2d3d9f56e2021-12-22 11:48:09.950root 11241100x80000000000000003852941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1cb2753422e27772021-12-22 11:48:09.950root 11241100x80000000000000003852942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:09.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ff8bc7a8e17b7a2021-12-22 11:48:09.951root 11241100x80000000000000003852943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9557e24075cf0cf02021-12-22 11:48:10.443root 11241100x80000000000000003852944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1928188647446d082021-12-22 11:48:10.443root 11241100x80000000000000003852945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937a375067e6a9862021-12-22 11:48:10.443root 11241100x80000000000000003852946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd43582e2de9c11a2021-12-22 11:48:10.443root 11241100x80000000000000003852947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ee3b75f4a7c3cf2021-12-22 11:48:10.444root 11241100x80000000000000003852948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab82ac92524300f62021-12-22 11:48:10.444root 11241100x80000000000000003852949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3031424081e385c2021-12-22 11:48:10.444root 11241100x80000000000000003852950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580d2c8453660fb62021-12-22 11:48:10.444root 11241100x80000000000000003852951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0cc7cf0bce60e42021-12-22 11:48:10.444root 11241100x80000000000000003852952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3fb68c2ca106e62021-12-22 11:48:10.444root 11241100x80000000000000003852953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916d84d7fdf70e982021-12-22 11:48:10.444root 11241100x80000000000000003852954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cec4190839a22cc2021-12-22 11:48:10.444root 11241100x80000000000000003852955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1440f38b5c60e12021-12-22 11:48:10.444root 11241100x80000000000000003852956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23854a43a27a7c5f2021-12-22 11:48:10.445root 11241100x80000000000000003852957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb0da82e504d0312021-12-22 11:48:10.445root 11241100x80000000000000003852958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f929d6ba4bf706152021-12-22 11:48:10.445root 11241100x80000000000000003852959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055ebdbb17c40dc32021-12-22 11:48:10.445root 11241100x80000000000000003852960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6be1147ab901e322021-12-22 11:48:10.445root 11241100x80000000000000003852961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f62b9bbecf7cca2021-12-22 11:48:10.445root 11241100x80000000000000003852962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9bd97dca2dad0a2021-12-22 11:48:10.445root 11241100x80000000000000003852963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f3725f4166b7822021-12-22 11:48:10.445root 11241100x80000000000000003852964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df85882fa12624ac2021-12-22 11:48:10.445root 11241100x80000000000000003852965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99968a428169f9652021-12-22 11:48:10.445root 154100x80000000000000003852966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.744{ec2b6afe-107a-61c3-e8a6-a0c0d3550000}19077/bin/ls-----ls --color=auto -l/home/ubuntuubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 11241100x80000000000000003852967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.746{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91b35cceb3f65162021-12-22 11:48:10.746root 11241100x80000000000000003852968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.746{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a785204f53ca669b2021-12-22 11:48:10.746root 534500x80000000000000003852969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.747{ec2b6afe-107a-61c3-e8a6-a0c0d3550000}19077/bin/lsubuntu 11241100x80000000000000003852970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.747{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abc4db44e5cb3e32021-12-22 11:48:10.747root 11241100x80000000000000003852971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.747{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce603678563bd3392021-12-22 11:48:10.747root 11241100x80000000000000003852972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.748{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eba3867f27d29d12021-12-22 11:48:10.748root 11241100x80000000000000003852973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.748{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8007aefcef16367d2021-12-22 11:48:10.748root 11241100x80000000000000003852974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.748{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15421e9f5a8c9d5c2021-12-22 11:48:10.748root 11241100x80000000000000003852975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.748{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b04f1b9697f8d542021-12-22 11:48:10.748root 11241100x80000000000000003852976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.748{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60548dc7103e3992021-12-22 11:48:10.748root 11241100x80000000000000003852977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.749{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51f2f94fd14fbe12021-12-22 11:48:10.749root 11241100x80000000000000003852978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.749{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085e7fa9ed8788672021-12-22 11:48:10.749root 11241100x80000000000000003852979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.749{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634dddebed493eac2021-12-22 11:48:10.749root 11241100x80000000000000003852980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.749{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57bb1bef817da3762021-12-22 11:48:10.749root 11241100x80000000000000003852981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.749{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efb22e461964ebe2021-12-22 11:48:10.749root 11241100x80000000000000003852982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.750{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb148e564450a882021-12-22 11:48:10.750root 11241100x80000000000000003852983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.750{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67da9fb7d28cdc612021-12-22 11:48:10.750root 11241100x80000000000000003852984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.750{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b241f5e0a4f222a2021-12-22 11:48:10.750root 11241100x80000000000000003852985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.750{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256969432f91482c2021-12-22 11:48:10.750root 11241100x80000000000000003852986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.750{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfeb52484e6380eb2021-12-22 11:48:10.750root 11241100x80000000000000003852987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.750{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185d361fb8b5bb4b2021-12-22 11:48:10.750root 11241100x80000000000000003852988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.751{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be06e4bbc6901b122021-12-22 11:48:10.751root 11241100x80000000000000003852989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.751{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1837b0fba7b24e12021-12-22 11:48:10.751root 11241100x80000000000000003852990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.751{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b410940178d691a32021-12-22 11:48:10.751root 11241100x80000000000000003852991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.751{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91ca3335cfdacd82021-12-22 11:48:10.751root 11241100x80000000000000003852992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:10.752{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8567318ff0eec6b2021-12-22 11:48:10.752root 354300x80000000000000003852993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.055{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55474-false10.0.1.12-8000- 11241100x80000000000000003852994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.056{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeceb7c4f7f1476b2021-12-22 11:48:11.056root 11241100x80000000000000003852995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.056{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172e59a12a9ce5a72021-12-22 11:48:11.056root 11241100x80000000000000003852996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.056{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4deb51520f0fa3d2021-12-22 11:48:11.056root 11241100x80000000000000003852997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.056{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e911c883bc0700f32021-12-22 11:48:11.056root 11241100x80000000000000003852998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.056{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de64a1c5edb3be222021-12-22 11:48:11.056root 11241100x80000000000000003852999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.056{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bac8d9d832101e2021-12-22 11:48:11.056root 11241100x80000000000000003853000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.056{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eaa2ec4f7d83b282021-12-22 11:48:11.056root 11241100x80000000000000003853001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.056{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f78910f2ec632d2021-12-22 11:48:11.056root 11241100x80000000000000003853002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.056{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4ec52c6147d1582021-12-22 11:48:11.056root 11241100x80000000000000003853003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.056{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f68a035e1f71fc92021-12-22 11:48:11.056root 11241100x80000000000000003853004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.056{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae20c0163aba74f2021-12-22 11:48:11.056root 11241100x80000000000000003853005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.056{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d109ffe10dfb5fd42021-12-22 11:48:11.056root 11241100x80000000000000003853006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.056{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a3d2c9044f0da52021-12-22 11:48:11.056root 11241100x80000000000000003853007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.056{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597374b5277d06852021-12-22 11:48:11.056root 11241100x80000000000000003853008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.057{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17755091422fa42d2021-12-22 11:48:11.057root 11241100x80000000000000003853009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.057{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9154ae051d814e812021-12-22 11:48:11.057root 11241100x80000000000000003853010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.057{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f7ba9d1426ec962021-12-22 11:48:11.057root 11241100x80000000000000003853011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.057{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e80085b7f9757e2021-12-22 11:48:11.057root 11241100x80000000000000003853012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.057{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491f2c24ef84cd7d2021-12-22 11:48:11.057root 11241100x80000000000000003853013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.057{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66506456f666d2562021-12-22 11:48:11.057root 11241100x80000000000000003853014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.057{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667a1cfa63b99bac2021-12-22 11:48:11.057root 11241100x80000000000000003853015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.057{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa0231a5743c3352021-12-22 11:48:11.057root 11241100x80000000000000003853016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.057{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9866d6b12ff0a40d2021-12-22 11:48:11.057root 11241100x80000000000000003853017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.057{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c90a36f53cc9942021-12-22 11:48:11.057root 11241100x80000000000000003853018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.058{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ac73a80822bdec2021-12-22 11:48:11.058root 11241100x80000000000000003853019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.058{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465bcd7bb98f00122021-12-22 11:48:11.058root 11241100x80000000000000003853020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.058{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b963a29606d5fc682021-12-22 11:48:11.058root 11241100x80000000000000003853021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.058{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d499b606b86015102021-12-22 11:48:11.058root 11241100x80000000000000003853022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93c33be20d28a952021-12-22 11:48:11.443root 11241100x80000000000000003853023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8713ffb36a8139162021-12-22 11:48:11.443root 11241100x80000000000000003853024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c8b6810feca34f2021-12-22 11:48:11.444root 11241100x80000000000000003853025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921151c462772c6c2021-12-22 11:48:11.444root 11241100x80000000000000003853026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54018c61d32e8a42021-12-22 11:48:11.444root 11241100x80000000000000003853027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb46d494c02504592021-12-22 11:48:11.444root 11241100x80000000000000003853028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e32fc9812f078e2021-12-22 11:48:11.444root 11241100x80000000000000003853029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12ff926c634c99e2021-12-22 11:48:11.444root 11241100x80000000000000003853030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9efb3ef4b0d9e42021-12-22 11:48:11.444root 11241100x80000000000000003853031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd515c04f9d90242021-12-22 11:48:11.444root 11241100x80000000000000003853032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe07e0b30c125a7a2021-12-22 11:48:11.444root 11241100x80000000000000003853033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40652850137060042021-12-22 11:48:11.444root 11241100x80000000000000003853034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be4eee415503e792021-12-22 11:48:11.444root 11241100x80000000000000003853035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2fc4bb2e6cce2052021-12-22 11:48:11.445root 11241100x80000000000000003853036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dcbada52305b3922021-12-22 11:48:11.445root 11241100x80000000000000003853037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853c2961c39dd8f02021-12-22 11:48:11.445root 11241100x80000000000000003853038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4184a7a2d704f4ed2021-12-22 11:48:11.445root 11241100x80000000000000003853039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9ea40b9c3c804e2021-12-22 11:48:11.445root 11241100x80000000000000003853040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a164e09e84a5d182021-12-22 11:48:11.445root 11241100x80000000000000003853041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e16cca21d4ab4f2021-12-22 11:48:11.445root 11241100x80000000000000003853042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46533e5f6bea1cdd2021-12-22 11:48:11.445root 11241100x80000000000000003853043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdcd46eeb92426d02021-12-22 11:48:11.445root 11241100x80000000000000003853044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a496a2e9359dbc082021-12-22 11:48:11.446root 11241100x80000000000000003853045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2218b9a74bb01b52021-12-22 11:48:11.446root 11241100x80000000000000003853046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df78f916072c8e3e2021-12-22 11:48:11.446root 11241100x80000000000000003853047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1233a1e30a251b5a2021-12-22 11:48:11.446root 11241100x80000000000000003853048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178d22feba61a8742021-12-22 11:48:11.446root 11241100x80000000000000003853049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c382ed0cf33867352021-12-22 11:48:11.943root 11241100x80000000000000003853050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbd48e24cd23a452021-12-22 11:48:11.943root 11241100x80000000000000003853051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884a7c4e00a1df262021-12-22 11:48:11.943root 11241100x80000000000000003853052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3031348c50e12a82021-12-22 11:48:11.943root 11241100x80000000000000003853053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe90ae9c399911d82021-12-22 11:48:11.943root 11241100x80000000000000003853054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b773c9a68f1656682021-12-22 11:48:11.943root 11241100x80000000000000003853055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6b7445926e09ee2021-12-22 11:48:11.943root 11241100x80000000000000003853056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f5ef900adab9df2021-12-22 11:48:11.944root 11241100x80000000000000003853057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f248782ee5fd3e9b2021-12-22 11:48:11.944root 11241100x80000000000000003853058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ddff627cf3ebde92021-12-22 11:48:11.944root 11241100x80000000000000003853059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4dec411379b6a62021-12-22 11:48:11.944root 11241100x80000000000000003853060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eface48742a45dac2021-12-22 11:48:11.944root 11241100x80000000000000003853061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d197240aab1499c2021-12-22 11:48:11.944root 11241100x80000000000000003853062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b4e371ccd41a3b2021-12-22 11:48:11.944root 11241100x80000000000000003853063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3c9209c475816c2021-12-22 11:48:11.944root 11241100x80000000000000003853064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c052c25aa516f002021-12-22 11:48:11.944root 11241100x80000000000000003853065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80113bad48bbd2f72021-12-22 11:48:11.945root 11241100x80000000000000003853066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6196ba4eb2eab2e2021-12-22 11:48:11.945root 11241100x80000000000000003853067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66cb25ad315d916f2021-12-22 11:48:11.945root 11241100x80000000000000003853068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6eabe55b97cac92021-12-22 11:48:11.945root 11241100x80000000000000003853069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f83ccd52e9ab482021-12-22 11:48:11.945root 11241100x80000000000000003853070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58873532108f5e222021-12-22 11:48:11.946root 11241100x80000000000000003853071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea527abdd254faa2021-12-22 11:48:11.946root 11241100x80000000000000003853072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e197290ab4eaeccf2021-12-22 11:48:11.946root 11241100x80000000000000003853073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78cb256c9543be972021-12-22 11:48:11.946root 11241100x80000000000000003853074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55aad8f7a812d67e2021-12-22 11:48:11.946root 11241100x80000000000000003853075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de540d51691cea42021-12-22 11:48:11.946root 11241100x80000000000000003853076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b40e71de7692bd2021-12-22 11:48:11.946root 11241100x80000000000000003853077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f12b30be15c5e12021-12-22 11:48:11.946root 11241100x80000000000000003853078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185d52963c0058932021-12-22 11:48:11.947root 11241100x80000000000000003853079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff49fdbc110f7a72021-12-22 11:48:11.947root 11241100x80000000000000003853080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34491e5fbbdc7982021-12-22 11:48:11.947root 11241100x80000000000000003853081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d864f09f6de985982021-12-22 11:48:11.947root 11241100x80000000000000003853082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18dc6fa5e4e52b9a2021-12-22 11:48:11.947root 11241100x80000000000000003853083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc71c5c998239d92021-12-22 11:48:11.947root 11241100x80000000000000003853084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9955b3a2748690962021-12-22 11:48:11.948root 11241100x80000000000000003853085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7574c17a1fd7db102021-12-22 11:48:11.948root 11241100x80000000000000003853086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ae4cd78cc4100d2021-12-22 11:48:11.948root 11241100x80000000000000003853087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66349d6d03424bcf2021-12-22 11:48:11.948root 11241100x80000000000000003853088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85207861104aae542021-12-22 11:48:11.948root 11241100x80000000000000003853089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a734f6e1cc9c67a22021-12-22 11:48:11.948root 11241100x80000000000000003853090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a116e15bf154492021-12-22 11:48:11.948root 11241100x80000000000000003853091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1fd884b4ee8aa882021-12-22 11:48:11.949root 11241100x80000000000000003853092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:11.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750c2200e70b6e972021-12-22 11:48:11.949root 11241100x80000000000000003853093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6163f6a2f91990bd2021-12-22 11:48:12.443root 11241100x80000000000000003853094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d0ab2fc20323d52021-12-22 11:48:12.443root 11241100x80000000000000003853095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92e68e4375776222021-12-22 11:48:12.444root 11241100x80000000000000003853096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8c6940a2b587662021-12-22 11:48:12.444root 11241100x80000000000000003853097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bedba0ab6689ed2021-12-22 11:48:12.444root 11241100x80000000000000003853098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c0b545b981693c2021-12-22 11:48:12.444root 11241100x80000000000000003853099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79acf4db772a103c2021-12-22 11:48:12.444root 11241100x80000000000000003853100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c118d8b2e1983062021-12-22 11:48:12.444root 11241100x80000000000000003853101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0769993792890bf2021-12-22 11:48:12.444root 11241100x80000000000000003853102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ca76fbc3458b4e2021-12-22 11:48:12.444root 11241100x80000000000000003853103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91686eca9bcea9d52021-12-22 11:48:12.444root 11241100x80000000000000003853104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0612a5b220671c212021-12-22 11:48:12.444root 11241100x80000000000000003853105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80cec477ae29decf2021-12-22 11:48:12.444root 11241100x80000000000000003853106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a1c8baf01081c62021-12-22 11:48:12.445root 11241100x80000000000000003853107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2863737741fcf072021-12-22 11:48:12.445root 11241100x80000000000000003853108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e254462b767230512021-12-22 11:48:12.445root 11241100x80000000000000003853109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7e5f2f716e6b292021-12-22 11:48:12.445root 11241100x80000000000000003853110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e59cc7534cf6d1d2021-12-22 11:48:12.445root 11241100x80000000000000003853111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713c497cb96b8d212021-12-22 11:48:12.445root 11241100x80000000000000003853112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc384da9b409f58b2021-12-22 11:48:12.445root 11241100x80000000000000003853113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14eb9e82c38e5b062021-12-22 11:48:12.445root 11241100x80000000000000003853114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690a64a9f174cdf32021-12-22 11:48:12.445root 11241100x80000000000000003853115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27292a9a54fc0282021-12-22 11:48:12.446root 11241100x80000000000000003853116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0c1a77545163e32021-12-22 11:48:12.446root 11241100x80000000000000003853117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11cfb0c1c88e6b62021-12-22 11:48:12.446root 11241100x80000000000000003853118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7edfce381289fe502021-12-22 11:48:12.446root 11241100x80000000000000003853119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047c74ad0bd8dbe42021-12-22 11:48:12.942root 11241100x80000000000000003853120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b88fd12d8c04e732021-12-22 11:48:12.943root 11241100x80000000000000003853121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6ca7edc26506412021-12-22 11:48:12.943root 11241100x80000000000000003853122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c3e618b539d92e2021-12-22 11:48:12.943root 11241100x80000000000000003853123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6269bfb7ea0cbe1a2021-12-22 11:48:12.944root 11241100x80000000000000003853124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74f1d5a7a1127972021-12-22 11:48:12.944root 11241100x80000000000000003853125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac554f4456f73af2021-12-22 11:48:12.944root 11241100x80000000000000003853126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebcd5965f686d9cc2021-12-22 11:48:12.944root 11241100x80000000000000003853127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fcc03e7d08fc13f2021-12-22 11:48:12.946root 11241100x80000000000000003853128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272e9a3868624cd02021-12-22 11:48:12.946root 11241100x80000000000000003853129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5701f60502ebc58a2021-12-22 11:48:12.946root 11241100x80000000000000003853130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348c72b527feaa552021-12-22 11:48:12.947root 11241100x80000000000000003853131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef41bd6913f9417d2021-12-22 11:48:12.948root 11241100x80000000000000003853132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb314e8cb55a0ee92021-12-22 11:48:12.948root 11241100x80000000000000003853133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6019a86e069cb9aa2021-12-22 11:48:12.948root 11241100x80000000000000003853134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb20aefbe4261f3c2021-12-22 11:48:12.948root 11241100x80000000000000003853135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79f1b2f6f7465df2021-12-22 11:48:12.950root 11241100x80000000000000003853136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4327f86533939362021-12-22 11:48:12.950root 11241100x80000000000000003853137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877d7c67a330643a2021-12-22 11:48:12.950root 11241100x80000000000000003853138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782e77d5865aa6302021-12-22 11:48:12.950root 11241100x80000000000000003853139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf277b52aa2d0862021-12-22 11:48:12.951root 11241100x80000000000000003853140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ef396e5669e3462021-12-22 11:48:12.951root 11241100x80000000000000003853141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b735291afe4f13f2021-12-22 11:48:12.951root 11241100x80000000000000003853142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffdb0d28338d0bb2021-12-22 11:48:12.952root 11241100x80000000000000003853143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc7138dd92fb1222021-12-22 11:48:12.952root 11241100x80000000000000003853144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1a5690b5620d522021-12-22 11:48:12.952root 11241100x80000000000000003853145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf147591317bf7962021-12-22 11:48:12.952root 11241100x80000000000000003853146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360565dc1d34cd062021-12-22 11:48:12.952root 11241100x80000000000000003853147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389d00af9c305c6c2021-12-22 11:48:12.953root 11241100x80000000000000003853148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d430bbe7673cd2552021-12-22 11:48:12.953root 11241100x80000000000000003853149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8fe4a080f7ba0ca2021-12-22 11:48:12.953root 11241100x80000000000000003853150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64056674162b34382021-12-22 11:48:12.953root 11241100x80000000000000003853151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edcf0782ee2987452021-12-22 11:48:12.953root 11241100x80000000000000003853152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:12.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4616393de0637b02021-12-22 11:48:12.953root 11241100x80000000000000003853153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26beabf20b8efa492021-12-22 11:48:13.443root 11241100x80000000000000003853154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e091b9c6e9cef0082021-12-22 11:48:13.443root 11241100x80000000000000003853155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8983c01bba815dd72021-12-22 11:48:13.443root 11241100x80000000000000003853156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81dfddb1e531dc872021-12-22 11:48:13.443root 11241100x80000000000000003853157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d316c994b050882021-12-22 11:48:13.444root 11241100x80000000000000003853158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158d908c11ad96472021-12-22 11:48:13.444root 11241100x80000000000000003853159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5200f3496ff0aa2021-12-22 11:48:13.444root 11241100x80000000000000003853160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d39688996e8e8f02021-12-22 11:48:13.444root 11241100x80000000000000003853161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9d8e772a451c332021-12-22 11:48:13.444root 11241100x80000000000000003853162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78418a623e7de382021-12-22 11:48:13.444root 11241100x80000000000000003853163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d056610b15b5a42021-12-22 11:48:13.444root 11241100x80000000000000003853164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7974f84fc587d7ac2021-12-22 11:48:13.444root 11241100x80000000000000003853165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd437443a35e1c732021-12-22 11:48:13.444root 11241100x80000000000000003853166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee560cee0514a33c2021-12-22 11:48:13.444root 11241100x80000000000000003853167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb61b3bc27ca99a2021-12-22 11:48:13.444root 11241100x80000000000000003853168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbc3ffd388b74422021-12-22 11:48:13.444root 11241100x80000000000000003853169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aaba2eaf8e71d502021-12-22 11:48:13.445root 11241100x80000000000000003853170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723f4d66241bfc3a2021-12-22 11:48:13.445root 11241100x80000000000000003853171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d871afe4a1cf8f0a2021-12-22 11:48:13.445root 11241100x80000000000000003853172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f060541f7c89352021-12-22 11:48:13.445root 11241100x80000000000000003853173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72e7605bed037662021-12-22 11:48:13.445root 11241100x80000000000000003853174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9978aff3af53e02021-12-22 11:48:13.445root 11241100x80000000000000003853175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec094a4ecf72e60d2021-12-22 11:48:13.446root 11241100x80000000000000003853176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f60dd55c48292a12021-12-22 11:48:13.446root 11241100x80000000000000003853177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3548f3cd803e8032021-12-22 11:48:13.446root 11241100x80000000000000003853178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f8c691eb2eb8c42021-12-22 11:48:13.446root 11241100x80000000000000003853179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64515efa9bb3c56e2021-12-22 11:48:13.943root 11241100x80000000000000003853180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abc6e1adcd56eb12021-12-22 11:48:13.943root 11241100x80000000000000003853181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd74f90f85a131092021-12-22 11:48:13.944root 11241100x80000000000000003853182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e059f6c09e37e82f2021-12-22 11:48:13.944root 11241100x80000000000000003853183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0542cc23bdff57e02021-12-22 11:48:13.944root 11241100x80000000000000003853184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46304277ff7236a42021-12-22 11:48:13.944root 11241100x80000000000000003853185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d2a24bbdd986732021-12-22 11:48:13.944root 11241100x80000000000000003853186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765b026619ac537b2021-12-22 11:48:13.944root 11241100x80000000000000003853187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18408a137c5fb51d2021-12-22 11:48:13.944root 11241100x80000000000000003853188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b385052ce4d568792021-12-22 11:48:13.944root 11241100x80000000000000003853189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18709c66cb14ac0b2021-12-22 11:48:13.945root 11241100x80000000000000003853190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caca3523e0847eb62021-12-22 11:48:13.945root 11241100x80000000000000003853191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42358d5d0dd9722b2021-12-22 11:48:13.945root 11241100x80000000000000003853192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682abf68183cf7f92021-12-22 11:48:13.945root 11241100x80000000000000003853193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3519ae62d4db6312021-12-22 11:48:13.945root 11241100x80000000000000003853194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609000c6c1514e8f2021-12-22 11:48:13.945root 11241100x80000000000000003853195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e40dc1c8924edf92021-12-22 11:48:13.945root 11241100x80000000000000003853196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343a42469dbe72e12021-12-22 11:48:13.945root 11241100x80000000000000003853197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5501432cbf805d3f2021-12-22 11:48:13.945root 11241100x80000000000000003853198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e647d1efe059313f2021-12-22 11:48:13.945root 11241100x80000000000000003853199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edae9863c8b646d52021-12-22 11:48:13.945root 11241100x80000000000000003853200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e81df756c757332021-12-22 11:48:13.946root 11241100x80000000000000003853201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b4b2a0de6e29922021-12-22 11:48:13.946root 11241100x80000000000000003853202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33cec01269633dc22021-12-22 11:48:13.946root 11241100x80000000000000003853203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3def58b5e7b400482021-12-22 11:48:13.946root 11241100x80000000000000003853204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ae9fd14b199e5b2021-12-22 11:48:13.946root 11241100x80000000000000003853205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba2af3a5fe45fc42021-12-22 11:48:14.443root 11241100x80000000000000003853206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c890803b68a8f05d2021-12-22 11:48:14.443root 11241100x80000000000000003853207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1869d4865435ad962021-12-22 11:48:14.443root 11241100x80000000000000003853208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f583e68db52710e2021-12-22 11:48:14.443root 11241100x80000000000000003853209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81456ba8ae7bd67a2021-12-22 11:48:14.443root 11241100x80000000000000003853210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93921f8ac135995d2021-12-22 11:48:14.443root 11241100x80000000000000003853211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05311e7910f475102021-12-22 11:48:14.443root 11241100x80000000000000003853212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75bdd705216f2c72021-12-22 11:48:14.443root 11241100x80000000000000003853213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2449ff9f28cbd5802021-12-22 11:48:14.444root 11241100x80000000000000003853214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67afac0a4c425e892021-12-22 11:48:14.444root 11241100x80000000000000003853215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f962546484507972021-12-22 11:48:14.444root 11241100x80000000000000003853216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4714f63b05748c2021-12-22 11:48:14.444root 11241100x80000000000000003853217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba533fd3100b6522021-12-22 11:48:14.444root 11241100x80000000000000003853218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a428fc68c3cae56e2021-12-22 11:48:14.445root 11241100x80000000000000003853219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d8d3c4028ad59f2021-12-22 11:48:14.445root 11241100x80000000000000003853220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a6562f482b4d362021-12-22 11:48:14.445root 11241100x80000000000000003853221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2a0346b7a28ffa2021-12-22 11:48:14.446root 11241100x80000000000000003853222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ceedbff2bdf75f32021-12-22 11:48:14.446root 11241100x80000000000000003853223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b994b63db394e3eb2021-12-22 11:48:14.446root 11241100x80000000000000003853224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aacdd8fa28b1a7462021-12-22 11:48:14.446root 11241100x80000000000000003853225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1103ba80614b8b1c2021-12-22 11:48:14.446root 11241100x80000000000000003853226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aeb48ba7f9dab8b2021-12-22 11:48:14.446root 11241100x80000000000000003853227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b7319d03fca2cf42021-12-22 11:48:14.447root 11241100x80000000000000003853228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6120cab0d9e195322021-12-22 11:48:14.447root 11241100x80000000000000003853229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2491be1af21fd85b2021-12-22 11:48:14.447root 11241100x80000000000000003853230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1fd799a279bb362021-12-22 11:48:14.449root 11241100x80000000000000003853231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c06297840b2b7802021-12-22 11:48:14.449root 11241100x80000000000000003853232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d575ac9de783c32f2021-12-22 11:48:14.449root 11241100x80000000000000003853233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7e748da2439c182021-12-22 11:48:14.449root 11241100x80000000000000003853234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599484aee80a32422021-12-22 11:48:14.449root 11241100x80000000000000003853235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90d3469026f39a22021-12-22 11:48:14.450root 11241100x80000000000000003853236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c03537118be2392021-12-22 11:48:14.450root 11241100x80000000000000003853237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93ee1cf86cf0d6f2021-12-22 11:48:14.450root 11241100x80000000000000003853238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8332cd3f47a90eb62021-12-22 11:48:14.451root 11241100x80000000000000003853239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60cf2bc28006a2e32021-12-22 11:48:14.452root 11241100x80000000000000003853240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a41142b267123672021-12-22 11:48:14.452root 11241100x80000000000000003853241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f1dfe591a8675c2021-12-22 11:48:14.452root 11241100x80000000000000003853242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a0eaf59e4b2d132021-12-22 11:48:14.452root 11241100x80000000000000003853243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e3291a6e4877242021-12-22 11:48:14.452root 11241100x80000000000000003853244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9526ae18a0a5a0002021-12-22 11:48:14.452root 11241100x80000000000000003853245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982fb88197b3b8ae2021-12-22 11:48:14.453root 11241100x80000000000000003853246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4bc32761c22f4c2021-12-22 11:48:14.943root 11241100x80000000000000003853247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251a9408bfa0e73c2021-12-22 11:48:14.943root 11241100x80000000000000003853248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a407957013edb342021-12-22 11:48:14.943root 11241100x80000000000000003853249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e98c91a073cff542021-12-22 11:48:14.943root 11241100x80000000000000003853250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f92108d33f1e792021-12-22 11:48:14.943root 11241100x80000000000000003853251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e6fa5f5cc575782021-12-22 11:48:14.943root 11241100x80000000000000003853252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e8d9a8cc28b2362021-12-22 11:48:14.944root 11241100x80000000000000003853253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6fe237bdda1b7d72021-12-22 11:48:14.944root 11241100x80000000000000003853254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6657e84678bf19a72021-12-22 11:48:14.944root 11241100x80000000000000003853255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03341b8bee4d8d02021-12-22 11:48:14.944root 11241100x80000000000000003853256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62d2ca0047a8bf02021-12-22 11:48:14.944root 11241100x80000000000000003853257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ce8a7b1fd2a13b2021-12-22 11:48:14.944root 11241100x80000000000000003853258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172aae9d0b72a3312021-12-22 11:48:14.944root 11241100x80000000000000003853259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51728295d55cf6bb2021-12-22 11:48:14.944root 11241100x80000000000000003853260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12584d5c14dea242021-12-22 11:48:14.944root 11241100x80000000000000003853261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66125fbb5f7f5e052021-12-22 11:48:14.944root 11241100x80000000000000003853262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bddab73f5fb810e2021-12-22 11:48:14.944root 11241100x80000000000000003853263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742659a60d5558f92021-12-22 11:48:14.944root 11241100x80000000000000003853264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1781a791b482a3c82021-12-22 11:48:14.944root 11241100x80000000000000003853265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ccd60e85d1d08c2021-12-22 11:48:14.944root 11241100x80000000000000003853266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf6bca458c123c72021-12-22 11:48:14.944root 11241100x80000000000000003853267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1f5db58bd4d96e2021-12-22 11:48:14.944root 11241100x80000000000000003853268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb94dfae37c04af2021-12-22 11:48:14.945root 11241100x80000000000000003853269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f1c03e9e0777342021-12-22 11:48:14.945root 11241100x80000000000000003853270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9a3e7b9c0daee72021-12-22 11:48:14.945root 11241100x80000000000000003853271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530bce214ad3ff0d2021-12-22 11:48:14.945root 11241100x80000000000000003853272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195590f4cbf69a812021-12-22 11:48:14.945root 11241100x80000000000000003853273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad66e21c0ef7beb42021-12-22 11:48:14.945root 11241100x80000000000000003853274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7dccb79bff63742021-12-22 11:48:14.945root 11241100x80000000000000003853275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86cab00f9ccd799d2021-12-22 11:48:14.945root 11241100x80000000000000003853276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7893f2e49e9674112021-12-22 11:48:14.945root 11241100x80000000000000003853277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f147fa59ea36dc2021-12-22 11:48:14.945root 11241100x80000000000000003853278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3bc3c9a648bd52a2021-12-22 11:48:14.945root 11241100x80000000000000003853279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217d0489ce12c7c62021-12-22 11:48:14.945root 11241100x80000000000000003853280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996ac5e23a56b9322021-12-22 11:48:14.945root 11241100x80000000000000003853281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c637c0c180b7f9c42021-12-22 11:48:14.945root 11241100x80000000000000003853282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcbf8068555d34e72021-12-22 11:48:14.945root 11241100x80000000000000003853283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfba364f55aa67142021-12-22 11:48:14.946root 11241100x80000000000000003853284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d074606391509492021-12-22 11:48:14.946root 11241100x80000000000000003853285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edefa1a9678ec8472021-12-22 11:48:14.946root 11241100x80000000000000003853286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a8121bf0239f4882021-12-22 11:48:14.946root 11241100x80000000000000003853287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c38b139847be5e2021-12-22 11:48:14.946root 11241100x80000000000000003853288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abc3ed7deeb15902021-12-22 11:48:14.946root 11241100x80000000000000003853289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c989d1f3d736a482021-12-22 11:48:14.946root 11241100x80000000000000003853290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58bd470eaa3517e2021-12-22 11:48:14.946root 11241100x80000000000000003853291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637f0168dc8f304a2021-12-22 11:48:14.946root 11241100x80000000000000003853292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894df99e7ac9e62a2021-12-22 11:48:14.946root 11241100x80000000000000003853293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41d812e919332882021-12-22 11:48:14.946root 11241100x80000000000000003853294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51de002261f86f002021-12-22 11:48:14.946root 11241100x80000000000000003853295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f373d335d5a9912021-12-22 11:48:14.946root 11241100x80000000000000003853296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1322a4b7f462612021-12-22 11:48:14.946root 11241100x80000000000000003853297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2c7e95835e38d02021-12-22 11:48:14.947root 11241100x80000000000000003853298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d01612a938532b2021-12-22 11:48:14.947root 11241100x80000000000000003853299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0e0647f77ea8c12021-12-22 11:48:14.947root 11241100x80000000000000003853300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857900b239891b712021-12-22 11:48:14.947root 11241100x80000000000000003853301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e76774f2bc7a312021-12-22 11:48:14.947root 11241100x80000000000000003853302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7fd6781b5d23592021-12-22 11:48:14.947root 11241100x80000000000000003853303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19636d30a64ee2fc2021-12-22 11:48:14.947root 11241100x80000000000000003853304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e9ead5d9270e552021-12-22 11:48:14.947root 11241100x80000000000000003853305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3630df723bfca86b2021-12-22 11:48:14.947root 11241100x80000000000000003853306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1b20b9c8b95ca72021-12-22 11:48:14.947root 11241100x80000000000000003853307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10326e5b249a3b982021-12-22 11:48:14.947root 11241100x80000000000000003853308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2cf1d0b621fe0f2021-12-22 11:48:14.947root 11241100x80000000000000003853309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40560263d1b8b322021-12-22 11:48:14.947root 11241100x80000000000000003853310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4d5b9f991347c32021-12-22 11:48:14.947root 11241100x80000000000000003853311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29dd9e68d46bdddd2021-12-22 11:48:14.947root 11241100x80000000000000003853312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a67c3f85f58f6f2021-12-22 11:48:14.947root 11241100x80000000000000003853313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80edc0eed78fb9712021-12-22 11:48:14.948root 11241100x80000000000000003853314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da96b72bfb2068c2021-12-22 11:48:14.948root 11241100x80000000000000003853315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6775d9524c8075032021-12-22 11:48:14.948root 11241100x80000000000000003853316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f629d8e4aaa66ff2021-12-22 11:48:14.948root 11241100x80000000000000003853317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd944612c7d82822021-12-22 11:48:14.948root 11241100x80000000000000003853318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e1e267ac2316d82021-12-22 11:48:14.948root 11241100x80000000000000003853319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9f8cc40dda188c2021-12-22 11:48:14.948root 11241100x80000000000000003853320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77ae5f10c7f6db12021-12-22 11:48:14.948root 11241100x80000000000000003853321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2ee89f53a71b0e2021-12-22 11:48:14.948root 11241100x80000000000000003853322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c3964cd941dea42021-12-22 11:48:14.948root 11241100x80000000000000003853323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7d54001bba22ce2021-12-22 11:48:14.948root 11241100x80000000000000003853324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a862f9d8e47b0e2a2021-12-22 11:48:14.948root 11241100x80000000000000003853325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4f23c7f74a86412021-12-22 11:48:14.948root 11241100x80000000000000003853326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6b51f7a7c86eb72021-12-22 11:48:14.948root 11241100x80000000000000003853327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff7d6b66ceac8092021-12-22 11:48:14.948root 11241100x80000000000000003853328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c13447c30f0c2c2021-12-22 11:48:14.949root 11241100x80000000000000003853329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691dc07d26ddca642021-12-22 11:48:14.949root 11241100x80000000000000003853330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ff0be156f6fcfb2021-12-22 11:48:14.949root 11241100x80000000000000003853331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cf521d2c2945e22021-12-22 11:48:14.949root 11241100x80000000000000003853332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca0cf65c20e976c2021-12-22 11:48:14.949root 11241100x80000000000000003853333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d521530c3d663742021-12-22 11:48:14.949root 11241100x80000000000000003853334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35754f11c90a3f0e2021-12-22 11:48:14.949root 11241100x80000000000000003853335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:14.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa629be88945d412021-12-22 11:48:14.949root 11241100x80000000000000003853336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05123921dc6dc45f2021-12-22 11:48:15.443root 11241100x80000000000000003853337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52ce412154ae7b52021-12-22 11:48:15.443root 11241100x80000000000000003853338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768a263b415208642021-12-22 11:48:15.443root 11241100x80000000000000003853339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330cdd17dc94678b2021-12-22 11:48:15.443root 11241100x80000000000000003853340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943616006c067c002021-12-22 11:48:15.444root 11241100x80000000000000003853341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887cd214496ff68b2021-12-22 11:48:15.444root 11241100x80000000000000003853342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb953fbdd53f9542021-12-22 11:48:15.444root 11241100x80000000000000003853343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708f5cdc3a57b73b2021-12-22 11:48:15.444root 11241100x80000000000000003853344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d2b0fbc1b8cd0b2021-12-22 11:48:15.444root 11241100x80000000000000003853345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d950fe1280cc822021-12-22 11:48:15.444root 11241100x80000000000000003853346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e117d3957946c72021-12-22 11:48:15.445root 11241100x80000000000000003853347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc96945d23e1bf02021-12-22 11:48:15.445root 11241100x80000000000000003853348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573c7ba4f84f72bf2021-12-22 11:48:15.445root 11241100x80000000000000003853349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1782e0a8189b1f92021-12-22 11:48:15.445root 11241100x80000000000000003853350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0607310da514d02021-12-22 11:48:15.445root 11241100x80000000000000003853351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b3be401e5af9ea2021-12-22 11:48:15.445root 11241100x80000000000000003853352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6836bf52ef4d8db2021-12-22 11:48:15.445root 11241100x80000000000000003853353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1b3efceaf714062021-12-22 11:48:15.445root 11241100x80000000000000003853354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac993b227efb5ca2021-12-22 11:48:15.445root 11241100x80000000000000003853355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b7ac96f6f765982021-12-22 11:48:15.446root 11241100x80000000000000003853356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd87eaf1d546f6d2021-12-22 11:48:15.446root 11241100x80000000000000003853357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf5017a007757cf2021-12-22 11:48:15.446root 11241100x80000000000000003853358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682cd8bb58ff3a842021-12-22 11:48:15.446root 11241100x80000000000000003853359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d881ed96fb4f90692021-12-22 11:48:15.446root 11241100x80000000000000003853360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d98cc19fa3a0232021-12-22 11:48:15.446root 11241100x80000000000000003853361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e554f190fee19e92021-12-22 11:48:15.446root 11241100x80000000000000003853362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb5f170906515b42021-12-22 11:48:15.446root 11241100x80000000000000003853363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0b59f92ba930a42021-12-22 11:48:15.446root 11241100x80000000000000003853364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6dc4390490bc8fa2021-12-22 11:48:15.447root 11241100x80000000000000003853365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c57e21f8ad6bee12021-12-22 11:48:15.447root 11241100x80000000000000003853366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef7f6c4162664782021-12-22 11:48:15.943root 11241100x80000000000000003853367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512151a9e8c64e222021-12-22 11:48:15.943root 11241100x80000000000000003853368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b7492e509c56562021-12-22 11:48:15.943root 11241100x80000000000000003853369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0193c512f0ec940e2021-12-22 11:48:15.943root 11241100x80000000000000003853370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63deda81171e65852021-12-22 11:48:15.943root 11241100x80000000000000003853371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da89cc623b945f2f2021-12-22 11:48:15.943root 11241100x80000000000000003853372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91cca690810670ed2021-12-22 11:48:15.943root 11241100x80000000000000003853373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49990010a0450942021-12-22 11:48:15.944root 11241100x80000000000000003853374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f21ecad6bc349d52021-12-22 11:48:15.944root 11241100x80000000000000003853375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53ec486373de0e32021-12-22 11:48:15.944root 11241100x80000000000000003853376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d726ad7684195232021-12-22 11:48:15.944root 11241100x80000000000000003853377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e3dd7719a6b0d602021-12-22 11:48:15.944root 11241100x80000000000000003853378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272f0ccdc0c37ecd2021-12-22 11:48:15.944root 11241100x80000000000000003853379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e584b7c87b993bdc2021-12-22 11:48:15.944root 11241100x80000000000000003853380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2d51fc821e966a2021-12-22 11:48:15.944root 11241100x80000000000000003853381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102ea678a9686f8a2021-12-22 11:48:15.944root 11241100x80000000000000003853382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5054a9120c964bd12021-12-22 11:48:15.944root 11241100x80000000000000003853383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d27c4d4e05e41682021-12-22 11:48:15.944root 11241100x80000000000000003853384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e6c795ead28fb02021-12-22 11:48:15.945root 11241100x80000000000000003853385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecdf6f1a4cc3289a2021-12-22 11:48:15.945root 11241100x80000000000000003853386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2884107333a7a6c2021-12-22 11:48:15.945root 11241100x80000000000000003853387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8d8bd952cf99bc2021-12-22 11:48:15.945root 11241100x80000000000000003853388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec2314e1b2947c32021-12-22 11:48:15.945root 11241100x80000000000000003853389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f72e45a69374bd92021-12-22 11:48:15.945root 11241100x80000000000000003853390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0aa4f38e2b86dba2021-12-22 11:48:15.945root 11241100x80000000000000003853391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.860ad5bb3bf9e3c02021-12-22 11:48:15.945root 11241100x80000000000000003853392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664fed3fd1a325342021-12-22 11:48:15.946root 11241100x80000000000000003853393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3541f025ffe4a1362021-12-22 11:48:15.946root 11241100x80000000000000003853394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546498788017469e2021-12-22 11:48:15.946root 11241100x80000000000000003853395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540ea8f5ec6780302021-12-22 11:48:15.946root 11241100x80000000000000003853396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea094622ff0d32c2021-12-22 11:48:15.946root 11241100x80000000000000003853397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e287197262074d5d2021-12-22 11:48:15.946root 11241100x80000000000000003853398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d53ea44416179c02021-12-22 11:48:15.946root 11241100x80000000000000003853399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc15d9fca300ebe22021-12-22 11:48:15.946root 11241100x80000000000000003853400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa40f23767b094f52021-12-22 11:48:15.947root 11241100x80000000000000003853401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1249aa7102638d72021-12-22 11:48:15.947root 11241100x80000000000000003853402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f599f03625be502021-12-22 11:48:15.947root 354300x80000000000000003853403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.180{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55476-false10.0.1.12-8000- 11241100x80000000000000003853404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b71e068db577b92021-12-22 11:48:16.443root 11241100x80000000000000003853405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b236ee4c6a33dfa2021-12-22 11:48:16.443root 11241100x80000000000000003853406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b6db1bb1f65b272021-12-22 11:48:16.443root 11241100x80000000000000003853407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed8e7042f83de812021-12-22 11:48:16.443root 11241100x80000000000000003853408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d51e6f9728389582021-12-22 11:48:16.443root 11241100x80000000000000003853409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4997bab3cebbc52021-12-22 11:48:16.444root 11241100x80000000000000003853410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6abf5a30e08dfb452021-12-22 11:48:16.444root 11241100x80000000000000003853411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0465d4f6e663d6752021-12-22 11:48:16.444root 11241100x80000000000000003853412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c03ea18824c6a82021-12-22 11:48:16.444root 11241100x80000000000000003853413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f375707d5bb171f72021-12-22 11:48:16.444root 11241100x80000000000000003853414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc77993d94cfd5c02021-12-22 11:48:16.444root 11241100x80000000000000003853415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464f124a4e82710f2021-12-22 11:48:16.444root 11241100x80000000000000003853416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0585470e7034622021-12-22 11:48:16.444root 11241100x80000000000000003853417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67efc30fc3873ee12021-12-22 11:48:16.444root 11241100x80000000000000003853418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1cfc6425e4f4f9d2021-12-22 11:48:16.444root 11241100x80000000000000003853419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b691132dfb8181432021-12-22 11:48:16.444root 11241100x80000000000000003853420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d687cf398b487e32021-12-22 11:48:16.444root 11241100x80000000000000003853421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ebc5532c437f22c2021-12-22 11:48:16.445root 11241100x80000000000000003853422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6498e253dbdef9902021-12-22 11:48:16.445root 11241100x80000000000000003853423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c8bc1c4c8ed9da2021-12-22 11:48:16.445root 11241100x80000000000000003853424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878b6d2f3cbbc21a2021-12-22 11:48:16.445root 11241100x80000000000000003853425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a3b2b72fb39e632021-12-22 11:48:16.445root 11241100x80000000000000003853426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd6011afbe90ce72021-12-22 11:48:16.445root 11241100x80000000000000003853427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b477b1b3a2658f42021-12-22 11:48:16.445root 11241100x80000000000000003853428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58245606c00a420f2021-12-22 11:48:16.445root 11241100x80000000000000003853429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9bdc1c5ea7e37762021-12-22 11:48:16.445root 11241100x80000000000000003853430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d9b7afa3a33d932021-12-22 11:48:16.445root 11241100x80000000000000003853431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04ccb3a6cf73e6f2021-12-22 11:48:16.445root 11241100x80000000000000003853432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d4de9156aafc682021-12-22 11:48:16.445root 11241100x80000000000000003853433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97ff1f83a0abeb02021-12-22 11:48:16.445root 11241100x80000000000000003853434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4dd03afe8c33c482021-12-22 11:48:16.445root 11241100x80000000000000003853435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d257b5bd33d81df2021-12-22 11:48:16.445root 11241100x80000000000000003853436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1292dbe13f3e1f2021-12-22 11:48:16.943root 11241100x80000000000000003853437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31339d17738d34522021-12-22 11:48:16.943root 11241100x80000000000000003853438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3e2b2a7a7ad7522021-12-22 11:48:16.943root 11241100x80000000000000003853439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56efccb30f96abae2021-12-22 11:48:16.944root 11241100x80000000000000003853440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ccefcb88047ea3a2021-12-22 11:48:16.944root 11241100x80000000000000003853441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d320c4ade46a19072021-12-22 11:48:16.944root 11241100x80000000000000003853442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48f8726f707679f2021-12-22 11:48:16.944root 11241100x80000000000000003853443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339e502dc8a2e5b92021-12-22 11:48:16.944root 11241100x80000000000000003853444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6f18cceb5d9b1e2021-12-22 11:48:16.944root 11241100x80000000000000003853445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb0baff6fb5ed8d42021-12-22 11:48:16.944root 11241100x80000000000000003853446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46dbde1bb5ea38072021-12-22 11:48:16.944root 11241100x80000000000000003853447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9444ec05bb64052021-12-22 11:48:16.944root 11241100x80000000000000003853448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58a79e6c12107d02021-12-22 11:48:16.944root 11241100x80000000000000003853449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7ef4a0e4c8f1cb2021-12-22 11:48:16.945root 11241100x80000000000000003853450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1187131458197f8a2021-12-22 11:48:16.945root 11241100x80000000000000003853451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88baa950edda15c92021-12-22 11:48:16.945root 11241100x80000000000000003853452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9743f661fddd47b02021-12-22 11:48:16.945root 11241100x80000000000000003853453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3431285079bb1d4d2021-12-22 11:48:16.945root 11241100x80000000000000003853454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf46776aca22dbf2021-12-22 11:48:16.945root 11241100x80000000000000003853455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e84fb80ccc4f2742021-12-22 11:48:16.945root 11241100x80000000000000003853456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab05f02b253b3512021-12-22 11:48:16.945root 11241100x80000000000000003853457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d75d86620e87a62021-12-22 11:48:16.945root 11241100x80000000000000003853458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55488871cb86652e2021-12-22 11:48:16.945root 11241100x80000000000000003853459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877ab258fc6668052021-12-22 11:48:16.945root 11241100x80000000000000003853460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88bd0af24eed56ff2021-12-22 11:48:16.945root 11241100x80000000000000003853461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e1c83784616a1d2021-12-22 11:48:16.945root 11241100x80000000000000003853462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea74c12ad00c4592021-12-22 11:48:16.945root 11241100x80000000000000003853463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d08ad6ab5d92492021-12-22 11:48:17.443root 11241100x80000000000000003853464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfccc3c43c2baa152021-12-22 11:48:17.443root 11241100x80000000000000003853465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826489fd90c8b3672021-12-22 11:48:17.443root 11241100x80000000000000003853466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be9295fded3f5f22021-12-22 11:48:17.443root 11241100x80000000000000003853467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77115cc7ad193ae82021-12-22 11:48:17.444root 11241100x80000000000000003853468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f6cda20ac9d2912021-12-22 11:48:17.444root 11241100x80000000000000003853469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8ed74540413a092021-12-22 11:48:17.444root 11241100x80000000000000003853470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a95701b28e49a32021-12-22 11:48:17.444root 11241100x80000000000000003853471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1afd5e086b25ff622021-12-22 11:48:17.444root 11241100x80000000000000003853472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1acd3aa689f598d2021-12-22 11:48:17.444root 11241100x80000000000000003853473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a7aa1038f5ade92021-12-22 11:48:17.444root 11241100x80000000000000003853474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888ae380274236f72021-12-22 11:48:17.444root 11241100x80000000000000003853475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78dfe8bfd4492a9e2021-12-22 11:48:17.444root 11241100x80000000000000003853476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7beb70c9b1ffee12021-12-22 11:48:17.444root 11241100x80000000000000003853477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd1f4c06fe17a582021-12-22 11:48:17.444root 11241100x80000000000000003853478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5fd4f3790122ed2021-12-22 11:48:17.444root 11241100x80000000000000003853479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524f9d2a19cc4faa2021-12-22 11:48:17.444root 11241100x80000000000000003853480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb2c1ddadffcb7a2021-12-22 11:48:17.444root 11241100x80000000000000003853481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba11052aec119412021-12-22 11:48:17.444root 11241100x80000000000000003853482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5f452b761bff322021-12-22 11:48:17.445root 11241100x80000000000000003853483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7ec18327c366cb2021-12-22 11:48:17.445root 11241100x80000000000000003853484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e90194f6188abc02021-12-22 11:48:17.445root 11241100x80000000000000003853485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cc016218e2c69b2021-12-22 11:48:17.445root 11241100x80000000000000003853486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4857956df6d2002021-12-22 11:48:17.445root 11241100x80000000000000003853487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36dd98820cf30a9f2021-12-22 11:48:17.445root 11241100x80000000000000003853488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca06381d18a70d12021-12-22 11:48:17.445root 11241100x80000000000000003853489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf8c985cb7e04e72021-12-22 11:48:17.445root 154100x80000000000000003853490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.741{ec2b6afe-1081-61c3-f4a8-4f0000000000}19078/usr/bin/x86_64-linux-gnu-gcc-7-----gcc prog.c -o prog/home/ubuntuubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 11241100x80000000000000003853491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.743{ec2b6afe-1081-61c3-f4a8-4f0000000000}19078/usr/bin/x86_64-linux-gnu-gcc-7/tmp/cc9yK9Va.s2021-12-22 11:48:17.743ubuntu 11241100x80000000000000003853492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.743{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ef34ae8c54284b2021-12-22 11:48:17.743root 154100x80000000000000003853493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.743{ec2b6afe-1081-61c3-7ca6-a50100000000}19079/usr/lib/gcc/x86_64-linux-gnu/7/cc1-----/usr/lib/gcc/x86_64-linux-gnu/7/cc1 -quiet -imultiarch x86_64-linux-gnu prog.c -quiet -dumpbase prog.c -mtune=generic -march=x86-64 -auxbase prog -fstack-protector-strong -Wformat -Wformat-security -o /tmp/cc9yK9Va.s/home/ubuntuubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-1081-61c3-f4a8-4f0000000000}19078/usr/bin/x86_64-linux-gnu-gcc-7gccubuntu 11241100x80000000000000003853494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.743{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937200bab4dfc48e2021-12-22 11:48:17.743root 11241100x80000000000000003853495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.744{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6fc22bde8f97bc2021-12-22 11:48:17.744root 11241100x80000000000000003853496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.744{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fee5a12e594505b2021-12-22 11:48:17.744root 11241100x80000000000000003853497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.744{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270ea763191d28212021-12-22 11:48:17.744root 11241100x80000000000000003853498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.744{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952b0eea97e8a80b2021-12-22 11:48:17.744root 11241100x80000000000000003853499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.744{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c5e2b6f62f15882021-12-22 11:48:17.744root 11241100x80000000000000003853500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.744{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77992aa2d7838812021-12-22 11:48:17.744root 11241100x80000000000000003853501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.744{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1d6a116012fd682021-12-22 11:48:17.744root 11241100x80000000000000003853502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.745{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ea0620bfd3e09e2021-12-22 11:48:17.745root 11241100x80000000000000003853503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.745{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ecfc4ba7a2e67952021-12-22 11:48:17.745root 11241100x80000000000000003853504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.745{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac97a034b62b0042021-12-22 11:48:17.745root 11241100x80000000000000003853505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.745{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c409b58b40c6972021-12-22 11:48:17.745root 11241100x80000000000000003853506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.745{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc90cdb8abe32222021-12-22 11:48:17.745root 11241100x80000000000000003853507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.745{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e718cc31febae392021-12-22 11:48:17.745root 11241100x80000000000000003853508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.745{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3967c199c412342021-12-22 11:48:17.745root 11241100x80000000000000003853509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.746{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3099ef1eedd1917a2021-12-22 11:48:17.746root 11241100x80000000000000003853510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.746{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4eea15c6427bc102021-12-22 11:48:17.746root 11241100x80000000000000003853511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.746{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c10a8ebf6a5b8d72021-12-22 11:48:17.746root 11241100x80000000000000003853512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.746{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628f20d65bcc77a82021-12-22 11:48:17.746root 11241100x80000000000000003853513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.746{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d12f1cc8665efb2021-12-22 11:48:17.746root 11241100x80000000000000003853514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.746{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428dbc12c09f6ff32021-12-22 11:48:17.746root 11241100x80000000000000003853515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.746{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe12cd98a0bc218e2021-12-22 11:48:17.746root 11241100x80000000000000003853516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.746{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b924591389cf992021-12-22 11:48:17.746root 11241100x80000000000000003853517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.746{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058a26dff2b9a8952021-12-22 11:48:17.746root 11241100x80000000000000003853518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.746{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a94fc65459b5c12021-12-22 11:48:17.746root 11241100x80000000000000003853519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.747{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ce420a21e9f16f2021-12-22 11:48:17.747root 11241100x80000000000000003853520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.747{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5d26c2ae9f9cb82021-12-22 11:48:17.747root 11241100x80000000000000003853521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.747{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3cd8a68c65a28c2021-12-22 11:48:17.747root 11241100x80000000000000003853522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.747{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908bbb88ef0968f42021-12-22 11:48:17.747root 11241100x80000000000000003853523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.747{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1e87c97660b5cf2021-12-22 11:48:17.747root 11241100x80000000000000003853524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.747{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a621e0a322a6522021-12-22 11:48:17.747root 11241100x80000000000000003853525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.747{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be93747fccc6a7d2021-12-22 11:48:17.747root 11241100x80000000000000003853526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.747{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7dc5d66875ede962021-12-22 11:48:17.747root 11241100x80000000000000003853527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.747{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2613a064d2ff8af82021-12-22 11:48:17.747root 11241100x80000000000000003853528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.747{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688ee5ad22ebc7612021-12-22 11:48:17.747root 11241100x80000000000000003853529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.747{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea899963f0c9ca3e2021-12-22 11:48:17.747root 11241100x80000000000000003853530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.748{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df771d0f6f706bbd2021-12-22 11:48:17.748root 11241100x80000000000000003853531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.748{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac27e50367b5d4792021-12-22 11:48:17.748root 11241100x80000000000000003853532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.748{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a3c07d2203cb412021-12-22 11:48:17.748root 11241100x80000000000000003853533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.748{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b5b38b326f94e12021-12-22 11:48:17.748root 11241100x80000000000000003853534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.748{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921de4f6ca055f012021-12-22 11:48:17.748root 11241100x80000000000000003853535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.748{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfbe70ff0432d24e2021-12-22 11:48:17.748root 11241100x80000000000000003853536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.748{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740bf5cfc29e18122021-12-22 11:48:17.748root 11241100x80000000000000003853537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.748{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7eca66d1d90669d2021-12-22 11:48:17.748root 11241100x80000000000000003853538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.749{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ae3b7f17df81a72021-12-22 11:48:17.749root 11241100x80000000000000003853539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.749{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320e7c723fb9fcbc2021-12-22 11:48:17.749root 11241100x80000000000000003853540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.749{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb1ac57efeaab362021-12-22 11:48:17.749root 11241100x80000000000000003853541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.749{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f99ffd5febbf7f2021-12-22 11:48:17.749root 11241100x80000000000000003853542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.749{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a142d5c70178602021-12-22 11:48:17.749root 11241100x80000000000000003853543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.749{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a177985d1e823b902021-12-22 11:48:17.749root 11241100x80000000000000003853544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.749{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546e7a88bc0d3ce32021-12-22 11:48:17.749root 11241100x80000000000000003853545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.749{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c673c3b5b08b02c2021-12-22 11:48:17.749root 11241100x80000000000000003853546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.749{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a7e91800c40d902021-12-22 11:48:17.749root 11241100x80000000000000003853547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.750{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa60a4472e4c9f72021-12-22 11:48:17.750root 11241100x80000000000000003853548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.750{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0b1dacaff61a912021-12-22 11:48:17.750root 11241100x80000000000000003853549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.750{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d925b3759e1f1652021-12-22 11:48:17.750root 11241100x80000000000000003853550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.750{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244775a163e038862021-12-22 11:48:17.750root 11241100x80000000000000003853551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.750{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7652ee1815d67e2021-12-22 11:48:17.750root 534500x80000000000000003853552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.760{ec2b6afe-1081-61c3-7ca6-a50100000000}19079/usr/lib/gcc/x86_64-linux-gnu/7/cc1ubuntu 11241100x80000000000000003853553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.760{ec2b6afe-1081-61c3-f4a8-4f0000000000}19078/usr/bin/x86_64-linux-gnu-gcc-7/tmp/ccxBenEk.o2021-12-22 11:48:17.760ubuntu 154100x80000000000000003853554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.760{ec2b6afe-1081-61c3-282b-9a3a9d550000}19080/usr/bin/x86_64-linux-gnu-as-----as --64 -o /tmp/ccxBenEk.o /tmp/cc9yK9Va.s/home/ubuntuubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-1081-61c3-f4a8-4f0000000000}19078/usr/bin/x86_64-linux-gnu-gcc-7gccubuntu 534500x80000000000000003853555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.766{ec2b6afe-1081-61c3-282b-9a3a9d550000}19080/usr/bin/x86_64-linux-gnu-asubuntu 11241100x80000000000000003853556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.767{ec2b6afe-1081-61c3-f4a8-4f0000000000}19078/usr/bin/x86_64-linux-gnu-gcc-7/tmp/ccZwNFnu.res2021-12-22 11:48:17.767ubuntu 154100x80000000000000003853557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.767{ec2b6afe-1081-61c3-5ca1-480000000000}19081/usr/lib/gcc/x86_64-linux-gnu/7/collect2-----/usr/lib/gcc/x86_64-linux-gnu/7/collect2 -plugin /usr/lib/gcc/x86_64-linux-gnu/7/liblto_plugin.so -plugin-opt=/usr/lib/gcc/x86_64-linux-gnu/7/lto-wrapper -plugin-opt=-fresolution=/tmp/ccZwNFnu.res -plugin-opt=-pass-through=-lgcc -plugin-opt=-pass-through=-lgcc_s -plugin-opt=-pass-through=-lc -plugin-opt=-pass-through=-lgcc -plugin-opt=-pass-through=-lgcc_s --build-id --eh-frame-hdr -m elf_x86_64 --hash-style=gnu --as-needed -dynamic-linker /lib64/ld-linux-x86-64.so.2 -pie -z now -z relro -o prog /usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/Scrt1.o /usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/crti.o /usr/lib/gcc/x86_64-linux-gnu/7/crtbeginS.o -L/usr/lib/gcc/x86_64-linux-gnu/7 -L/usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu -L/usr/lib/gcc/x86_64-linux-gnu/7/../../../../lib -L/lib/x86_64-linux-gnu -L/lib/../lib -L/usr/lib/x86_64-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/x86_64-linux-gnu/7/../../.. /tmp/ccxBenEk.o -lgcc --push-state --as-needed -lgcc_s --pop-state -lc -lgcc --push-state --as-needed -lgcc_s --pop-state /usr/lib/gcc/x86_64-linux-gnu/7/crtendS.o /usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/crtn.o/home/ubuntuubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-1081-61c3-f4a8-4f0000000000}19078/usr/bin/x86_64-linux-gnu-gcc-7gccubuntu 11241100x80000000000000003853558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.768{ec2b6afe-1081-61c3-5ca1-480000000000}19081/usr/lib/gcc/x86_64-linux-gnu/7/collect2/tmp/ccSquA2d.c2021-12-22 11:48:17.768ubuntu 11241100x80000000000000003853559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.768{ec2b6afe-1081-61c3-5ca1-480000000000}19081/usr/lib/gcc/x86_64-linux-gnu/7/collect2/tmp/ccZ2K7Ln.o2021-12-22 11:48:17.768ubuntu 11241100x80000000000000003853560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.768{ec2b6afe-1081-61c3-5ca1-480000000000}19081/usr/lib/gcc/x86_64-linux-gnu/7/collect2/tmp/ccuBfFvx.ld2021-12-22 11:48:17.768ubuntu 11241100x80000000000000003853561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.768{ec2b6afe-1081-61c3-5ca1-480000000000}19081/usr/lib/gcc/x86_64-linux-gnu/7/collect2/tmp/cclgVcfH.le2021-12-22 11:48:17.768ubuntu 11241100x80000000000000003853562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.768{ec2b6afe-1081-61c3-5ca1-480000000000}19081/usr/lib/gcc/x86_64-linux-gnu/7/collect2/tmp/ccuBfFvx.ld2021-12-22 11:48:17.768ubuntu 11241100x80000000000000003853563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.768{ec2b6afe-1081-61c3-5ca1-480000000000}19081/usr/lib/gcc/x86_64-linux-gnu/7/collect2/tmp/cclgVcfH.le2021-12-22 11:48:17.768ubuntu 154100x80000000000000003853564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.768{ec2b6afe-1081-61c3-10eb-bda9af550000}19082/usr/bin/x86_64-linux-gnu-ld.bfd-----/usr/bin/ld -plugin /usr/lib/gcc/x86_64-linux-gnu/7/liblto_plugin.so -plugin-opt=/usr/lib/gcc/x86_64-linux-gnu/7/lto-wrapper -plugin-opt=-fresolution=/tmp/ccZwNFnu.res -plugin-opt=-pass-through=-lgcc -plugin-opt=-pass-through=-lgcc_s -plugin-opt=-pass-through=-lc -plugin-opt=-pass-through=-lgcc -plugin-opt=-pass-through=-lgcc_s --build-id --eh-frame-hdr -m elf_x86_64 --hash-style=gnu --as-needed -dynamic-linker /lib64/ld-linux-x86-64.so.2 -pie -z now -z relro -o prog /usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/Scrt1.o /usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/crti.o /usr/lib/gcc/x86_64-linux-gnu/7/crtbeginS.o -L/usr/lib/gcc/x86_64-linux-gnu/7 -L/usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu -L/usr/lib/gcc/x86_64-linux-gnu/7/../../../../lib -L/lib/x86_64-linux-gnu -L/lib/../lib -L/usr/lib/x86_64-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/x86_64-linux-gnu/7/../../.. /tmp/ccxBenEk.o -lgcc --push-state --as-needed -lgcc_s --pop-state -lc -lgcc --push-state --as-needed -lgcc_s --pop-state /usr/lib/gcc/x86_64-linux-gnu/7/crtendS.o /usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/crtn.o/home/ubuntuubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-1081-61c3-5ca1-480000000000}19081/usr/lib/gcc/x86_64-linux-gnu/7/collect2/usr/lib/gcc/x86_64-linux-gnu/7/collect2ubuntu 11241100x80000000000000003853565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.770{ec2b6afe-1081-61c3-10eb-bda9af550000}19082/usr/bin/x86_64-linux-gnu-ld.bfd/home/ubuntu/prog2021-12-22 11:48:17.770ubuntu 534500x80000000000000003853566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.788{ec2b6afe-1081-61c3-10eb-bda9af550000}19082/usr/bin/x86_64-linux-gnu-ld.bfdubuntu 23542300x80000000000000003853567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.788{ec2b6afe-1081-61c3-5ca1-480000000000}19081ubuntu/usr/lib/gcc/x86_64-linux-gnu/7/collect2/tmp/ccuBfFvx.ld--- 23542300x80000000000000003853568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.788{ec2b6afe-1081-61c3-5ca1-480000000000}19081ubuntu/usr/lib/gcc/x86_64-linux-gnu/7/collect2/tmp/cclgVcfH.le--- 23542300x80000000000000003853569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.788{ec2b6afe-1081-61c3-5ca1-480000000000}19081ubuntu/usr/lib/gcc/x86_64-linux-gnu/7/collect2/tmp/ccSquA2d.c--- 23542300x80000000000000003853570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.788{ec2b6afe-1081-61c3-5ca1-480000000000}19081ubuntu/usr/lib/gcc/x86_64-linux-gnu/7/collect2/tmp/ccZ2K7Ln.o--- 534500x80000000000000003853571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.788{ec2b6afe-1081-61c3-5ca1-480000000000}19081/usr/lib/gcc/x86_64-linux-gnu/7/collect2ubuntu 23542300x80000000000000003853572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.788{ec2b6afe-1081-61c3-f4a8-4f0000000000}19078ubuntu/usr/bin/x86_64-linux-gnu-gcc-7/tmp/ccZwNFnu.res--- 23542300x80000000000000003853573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.788{ec2b6afe-1081-61c3-f4a8-4f0000000000}19078ubuntu/usr/bin/x86_64-linux-gnu-gcc-7/tmp/ccxBenEk.o--- 23542300x80000000000000003853574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.788{ec2b6afe-1081-61c3-f4a8-4f0000000000}19078ubuntu/usr/bin/x86_64-linux-gnu-gcc-7/tmp/cc9yK9Va.s--- 534500x80000000000000003853575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:17.788{ec2b6afe-1081-61c3-f4a8-4f0000000000}19078/usr/bin/x86_64-linux-gnu-gcc-7ubuntu 11241100x80000000000000003853576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1241e61c7ae16352021-12-22 11:48:18.193root 11241100x80000000000000003853577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0e59e3d04003242021-12-22 11:48:18.193root 11241100x80000000000000003853578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae210ccfe2f67d92021-12-22 11:48:18.193root 11241100x80000000000000003853579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c1e6b6c3a809cd2021-12-22 11:48:18.193root 11241100x80000000000000003853580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d74dda5c0234f02021-12-22 11:48:18.194root 11241100x80000000000000003853581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a08152c240919c2021-12-22 11:48:18.194root 11241100x80000000000000003853582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a4cca01d733fbb2021-12-22 11:48:18.194root 11241100x80000000000000003853583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ececfcb3865ce11b2021-12-22 11:48:18.194root 11241100x80000000000000003853584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69faabecb8e21db92021-12-22 11:48:18.194root 11241100x80000000000000003853585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230950eb3bb9fba42021-12-22 11:48:18.194root 11241100x80000000000000003853586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ca302ea70291e02021-12-22 11:48:18.194root 11241100x80000000000000003853587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7c8aecea532a462021-12-22 11:48:18.195root 11241100x80000000000000003853588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3a23054420178f2021-12-22 11:48:18.195root 11241100x80000000000000003853589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e49519fed945d362021-12-22 11:48:18.195root 11241100x80000000000000003853590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3725ca5b11f38b2021-12-22 11:48:18.195root 11241100x80000000000000003853591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79463aa5c8ec8a5a2021-12-22 11:48:18.195root 11241100x80000000000000003853592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbfc53dd5a818ad2021-12-22 11:48:18.196root 11241100x80000000000000003853593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb393b0ad78af33f2021-12-22 11:48:18.196root 11241100x80000000000000003853594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab90a0b5449a044c2021-12-22 11:48:18.196root 11241100x80000000000000003853595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62a847e559cfe4c2021-12-22 11:48:18.196root 11241100x80000000000000003853596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9963d397d814c902021-12-22 11:48:18.196root 11241100x80000000000000003853597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c65b5878ff1d3d2021-12-22 11:48:18.196root 11241100x80000000000000003853598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26bc7bc6f296dfb32021-12-22 11:48:18.196root 11241100x80000000000000003853599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2cd0753787903782021-12-22 11:48:18.196root 11241100x80000000000000003853600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e9e640f8db02842021-12-22 11:48:18.196root 11241100x80000000000000003853601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6ac469fbde8dde2021-12-22 11:48:18.196root 11241100x80000000000000003853602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3ea7d1893500e02021-12-22 11:48:18.197root 11241100x80000000000000003853603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0565390232306e2021-12-22 11:48:18.197root 11241100x80000000000000003853604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6a400b8c67177c2021-12-22 11:48:18.197root 11241100x80000000000000003853605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a9bcabe7973f092021-12-22 11:48:18.197root 11241100x80000000000000003853606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec0826c0b6b8aac2021-12-22 11:48:18.197root 11241100x80000000000000003853607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84687bde1ac0f6a32021-12-22 11:48:18.197root 11241100x80000000000000003853608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3471f67f4441962021-12-22 11:48:18.197root 11241100x80000000000000003853609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e75ae9348fd8022021-12-22 11:48:18.197root 11241100x80000000000000003853610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9827527d5d75d1452021-12-22 11:48:18.197root 11241100x80000000000000003853611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198a12b486d1af3a2021-12-22 11:48:18.198root 11241100x80000000000000003853612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65dcbe8dcdd4de072021-12-22 11:48:18.198root 11241100x80000000000000003853613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19293e073b5cedc92021-12-22 11:48:18.198root 11241100x80000000000000003853614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f00de09310d9842021-12-22 11:48:18.198root 11241100x80000000000000003853615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ea8b870304d8382021-12-22 11:48:18.198root 11241100x80000000000000003853616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c94567eec7b9472021-12-22 11:48:18.198root 11241100x80000000000000003853617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e535584a0e13682021-12-22 11:48:18.199root 11241100x80000000000000003853618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d551fa163130d9e2021-12-22 11:48:18.199root 11241100x80000000000000003853619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55cd97646a9ce9322021-12-22 11:48:18.199root 11241100x80000000000000003853620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e05676f97cf0652021-12-22 11:48:18.199root 11241100x80000000000000003853621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e76e794061c20092021-12-22 11:48:18.199root 11241100x80000000000000003853622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ef67aedf02cd4c2021-12-22 11:48:18.199root 11241100x80000000000000003853623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd790938bdb405e22021-12-22 11:48:18.199root 11241100x80000000000000003853624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34943573dee75422021-12-22 11:48:18.199root 11241100x80000000000000003853625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b108a40911d616122021-12-22 11:48:18.199root 11241100x80000000000000003853626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f32b80d6843a12a2021-12-22 11:48:18.200root 11241100x80000000000000003853627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ff2faf32f188612021-12-22 11:48:18.200root 11241100x80000000000000003853628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968be4944dc922882021-12-22 11:48:18.200root 11241100x80000000000000003853629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564216ac5da1535a2021-12-22 11:48:18.200root 11241100x80000000000000003853630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537a425a77321c772021-12-22 11:48:18.200root 11241100x80000000000000003853631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e6b986060956932021-12-22 11:48:18.200root 11241100x80000000000000003853632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9a59f4cf48cdc32021-12-22 11:48:18.201root 11241100x80000000000000003853633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2e7ff03fe859c62021-12-22 11:48:18.201root 11241100x80000000000000003853634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c781350fdba3e042021-12-22 11:48:18.201root 11241100x80000000000000003853635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab10a494970253492021-12-22 11:48:18.201root 11241100x80000000000000003853636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f11eaa904892f32021-12-22 11:48:18.201root 11241100x80000000000000003853637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f557722161bc1a2021-12-22 11:48:18.201root 11241100x80000000000000003853638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc48d8eb14abb182021-12-22 11:48:18.201root 11241100x80000000000000003853639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18e55f42bcc6c662021-12-22 11:48:18.201root 11241100x80000000000000003853640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e44799bd1b521c2021-12-22 11:48:18.201root 11241100x80000000000000003853641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797d3549c645fbe62021-12-22 11:48:18.202root 11241100x80000000000000003853642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe620bcd8a27ab02021-12-22 11:48:18.202root 11241100x80000000000000003853643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c6edafe0ba24352021-12-22 11:48:18.202root 11241100x80000000000000003853644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ba8ba95f83d4d12021-12-22 11:48:18.202root 11241100x80000000000000003853645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37182d3b2bd412be2021-12-22 11:48:18.203root 11241100x80000000000000003853646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90f15859408ffad2021-12-22 11:48:18.203root 11241100x80000000000000003853647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e738d0f83155b4b22021-12-22 11:48:18.203root 11241100x80000000000000003853648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3a6299e8ce55862021-12-22 11:48:18.205root 11241100x80000000000000003853649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1a2a637e24a8072021-12-22 11:48:18.205root 11241100x80000000000000003853650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae57d5858ccea3132021-12-22 11:48:18.206root 11241100x80000000000000003853651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf1f5986aca10672021-12-22 11:48:18.206root 11241100x80000000000000003853652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee10bf7cf0c63822021-12-22 11:48:18.206root 11241100x80000000000000003853653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ed06a4fdb558d12021-12-22 11:48:18.206root 11241100x80000000000000003853654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7593013bf911bfe02021-12-22 11:48:18.206root 11241100x80000000000000003853655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b20b76942025ef2021-12-22 11:48:18.206root 11241100x80000000000000003853656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312e7c1e5f42264e2021-12-22 11:48:18.206root 11241100x80000000000000003853657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5576d015d827f7a2021-12-22 11:48:18.206root 11241100x80000000000000003853658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e8504ecc019eee2021-12-22 11:48:18.206root 11241100x80000000000000003853659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0055a56205a83b242021-12-22 11:48:18.207root 11241100x80000000000000003853660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c951a8d8146ba0e2021-12-22 11:48:18.207root 11241100x80000000000000003853661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8dfc0a8a4fadc862021-12-22 11:48:18.207root 11241100x80000000000000003853662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0d20bb562e4aad2021-12-22 11:48:18.207root 11241100x80000000000000003853663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889e8e3fb2ccd0192021-12-22 11:48:18.208root 11241100x80000000000000003853664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7d3cc684de3f172021-12-22 11:48:18.208root 11241100x80000000000000003853665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0135df08f179202021-12-22 11:48:18.208root 11241100x80000000000000003853666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d0fef3cc2a3d8c2021-12-22 11:48:18.208root 11241100x80000000000000003853667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93f78ab36d326582021-12-22 11:48:18.209root 11241100x80000000000000003853668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96dee7134f738c8a2021-12-22 11:48:18.209root 11241100x80000000000000003853669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1cad9661438d602021-12-22 11:48:18.209root 11241100x80000000000000003853670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c51f0830676cc92021-12-22 11:48:18.209root 11241100x80000000000000003853671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38262fafb201a9a2021-12-22 11:48:18.209root 11241100x80000000000000003853672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17dd045f2fab0bb12021-12-22 11:48:18.210root 11241100x80000000000000003853673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133d83a2e410de6a2021-12-22 11:48:18.210root 11241100x80000000000000003853674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4108e1848749892021-12-22 11:48:18.210root 11241100x80000000000000003853675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8546360edb0e6382021-12-22 11:48:18.210root 11241100x80000000000000003853676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5bfed17905a7df12021-12-22 11:48:18.210root 11241100x80000000000000003853677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813d6f04f90c74742021-12-22 11:48:18.211root 11241100x80000000000000003853678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2861412f9a10c2f92021-12-22 11:48:18.211root 11241100x80000000000000003853679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4db950e12737f552021-12-22 11:48:18.211root 11241100x80000000000000003853680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951a60e4e8f935b72021-12-22 11:48:18.211root 11241100x80000000000000003853681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc566faab10f6822021-12-22 11:48:18.211root 11241100x80000000000000003853682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72e451688c11f552021-12-22 11:48:18.211root 11241100x80000000000000003853683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95cd7b20e11fc1592021-12-22 11:48:18.211root 11241100x80000000000000003853684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed1370f6274a8a82021-12-22 11:48:18.212root 11241100x80000000000000003853685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413d69d409334e8a2021-12-22 11:48:18.212root 11241100x80000000000000003853686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874b6f4807b0a7bd2021-12-22 11:48:18.212root 11241100x80000000000000003853687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac05f871e61b6b662021-12-22 11:48:18.212root 11241100x80000000000000003853688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd1ced63fa502172021-12-22 11:48:18.212root 11241100x80000000000000003853689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd7e2a4bc99d45d2021-12-22 11:48:18.213root 11241100x80000000000000003853690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce11ad23f950c5572021-12-22 11:48:18.213root 11241100x80000000000000003853691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987c84ffa53668c02021-12-22 11:48:18.213root 11241100x80000000000000003853692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e83cebe84c288732021-12-22 11:48:18.213root 11241100x80000000000000003853693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac92769a77d3eb522021-12-22 11:48:18.214root 11241100x80000000000000003853694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4bdd880a47d1ae2021-12-22 11:48:18.214root 11241100x80000000000000003853695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a87be6d88caded02021-12-22 11:48:18.214root 11241100x80000000000000003853696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b9c37f228d52302021-12-22 11:48:18.214root 11241100x80000000000000003853697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c5c19667d6b7002021-12-22 11:48:18.214root 11241100x80000000000000003853698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08beaff564ba83952021-12-22 11:48:18.214root 11241100x80000000000000003853699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78fbc82599e92ce2021-12-22 11:48:18.214root 11241100x80000000000000003853700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7be1b1c252748632021-12-22 11:48:18.216root 11241100x80000000000000003853701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869dc3e90324c2c32021-12-22 11:48:18.216root 11241100x80000000000000003853702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c5eaa9d20b42032021-12-22 11:48:18.217root 11241100x80000000000000003853703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64cc0abb865bfac2021-12-22 11:48:18.217root 11241100x80000000000000003853704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03afe02b500a530b2021-12-22 11:48:18.217root 11241100x80000000000000003853705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302552afcd1e8b522021-12-22 11:48:18.217root 11241100x80000000000000003853706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5bfb67b0a91fed22021-12-22 11:48:18.218root 11241100x80000000000000003853707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bccd8357d01f1f562021-12-22 11:48:18.218root 11241100x80000000000000003853708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dacd103f3158d8922021-12-22 11:48:18.218root 11241100x80000000000000003853709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61045a29c6403a82021-12-22 11:48:18.218root 11241100x80000000000000003853710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b701c072ecb0e82021-12-22 11:48:18.219root 11241100x80000000000000003853711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6f53c4d8edd0f52021-12-22 11:48:18.219root 11241100x80000000000000003853712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442039857b2d0e702021-12-22 11:48:18.220root 11241100x80000000000000003853713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85c06c23d6aade42021-12-22 11:48:18.220root 11241100x80000000000000003853714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec28a3b5a0e1ba92021-12-22 11:48:18.220root 11241100x80000000000000003853715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f2321b5ce556bc2021-12-22 11:48:18.221root 11241100x80000000000000003853716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2ea8c27d1888bb2021-12-22 11:48:18.221root 11241100x80000000000000003853717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307d4412c19ffa6c2021-12-22 11:48:18.221root 11241100x80000000000000003853718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834cd9b4901a08fb2021-12-22 11:48:18.221root 11241100x80000000000000003853719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e96d7b6e6bf3152021-12-22 11:48:18.222root 11241100x80000000000000003853720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635db664508bf4432021-12-22 11:48:18.223root 11241100x80000000000000003853721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bceb59afa65c79c2021-12-22 11:48:18.223root 11241100x80000000000000003853722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a00a10bdb7c29612021-12-22 11:48:18.223root 11241100x80000000000000003853723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1f7c231789ce1d2021-12-22 11:48:18.224root 11241100x80000000000000003853724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda5dc66887f0f072021-12-22 11:48:18.224root 11241100x80000000000000003853725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a59978379613ef2021-12-22 11:48:18.224root 11241100x80000000000000003853726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80a2c7352ceb1c22021-12-22 11:48:18.224root 11241100x80000000000000003853727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436c788523fdb5d92021-12-22 11:48:18.224root 11241100x80000000000000003853728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e8ab6cae31b9672021-12-22 11:48:18.224root 11241100x80000000000000003853729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53cd57714bdb9582021-12-22 11:48:18.225root 11241100x80000000000000003853730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a1f62ff386036e2021-12-22 11:48:18.225root 11241100x80000000000000003853731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b2af454690746e2021-12-22 11:48:18.225root 11241100x80000000000000003853732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa380c63704754522021-12-22 11:48:18.225root 11241100x80000000000000003853733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a194484e8cd0f42021-12-22 11:48:18.225root 11241100x80000000000000003853734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d21339242673452021-12-22 11:48:18.226root 11241100x80000000000000003853735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d993529f9a179d52021-12-22 11:48:18.226root 11241100x80000000000000003853736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71792e52110f58142021-12-22 11:48:18.226root 11241100x80000000000000003853737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a518af4d1c68b2e62021-12-22 11:48:18.226root 11241100x80000000000000003853738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af85bbbc40abc7c2021-12-22 11:48:18.226root 11241100x80000000000000003853739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d40cb488ed71702021-12-22 11:48:18.226root 11241100x80000000000000003853740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b571a8d5c38076b32021-12-22 11:48:18.227root 11241100x80000000000000003853741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0a5edfa42c1d5d2021-12-22 11:48:18.227root 11241100x80000000000000003853742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed33eb7b12ecc1e82021-12-22 11:48:18.227root 11241100x80000000000000003853743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e751a99aa8ecbc542021-12-22 11:48:18.227root 11241100x80000000000000003853744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e56b57af617121082021-12-22 11:48:18.228root 11241100x80000000000000003853745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add954cf12eddb312021-12-22 11:48:18.228root 11241100x80000000000000003853746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce01357febc146c62021-12-22 11:48:18.228root 11241100x80000000000000003853747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13d2f13abc5ea7b2021-12-22 11:48:18.228root 11241100x80000000000000003853748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46f01da4cfd34d32021-12-22 11:48:18.228root 11241100x80000000000000003853749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7edf3736470243862021-12-22 11:48:18.228root 11241100x80000000000000003853750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c68f87210ec7812021-12-22 11:48:18.228root 11241100x80000000000000003853751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352dad8526b223a72021-12-22 11:48:18.228root 11241100x80000000000000003853752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3cd8e2a803c7352021-12-22 11:48:18.228root 11241100x80000000000000003853753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b99480e1bfb0a522021-12-22 11:48:18.228root 11241100x80000000000000003853754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465a5a0ffd93a8b42021-12-22 11:48:18.228root 11241100x80000000000000003853755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4f0d32825ff0672021-12-22 11:48:18.228root 11241100x80000000000000003853756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4436e7cad3654fdb2021-12-22 11:48:18.228root 11241100x80000000000000003853757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78759563d1aa6d8b2021-12-22 11:48:18.229root 11241100x80000000000000003853758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1d5038a309df092021-12-22 11:48:18.229root 11241100x80000000000000003853759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d7bae830af70eb2021-12-22 11:48:18.229root 11241100x80000000000000003853760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b228c1a24506aa6b2021-12-22 11:48:18.229root 11241100x80000000000000003853761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661d5a79894bd8882021-12-22 11:48:18.229root 11241100x80000000000000003853762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f851814352fec5c32021-12-22 11:48:18.229root 11241100x80000000000000003853763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79353433df2bd202021-12-22 11:48:18.230root 11241100x80000000000000003853764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f347f7254a5e96c92021-12-22 11:48:18.230root 11241100x80000000000000003853765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bed12b28168dd2a2021-12-22 11:48:18.230root 11241100x80000000000000003853766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11fd423d53888c702021-12-22 11:48:18.230root 11241100x80000000000000003853767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89292cd5f34d69212021-12-22 11:48:18.230root 11241100x80000000000000003853768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9b5d980c06539e2021-12-22 11:48:18.230root 11241100x80000000000000003853769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f3b058c327e7762021-12-22 11:48:18.230root 11241100x80000000000000003853770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce177b7ed46d057c2021-12-22 11:48:18.230root 11241100x80000000000000003853771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c5430d57e8dca92021-12-22 11:48:18.230root 11241100x80000000000000003853772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021b1b8da12c101a2021-12-22 11:48:18.230root 11241100x80000000000000003853773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3bcea549a059472021-12-22 11:48:18.230root 11241100x80000000000000003853774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658081506daaff6a2021-12-22 11:48:18.231root 11241100x80000000000000003853775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8ba31e89e8c43d2021-12-22 11:48:18.231root 11241100x80000000000000003853776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3814c3daba6e62552021-12-22 11:48:18.231root 11241100x80000000000000003853777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7446b95cb1f8d9f52021-12-22 11:48:18.231root 11241100x80000000000000003853778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b734bb81cf87f822021-12-22 11:48:18.231root 11241100x80000000000000003853779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c126f8e6f66e681a2021-12-22 11:48:18.231root 11241100x80000000000000003853780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00514ceaf588730a2021-12-22 11:48:18.231root 11241100x80000000000000003853781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3afd5f98c99f032021-12-22 11:48:18.231root 11241100x80000000000000003853782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0a538dcf93dcf92021-12-22 11:48:18.232root 11241100x80000000000000003853783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32381180f0003d32021-12-22 11:48:18.232root 11241100x80000000000000003853784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec91da550d1e2af92021-12-22 11:48:18.232root 11241100x80000000000000003853785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f40a13dd2abb5312021-12-22 11:48:18.232root 11241100x80000000000000003853786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e30a551c66fb8272021-12-22 11:48:18.232root 11241100x80000000000000003853787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c73b48bd5dde52b2021-12-22 11:48:18.232root 11241100x80000000000000003853788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0e6f0e71472e312021-12-22 11:48:18.233root 11241100x80000000000000003853789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a786aba35f6d01dd2021-12-22 11:48:18.233root 11241100x80000000000000003853790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ae38165f55fd782021-12-22 11:48:18.233root 11241100x80000000000000003853791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03bd63a5142f21092021-12-22 11:48:18.233root 11241100x80000000000000003853792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2cb978f24590f32021-12-22 11:48:18.233root 11241100x80000000000000003853793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d4646300c195912021-12-22 11:48:18.233root 11241100x80000000000000003853794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de116af2ed42e60f2021-12-22 11:48:18.233root 11241100x80000000000000003853795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7789cde03c9d0cc2021-12-22 11:48:18.234root 11241100x80000000000000003853796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67fdbdc3ddd51702021-12-22 11:48:18.234root 11241100x80000000000000003853797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cedb297d7d236af2021-12-22 11:48:18.234root 11241100x80000000000000003853798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102834a10c0fce9b2021-12-22 11:48:18.234root 11241100x80000000000000003853799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb26688998a4f4b2021-12-22 11:48:18.234root 11241100x80000000000000003853800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74822e183888f212021-12-22 11:48:18.234root 11241100x80000000000000003853801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669a434451f236672021-12-22 11:48:18.234root 11241100x80000000000000003853802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c86368d91e3a8932021-12-22 11:48:18.235root 11241100x80000000000000003853803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011de48890496fb82021-12-22 11:48:18.235root 11241100x80000000000000003853804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbb2a83d021ccb72021-12-22 11:48:18.235root 11241100x80000000000000003853805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0bbd0703521396e2021-12-22 11:48:18.235root 11241100x80000000000000003853806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5413449cf04b1f2021-12-22 11:48:18.235root 11241100x80000000000000003853807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a795f09de39bc92021-12-22 11:48:18.235root 11241100x80000000000000003853808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7eaf44b4f308102021-12-22 11:48:18.236root 11241100x80000000000000003853809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f694b055e85b532021-12-22 11:48:18.236root 11241100x80000000000000003853810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd3581fdca8a0cc2021-12-22 11:48:18.236root 11241100x80000000000000003853811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63face8b6dd36f142021-12-22 11:48:18.236root 11241100x80000000000000003853812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d3ab079abcc71dd2021-12-22 11:48:18.236root 11241100x80000000000000003853813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5c40bc7c4d7f9d2021-12-22 11:48:18.236root 11241100x80000000000000003853814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2021a6596d96d3272021-12-22 11:48:18.236root 11241100x80000000000000003853815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9b409620a587a92021-12-22 11:48:18.237root 11241100x80000000000000003853816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523133e67efd45942021-12-22 11:48:18.237root 11241100x80000000000000003853817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3d1d4ea0bf2a532021-12-22 11:48:18.237root 11241100x80000000000000003853818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944a38364be5a1c52021-12-22 11:48:18.237root 11241100x80000000000000003853819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1eef64f498c7a762021-12-22 11:48:18.237root 11241100x80000000000000003853820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8388bdcd19694002021-12-22 11:48:18.237root 11241100x80000000000000003853821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c680d18f4a3dcd62021-12-22 11:48:18.237root 11241100x80000000000000003853822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3070b472c29e883d2021-12-22 11:48:18.238root 11241100x80000000000000003853823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba2c23a18339d552021-12-22 11:48:18.238root 11241100x80000000000000003853824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3137a9806ce233992021-12-22 11:48:18.238root 11241100x80000000000000003853825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d616b418edc0f9b2021-12-22 11:48:18.238root 11241100x80000000000000003853826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bdbdef52504fc2c2021-12-22 11:48:18.238root 11241100x80000000000000003853827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e91062781a0a6f2021-12-22 11:48:18.238root 11241100x80000000000000003853828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96081a7e45cb2cc82021-12-22 11:48:18.238root 11241100x80000000000000003853829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa7bc4f5c83a9982021-12-22 11:48:18.239root 11241100x80000000000000003853830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dbde94202432f302021-12-22 11:48:18.239root 11241100x80000000000000003853831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7660ad28b53e3f2021-12-22 11:48:18.239root 11241100x80000000000000003853832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783d42e4620002ac2021-12-22 11:48:18.239root 11241100x80000000000000003853833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206d54191ee7ea112021-12-22 11:48:18.239root 11241100x80000000000000003853834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6508dd0b378629a2021-12-22 11:48:18.240root 11241100x80000000000000003853835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192afa6f9c6dc6fc2021-12-22 11:48:18.240root 11241100x80000000000000003853836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ada3ad4ba729c82021-12-22 11:48:18.240root 11241100x80000000000000003853837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138f4c64beaacc6e2021-12-22 11:48:18.240root 11241100x80000000000000003853838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b6087713265bc62021-12-22 11:48:18.240root 11241100x80000000000000003853839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da77df59198a72012021-12-22 11:48:18.240root 11241100x80000000000000003853840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0627059049dfeed02021-12-22 11:48:18.241root 11241100x80000000000000003853841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e7b07638adb4242021-12-22 11:48:18.241root 11241100x80000000000000003853842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8851082847b16b8e2021-12-22 11:48:18.241root 11241100x80000000000000003853843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea89300749a26dc72021-12-22 11:48:18.242root 11241100x80000000000000003853844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bbef79e71d27ea2021-12-22 11:48:18.242root 11241100x80000000000000003853845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715a730647cbc9902021-12-22 11:48:18.242root 11241100x80000000000000003853846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cad02954c9947ad2021-12-22 11:48:18.243root 11241100x80000000000000003853847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db6b432a595c9552021-12-22 11:48:18.243root 11241100x80000000000000003853848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5d10535a2d34212021-12-22 11:48:18.243root 11241100x80000000000000003853849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40597e7c37e6e9db2021-12-22 11:48:18.244root 11241100x80000000000000003853850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d166ec51f69ff32021-12-22 11:48:18.244root 11241100x80000000000000003853851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b1f6877bd447352021-12-22 11:48:18.244root 11241100x80000000000000003853852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5b687e444929952021-12-22 11:48:18.244root 11241100x80000000000000003853853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52de240d851f37d82021-12-22 11:48:18.244root 11241100x80000000000000003853854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399398eac8ecb5dd2021-12-22 11:48:18.244root 11241100x80000000000000003853855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be33f3b24735d6bf2021-12-22 11:48:18.245root 11241100x80000000000000003853856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944798481285a5f52021-12-22 11:48:18.245root 11241100x80000000000000003853857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d5c69245ceb68c2021-12-22 11:48:18.245root 11241100x80000000000000003853858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd902231c8df1b9f2021-12-22 11:48:18.245root 11241100x80000000000000003853859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900df65c0291572a2021-12-22 11:48:18.245root 11241100x80000000000000003853860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a29555b1d24a072021-12-22 11:48:18.245root 11241100x80000000000000003853861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46a54461e3a2a282021-12-22 11:48:18.246root 11241100x80000000000000003853862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e6a73063a36a862021-12-22 11:48:18.246root 11241100x80000000000000003853863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f9062dff93df532021-12-22 11:48:18.246root 11241100x80000000000000003853864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6cd4973788736d12021-12-22 11:48:18.246root 11241100x80000000000000003853865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966035e139d441d12021-12-22 11:48:18.246root 11241100x80000000000000003853866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03b418003fd90b32021-12-22 11:48:18.246root 11241100x80000000000000003853867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d407436c9a7baa22021-12-22 11:48:18.246root 11241100x80000000000000003853868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df86f5c39fed67b2021-12-22 11:48:18.247root 11241100x80000000000000003853869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e96f2206557f5c2021-12-22 11:48:18.247root 11241100x80000000000000003853870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9e564839ab46152021-12-22 11:48:18.247root 11241100x80000000000000003853871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88cf01fd4f085b62021-12-22 11:48:18.247root 11241100x80000000000000003853872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9487a3c5ceb18322021-12-22 11:48:18.247root 11241100x80000000000000003853873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c831d1c19fa6edd72021-12-22 11:48:18.247root 11241100x80000000000000003853874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776dbb3ba2f06b472021-12-22 11:48:18.248root 11241100x80000000000000003853875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0929ae32583fc6e2021-12-22 11:48:18.248root 11241100x80000000000000003853876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebadfb6b3b2d00912021-12-22 11:48:18.248root 11241100x80000000000000003853877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab55ce7b7b2f64a42021-12-22 11:48:18.249root 11241100x80000000000000003853878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0cf67c2c6ec54e2021-12-22 11:48:18.249root 11241100x80000000000000003853879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4943fde62926252021-12-22 11:48:18.249root 11241100x80000000000000003853880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353cba3fe44b69482021-12-22 11:48:18.250root 11241100x80000000000000003853881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb8c071db1b6ded2021-12-22 11:48:18.250root 11241100x80000000000000003853882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d745c731acc0822021-12-22 11:48:18.250root 11241100x80000000000000003853883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f367f298cd00cb72021-12-22 11:48:18.250root 11241100x80000000000000003853884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c072a0a7de26fc2021-12-22 11:48:18.251root 11241100x80000000000000003853885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980285023bea28682021-12-22 11:48:18.251root 11241100x80000000000000003853886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6747e22b792478782021-12-22 11:48:18.251root 11241100x80000000000000003853887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82fbd1d01ba27242021-12-22 11:48:18.251root 11241100x80000000000000003853888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2623d3c946f7d3502021-12-22 11:48:18.251root 11241100x80000000000000003853889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5d54025edb58de2021-12-22 11:48:18.251root 11241100x80000000000000003853890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335507d22623c0ad2021-12-22 11:48:18.252root 11241100x80000000000000003853891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7fcf8cb543602de2021-12-22 11:48:18.252root 11241100x80000000000000003853892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424559ffc49ad3da2021-12-22 11:48:18.252root 11241100x80000000000000003853893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae49da34dac4e6e22021-12-22 11:48:18.252root 11241100x80000000000000003853894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b5c88f4b0f1e752021-12-22 11:48:18.252root 11241100x80000000000000003853895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7ba95a3b4ada622021-12-22 11:48:18.252root 11241100x80000000000000003853896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1416cdafdc05647b2021-12-22 11:48:18.252root 11241100x80000000000000003853897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb9eaeb99e726e92021-12-22 11:48:18.252root 11241100x80000000000000003853898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b953ce94f0d315eb2021-12-22 11:48:18.252root 11241100x80000000000000003853899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6689106a8324bd2021-12-22 11:48:18.253root 11241100x80000000000000003853900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f954e4ed4b97be42021-12-22 11:48:18.253root 11241100x80000000000000003853901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5d9d383d1417e92021-12-22 11:48:18.253root 11241100x80000000000000003853902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018802f254cc30e52021-12-22 11:48:18.253root 11241100x80000000000000003853903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd95414480b403e52021-12-22 11:48:18.253root 11241100x80000000000000003853904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207fa616141a63c62021-12-22 11:48:18.253root 11241100x80000000000000003853905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c226175059d26202021-12-22 11:48:18.253root 11241100x80000000000000003853906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb94646684157de2021-12-22 11:48:18.253root 11241100x80000000000000003853907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0545d8af31e06e3b2021-12-22 11:48:18.253root 11241100x80000000000000003853908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88df362650bee9e2021-12-22 11:48:18.253root 11241100x80000000000000003853909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3224456fd44abc722021-12-22 11:48:18.253root 11241100x80000000000000003853910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe7500c89bb0bba2021-12-22 11:48:18.253root 11241100x80000000000000003853911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5f37618156407f2021-12-22 11:48:18.254root 11241100x80000000000000003853912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46029ea7d52ef2192021-12-22 11:48:18.254root 11241100x80000000000000003853913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79cb290d7bdd968b2021-12-22 11:48:18.254root 11241100x80000000000000003853914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e700f94765274b2021-12-22 11:48:18.254root 11241100x80000000000000003853915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f3a209149e8ad22021-12-22 11:48:18.254root 11241100x80000000000000003853916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf02669b1d87cd152021-12-22 11:48:18.254root 11241100x80000000000000003853917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4b2245781d36f22021-12-22 11:48:18.254root 11241100x80000000000000003853918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1689e82ccd7a19172021-12-22 11:48:18.254root 11241100x80000000000000003853919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7e6950e3b385132021-12-22 11:48:18.254root 11241100x80000000000000003853920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f99ff8dd48c5d892021-12-22 11:48:18.254root 11241100x80000000000000003853921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5822c3d53d05ff732021-12-22 11:48:18.256root 11241100x80000000000000003853922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6eb65cef2c1d432021-12-22 11:48:18.256root 11241100x80000000000000003853923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a655fdabc53be04d2021-12-22 11:48:18.257root 11241100x80000000000000003853924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec35812f416e1c0b2021-12-22 11:48:18.257root 11241100x80000000000000003853925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020c7fe26666b0b92021-12-22 11:48:18.258root 11241100x80000000000000003853926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f65bcd843c85a32021-12-22 11:48:18.258root 11241100x80000000000000003853927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a74a7205a12f982021-12-22 11:48:18.258root 11241100x80000000000000003853928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35656af35edc580f2021-12-22 11:48:18.259root 11241100x80000000000000003853929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a72b5915513fd332021-12-22 11:48:18.259root 11241100x80000000000000003853930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96169ed5d7166c3e2021-12-22 11:48:18.259root 11241100x80000000000000003853931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5843c421dd464372021-12-22 11:48:18.260root 11241100x80000000000000003853932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e121a71b917f00b2021-12-22 11:48:18.260root 11241100x80000000000000003853933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.261{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6dc4d419e4db482021-12-22 11:48:18.261root 11241100x80000000000000003853934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.261{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508c3e4ecf94144e2021-12-22 11:48:18.261root 11241100x80000000000000003853935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eaed84a859c93ab2021-12-22 11:48:18.693root 11241100x80000000000000003853936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb79f736771e29e92021-12-22 11:48:18.693root 11241100x80000000000000003853937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01834b12171ae9d12021-12-22 11:48:18.694root 11241100x80000000000000003853938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9e9889448fdf632021-12-22 11:48:18.694root 11241100x80000000000000003853939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff98f1ae42589212021-12-22 11:48:18.694root 11241100x80000000000000003853940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0172f4cc2a8a162021-12-22 11:48:18.694root 11241100x80000000000000003853941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce9229c950c85d02021-12-22 11:48:18.694root 11241100x80000000000000003853942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd5a94cc3df8e632021-12-22 11:48:18.694root 11241100x80000000000000003853943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11abb2b4e7515c282021-12-22 11:48:18.694root 11241100x80000000000000003853944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e4919a9e2172292021-12-22 11:48:18.694root 11241100x80000000000000003853945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0743473def69b452021-12-22 11:48:18.694root 11241100x80000000000000003853946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131021c0f2a79de82021-12-22 11:48:18.694root 11241100x80000000000000003853947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c83d5c226c7f402021-12-22 11:48:18.694root 11241100x80000000000000003853948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516b08bb191f07502021-12-22 11:48:18.695root 11241100x80000000000000003853949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e58a9c13cb12952021-12-22 11:48:18.695root 11241100x80000000000000003853950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f5c23cccf5052b2021-12-22 11:48:18.695root 11241100x80000000000000003853951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834ddbf50baebc7c2021-12-22 11:48:18.695root 11241100x80000000000000003853952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f2ebff6333e2632021-12-22 11:48:18.695root 11241100x80000000000000003853953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467ee7ccfd387cd22021-12-22 11:48:18.695root 11241100x80000000000000003853954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9490f7cb394a64432021-12-22 11:48:18.695root 11241100x80000000000000003853955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75161ed76f3c7502021-12-22 11:48:18.695root 11241100x80000000000000003853956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2c74021409040e2021-12-22 11:48:18.695root 11241100x80000000000000003853957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31983422cb97d92f2021-12-22 11:48:18.696root 11241100x80000000000000003853958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3ed349bf0ddfbb2021-12-22 11:48:18.696root 11241100x80000000000000003853959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70acaebc813c13a22021-12-22 11:48:18.696root 11241100x80000000000000003853960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd09ef27149467662021-12-22 11:48:18.696root 11241100x80000000000000003853961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1b971a4deed5652021-12-22 11:48:18.696root 11241100x80000000000000003853962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6b816876c2d49b2021-12-22 11:48:18.696root 11241100x80000000000000003853963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f45a8cac2fa230c2021-12-22 11:48:18.696root 11241100x80000000000000003853964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5a4025067e5cc82021-12-22 11:48:18.696root 11241100x80000000000000003853965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947171fdc158a29b2021-12-22 11:48:18.697root 11241100x80000000000000003853966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935dc03ea161a79a2021-12-22 11:48:18.697root 11241100x80000000000000003853967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f981b2d34491bf7e2021-12-22 11:48:18.697root 11241100x80000000000000003853968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecce9b2f6310a2972021-12-22 11:48:18.697root 11241100x80000000000000003853969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218006b83e21f8192021-12-22 11:48:18.697root 11241100x80000000000000003853970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11445d1dd550318d2021-12-22 11:48:18.697root 11241100x80000000000000003853971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689647a60ca438f42021-12-22 11:48:18.697root 11241100x80000000000000003853972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7845a8870029a42021-12-22 11:48:18.697root 11241100x80000000000000003853973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931d749b269331d82021-12-22 11:48:18.697root 11241100x80000000000000003853974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feef91c269fce8542021-12-22 11:48:18.697root 11241100x80000000000000003853975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669ca133700936dc2021-12-22 11:48:18.697root 11241100x80000000000000003853976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136af55af19519972021-12-22 11:48:18.697root 11241100x80000000000000003853977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cc378cc77d0f3d2021-12-22 11:48:18.698root 11241100x80000000000000003853978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f5c51e0d7bddc62021-12-22 11:48:18.698root 11241100x80000000000000003853979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed13e0317fb68782021-12-22 11:48:18.698root 11241100x80000000000000003853980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cb7da8cb5608b52021-12-22 11:48:18.698root 11241100x80000000000000003853981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cacd94047a53a5e2021-12-22 11:48:18.698root 11241100x80000000000000003853982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7173b8a22b85782021-12-22 11:48:18.698root 11241100x80000000000000003853983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bedf312d0ea1423d2021-12-22 11:48:18.698root 11241100x80000000000000003853984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e76de795c4758562021-12-22 11:48:18.698root 11241100x80000000000000003853985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab96654d0c2b8f2f2021-12-22 11:48:18.698root 11241100x80000000000000003853986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d9c65be400a9482021-12-22 11:48:18.698root 11241100x80000000000000003853987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256b79f5806e99312021-12-22 11:48:18.699root 11241100x80000000000000003853988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603274f73a2067ee2021-12-22 11:48:18.699root 11241100x80000000000000003853989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e405489bd709ded2021-12-22 11:48:18.699root 11241100x80000000000000003853990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6a03f250f3c50c2021-12-22 11:48:18.699root 11241100x80000000000000003853991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656ecdbbd9210f1f2021-12-22 11:48:18.699root 11241100x80000000000000003853992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085d1bf88fc9120b2021-12-22 11:48:18.699root 11241100x80000000000000003853993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8140b107e7f7f902021-12-22 11:48:18.699root 11241100x80000000000000003853994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05fd521a7c327ac2021-12-22 11:48:18.699root 11241100x80000000000000003853995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3fbc2e2acb989cf2021-12-22 11:48:18.699root 11241100x80000000000000003853996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c9dd6db04917712021-12-22 11:48:18.700root 11241100x80000000000000003853997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01278e17b302762e2021-12-22 11:48:18.700root 11241100x80000000000000003853998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1908db3c0b6268852021-12-22 11:48:18.700root 11241100x80000000000000003853999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619251ad6b3043a62021-12-22 11:48:18.700root 11241100x80000000000000003854000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1347689960dac242021-12-22 11:48:18.700root 11241100x80000000000000003854001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc77d4ba6275f102021-12-22 11:48:18.700root 11241100x80000000000000003854002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e96524b049de80d2021-12-22 11:48:18.700root 11241100x80000000000000003854003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e15bc1130f02632021-12-22 11:48:18.702root 11241100x80000000000000003854004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d2a87e463084d72021-12-22 11:48:18.702root 11241100x80000000000000003854005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c602ece9897bbe2021-12-22 11:48:18.702root 11241100x80000000000000003854006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3b9b06135c26562021-12-22 11:48:18.703root 11241100x80000000000000003854007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee04db2fd7575822021-12-22 11:48:18.703root 11241100x80000000000000003854008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0073af55302cf9c12021-12-22 11:48:18.703root 11241100x80000000000000003854009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585da6fd251cba2e2021-12-22 11:48:18.703root 11241100x80000000000000003854010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e2c962ad5e9e262021-12-22 11:48:18.703root 11241100x80000000000000003854011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48be4f281e980b2e2021-12-22 11:48:18.703root 11241100x80000000000000003854012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a041531dbe8c7b292021-12-22 11:48:18.703root 11241100x80000000000000003854013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e380a03aac03e12021-12-22 11:48:18.703root 11241100x80000000000000003854014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d18a8c342953082021-12-22 11:48:18.704root 11241100x80000000000000003854015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97048ee618d78562021-12-22 11:48:18.704root 11241100x80000000000000003854016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edaef4f12f0fa6e22021-12-22 11:48:18.704root 11241100x80000000000000003854017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e671f309e7f2f80b2021-12-22 11:48:18.704root 11241100x80000000000000003854018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81632259f668e8172021-12-22 11:48:18.704root 11241100x80000000000000003854019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad14f41ffe97c7e2021-12-22 11:48:18.704root 11241100x80000000000000003854020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1e50901dd05fa72021-12-22 11:48:18.705root 11241100x80000000000000003854021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89bcf48e73721f6a2021-12-22 11:48:18.705root 11241100x80000000000000003854022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2afdf40fada58c1b2021-12-22 11:48:18.705root 11241100x80000000000000003854023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80c71e1e1035eab2021-12-22 11:48:18.705root 11241100x80000000000000003854024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8476fe1c59f181e2021-12-22 11:48:18.705root 11241100x80000000000000003854025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0deec96b20825e4a2021-12-22 11:48:18.705root 11241100x80000000000000003854026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd50370acd4ca6932021-12-22 11:48:18.705root 11241100x80000000000000003854027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968789c15b85a6bf2021-12-22 11:48:18.705root 11241100x80000000000000003854028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88e4684e65479e82021-12-22 11:48:18.705root 11241100x80000000000000003854029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5661eaa49a0c2ced2021-12-22 11:48:18.705root 11241100x80000000000000003854030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c108474b930da8432021-12-22 11:48:18.705root 11241100x80000000000000003854031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ead494ba2d928192021-12-22 11:48:18.705root 11241100x80000000000000003854032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d22898b76c83032021-12-22 11:48:18.705root 11241100x80000000000000003854033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98889e1929e11762021-12-22 11:48:18.706root 11241100x80000000000000003854034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55cb3b8c5e053292021-12-22 11:48:18.706root 11241100x80000000000000003854035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a65e8562d18e6a22021-12-22 11:48:18.706root 11241100x80000000000000003854036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77eaca16c035eb32021-12-22 11:48:18.706root 11241100x80000000000000003854037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:18.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951a718cf3193cc62021-12-22 11:48:18.706root 11241100x80000000000000003854038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30af7d53dcaa3c652021-12-22 11:48:19.193root 11241100x80000000000000003854039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d2a0235770842f2021-12-22 11:48:19.193root 11241100x80000000000000003854040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071d8ce06e40f3302021-12-22 11:48:19.193root 11241100x80000000000000003854041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64f31224e24500d2021-12-22 11:48:19.193root 11241100x80000000000000003854042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47e7209c355b1402021-12-22 11:48:19.193root 11241100x80000000000000003854043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed8559d2f3812932021-12-22 11:48:19.193root 11241100x80000000000000003854044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe626d8c55a0a712021-12-22 11:48:19.193root 11241100x80000000000000003854045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfb83f203a765b82021-12-22 11:48:19.193root 11241100x80000000000000003854046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6967f66cbdba94f82021-12-22 11:48:19.194root 11241100x80000000000000003854047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ce8147b7b1e4f82021-12-22 11:48:19.194root 11241100x80000000000000003854048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a662dec862b21182021-12-22 11:48:19.194root 11241100x80000000000000003854049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5206357926565f1e2021-12-22 11:48:19.194root 11241100x80000000000000003854050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87578b4cf22fa2e12021-12-22 11:48:19.194root 11241100x80000000000000003854051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceefb7e3bcb6b61f2021-12-22 11:48:19.194root 11241100x80000000000000003854052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c144fb425c309f2021-12-22 11:48:19.194root 11241100x80000000000000003854053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4527ce517163a9682021-12-22 11:48:19.194root 11241100x80000000000000003854054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af88c094c84c54e92021-12-22 11:48:19.194root 11241100x80000000000000003854055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49d8a2c8dd62df82021-12-22 11:48:19.194root 11241100x80000000000000003854056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52b6b6fe4d93bb02021-12-22 11:48:19.195root 11241100x80000000000000003854057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0c98db997417f62021-12-22 11:48:19.195root 11241100x80000000000000003854058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a7b165fd44a82a2021-12-22 11:48:19.195root 11241100x80000000000000003854059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97908edce6e9525c2021-12-22 11:48:19.195root 11241100x80000000000000003854060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23844108ed97fca42021-12-22 11:48:19.195root 11241100x80000000000000003854061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5beb78a1019b5682021-12-22 11:48:19.195root 11241100x80000000000000003854062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b68a3f4d3ca3e532021-12-22 11:48:19.195root 11241100x80000000000000003854063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8cea805b362c652021-12-22 11:48:19.195root 11241100x80000000000000003854064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3770f9911ccb212021-12-22 11:48:19.195root 11241100x80000000000000003854065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c8a7765fdd329b2021-12-22 11:48:19.195root 11241100x80000000000000003854066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.915a43cdbb101f082021-12-22 11:48:19.196root 11241100x80000000000000003854067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536927d70317218e2021-12-22 11:48:19.196root 11241100x80000000000000003854068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1382ad80d4503a32021-12-22 11:48:19.196root 11241100x80000000000000003854069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684c22188b5a9c442021-12-22 11:48:19.196root 11241100x80000000000000003854070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058f05a41007b87a2021-12-22 11:48:19.196root 11241100x80000000000000003854071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5603da288efe5f2021-12-22 11:48:19.196root 11241100x80000000000000003854072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44a46f255f3dff32021-12-22 11:48:19.196root 11241100x80000000000000003854073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7ae10d3a3f81422021-12-22 11:48:19.196root 11241100x80000000000000003854074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807b760c63291c642021-12-22 11:48:19.196root 11241100x80000000000000003854075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400678c3c30065432021-12-22 11:48:19.196root 11241100x80000000000000003854076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee3392785d3a94e2021-12-22 11:48:19.196root 11241100x80000000000000003854077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0044237f1dd09952021-12-22 11:48:19.196root 11241100x80000000000000003854078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098ac200842ad2cc2021-12-22 11:48:19.196root 11241100x80000000000000003854079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9a39778781903b2021-12-22 11:48:19.196root 11241100x80000000000000003854080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5292447813d22ad2021-12-22 11:48:19.196root 11241100x80000000000000003854081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f769d9d07698b492021-12-22 11:48:19.196root 11241100x80000000000000003854082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee65c63fd0463762021-12-22 11:48:19.197root 11241100x80000000000000003854083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b315c88ccbabfba2021-12-22 11:48:19.197root 11241100x80000000000000003854084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e65cc65fedbc73e2021-12-22 11:48:19.197root 11241100x80000000000000003854085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1256cce2257c7f7a2021-12-22 11:48:19.197root 11241100x80000000000000003854086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e3cbb11d64d30f2021-12-22 11:48:19.197root 11241100x80000000000000003854087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738d48d7ab75206e2021-12-22 11:48:19.197root 11241100x80000000000000003854088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e8d3f9b84875552021-12-22 11:48:19.197root 11241100x80000000000000003854089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce71565e372055f12021-12-22 11:48:19.197root 11241100x80000000000000003854090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.739069486d58da172021-12-22 11:48:19.197root 11241100x80000000000000003854091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c72e6665775b7e52021-12-22 11:48:19.197root 11241100x80000000000000003854092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb19410b65c0b5d2021-12-22 11:48:19.197root 11241100x80000000000000003854093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9291cd359e146512021-12-22 11:48:19.197root 11241100x80000000000000003854094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec2c55ccd6d34052021-12-22 11:48:19.198root 11241100x80000000000000003854095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7324c2da46899a302021-12-22 11:48:19.198root 11241100x80000000000000003854096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16478982c0af1772021-12-22 11:48:19.198root 11241100x80000000000000003854097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ab0e0f0ae5c49c2021-12-22 11:48:19.198root 11241100x80000000000000003854098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ab31d2eeadcf242021-12-22 11:48:19.198root 11241100x80000000000000003854099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8436eb77caa12ea22021-12-22 11:48:19.198root 11241100x80000000000000003854100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a668acee8017f4e2021-12-22 11:48:19.199root 11241100x80000000000000003854101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6eb4896b98fdd32021-12-22 11:48:19.199root 11241100x80000000000000003854102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252a622bf1ae01c42021-12-22 11:48:19.199root 11241100x80000000000000003854103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb8dfb8d22c35ef2021-12-22 11:48:19.199root 11241100x80000000000000003854104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e6525fe8a2e5cd2021-12-22 11:48:19.199root 11241100x80000000000000003854105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ebe200d5086e002021-12-22 11:48:19.199root 11241100x80000000000000003854106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5e661950c33a282021-12-22 11:48:19.199root 11241100x80000000000000003854107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e6a60b570d4cde2021-12-22 11:48:19.199root 11241100x80000000000000003854108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac65a69f323330392021-12-22 11:48:19.199root 11241100x80000000000000003854109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df42a62af2e335b72021-12-22 11:48:19.199root 11241100x80000000000000003854110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0caebbb1ce6942c82021-12-22 11:48:19.199root 11241100x80000000000000003854111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27dcf9acc49b3562021-12-22 11:48:19.199root 11241100x80000000000000003854112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c92112fbc7cba332021-12-22 11:48:19.200root 11241100x80000000000000003854113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697c316949f013122021-12-22 11:48:19.200root 11241100x80000000000000003854114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf2a3ca1751d17d2021-12-22 11:48:19.200root 11241100x80000000000000003854115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612d9298a80efc822021-12-22 11:48:19.200root 11241100x80000000000000003854116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b71d30437e32c82021-12-22 11:48:19.200root 11241100x80000000000000003854117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deaacd68ba05f1d92021-12-22 11:48:19.200root 11241100x80000000000000003854118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac1b305c30b36d52021-12-22 11:48:19.200root 11241100x80000000000000003854119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d953457dcfaeb52021-12-22 11:48:19.200root 11241100x80000000000000003854120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6341737e6d22e3a92021-12-22 11:48:19.200root 11241100x80000000000000003854121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51bff4e5790784ed2021-12-22 11:48:19.200root 11241100x80000000000000003854122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a577de2913a3f4882021-12-22 11:48:19.200root 11241100x80000000000000003854123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81226d580b0a08e12021-12-22 11:48:19.201root 11241100x80000000000000003854124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61acd02f5eb9ad532021-12-22 11:48:19.201root 11241100x80000000000000003854125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ea857e521526d92021-12-22 11:48:19.201root 11241100x80000000000000003854126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662346cd614bee1c2021-12-22 11:48:19.201root 11241100x80000000000000003854127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f2de62e1843a612021-12-22 11:48:19.201root 11241100x80000000000000003854128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae6be93904086282021-12-22 11:48:19.201root 11241100x80000000000000003854129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3433560cccfaf72021-12-22 11:48:19.201root 11241100x80000000000000003854130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99725ed71d31e202021-12-22 11:48:19.201root 11241100x80000000000000003854131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80333d9136812e532021-12-22 11:48:19.201root 11241100x80000000000000003854132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5f0f421f6417b72021-12-22 11:48:19.201root 11241100x80000000000000003854133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa0fc121ae85d382021-12-22 11:48:19.201root 11241100x80000000000000003854134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde968f2c01952992021-12-22 11:48:19.202root 11241100x80000000000000003854135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261f340470b1c4692021-12-22 11:48:19.202root 11241100x80000000000000003854136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5119c2911b952c6f2021-12-22 11:48:19.202root 11241100x80000000000000003854137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc5ee239d89cc362021-12-22 11:48:19.202root 11241100x80000000000000003854138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40170574a40d1c0c2021-12-22 11:48:19.202root 11241100x80000000000000003854139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eed411275a8dda82021-12-22 11:48:19.202root 11241100x80000000000000003854140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e462ef30935d1fef2021-12-22 11:48:19.202root 11241100x80000000000000003854141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c75c63f777931a52021-12-22 11:48:19.202root 11241100x80000000000000003854142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a899fde3a8a4ebfe2021-12-22 11:48:19.202root 11241100x80000000000000003854143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b4fc964a962e082021-12-22 11:48:19.202root 11241100x80000000000000003854144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b9e2dc463adac62021-12-22 11:48:19.203root 11241100x80000000000000003854145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6127fc80cd85c88c2021-12-22 11:48:19.203root 11241100x80000000000000003854146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c682b015d3b8ce2021-12-22 11:48:19.203root 11241100x80000000000000003854147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e93e3f4c54b86ee2021-12-22 11:48:19.203root 11241100x80000000000000003854148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ffee50733d132cc2021-12-22 11:48:19.203root 11241100x80000000000000003854149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7303d7116c19572021-12-22 11:48:19.203root 11241100x80000000000000003854150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ec083536d949812021-12-22 11:48:19.203root 11241100x80000000000000003854151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4edecfa21efa422021-12-22 11:48:19.203root 11241100x80000000000000003854152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9257de54a167a392021-12-22 11:48:19.204root 11241100x80000000000000003854153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa26d5825ee1f7422021-12-22 11:48:19.204root 11241100x80000000000000003854154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5dd5c10e4a2326e2021-12-22 11:48:19.204root 11241100x80000000000000003854155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15cedf92f206776c2021-12-22 11:48:19.204root 11241100x80000000000000003854156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7568334bc5fcdc182021-12-22 11:48:19.204root 11241100x80000000000000003854157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add06f5c4635af892021-12-22 11:48:19.204root 11241100x80000000000000003854158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6889ea3655073b312021-12-22 11:48:19.204root 11241100x80000000000000003854159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.727ba5c6d36614562021-12-22 11:48:19.204root 11241100x80000000000000003854160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f24d1081d58efee2021-12-22 11:48:19.204root 11241100x80000000000000003854161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d383747d03a1bd1b2021-12-22 11:48:19.204root 11241100x80000000000000003854162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8c4669510f7c4c2021-12-22 11:48:19.204root 11241100x80000000000000003854163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c6ce68b5928f4a2021-12-22 11:48:19.204root 11241100x80000000000000003854164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d466dbb37592f6a42021-12-22 11:48:19.205root 11241100x80000000000000003854165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e82e7fd0e5cb082021-12-22 11:48:19.205root 11241100x80000000000000003854166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b991b1a9a988e7c52021-12-22 11:48:19.205root 11241100x80000000000000003854167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b3e43dbd89309d2021-12-22 11:48:19.205root 11241100x80000000000000003854168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978cac1f2b23de912021-12-22 11:48:19.205root 11241100x80000000000000003854169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07183127007dcca62021-12-22 11:48:19.205root 11241100x80000000000000003854170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eaddd2daa7aadd42021-12-22 11:48:19.205root 11241100x80000000000000003854171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bd0f48fd4233312021-12-22 11:48:19.205root 11241100x80000000000000003854172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d24b9ec40e0d82d2021-12-22 11:48:19.205root 11241100x80000000000000003854173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c58a458b8b4dd22021-12-22 11:48:19.206root 11241100x80000000000000003854174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3df87a2f0967d722021-12-22 11:48:19.206root 11241100x80000000000000003854175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba9154ae5744f862021-12-22 11:48:19.206root 11241100x80000000000000003854176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065157ad444da7df2021-12-22 11:48:19.206root 11241100x80000000000000003854177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd4ff26c204673b2021-12-22 11:48:19.206root 11241100x80000000000000003854178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab31b8e308314cfb2021-12-22 11:48:19.206root 11241100x80000000000000003854179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f5fcc31dcf19532021-12-22 11:48:19.206root 11241100x80000000000000003854180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5626108ff0f0f1c42021-12-22 11:48:19.206root 11241100x80000000000000003854181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2185b6963fccf5532021-12-22 11:48:19.206root 11241100x80000000000000003854182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431ec818f90bbfba2021-12-22 11:48:19.206root 11241100x80000000000000003854183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8c6717d88f5e732021-12-22 11:48:19.206root 11241100x80000000000000003854184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a31b666828a2a02021-12-22 11:48:19.207root 11241100x80000000000000003854185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e638a27c7b7d55b2021-12-22 11:48:19.207root 11241100x80000000000000003854186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eefe817086be96f52021-12-22 11:48:19.207root 11241100x80000000000000003854187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6990dcf48ca87142021-12-22 11:48:19.207root 11241100x80000000000000003854188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf3ba23ce59ab782021-12-22 11:48:19.207root 11241100x80000000000000003854189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d914440b9dfe042021-12-22 11:48:19.207root 11241100x80000000000000003854190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97914c2169bd56db2021-12-22 11:48:19.207root 11241100x80000000000000003854191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b192365583b093ba2021-12-22 11:48:19.207root 11241100x80000000000000003854192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02985fc636e45bba2021-12-22 11:48:19.207root 11241100x80000000000000003854193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf0bc3d9ae62f0a42021-12-22 11:48:19.207root 11241100x80000000000000003854194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41ed7787c3f27642021-12-22 11:48:19.208root 11241100x80000000000000003854195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e42f40a15149f02021-12-22 11:48:19.208root 11241100x80000000000000003854196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9942fc356485a9732021-12-22 11:48:19.208root 11241100x80000000000000003854197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610e02b98f4604302021-12-22 11:48:19.208root 11241100x80000000000000003854198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5f8139d231bee32021-12-22 11:48:19.208root 11241100x80000000000000003854199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7ca10ff579113d2021-12-22 11:48:19.208root 11241100x80000000000000003854200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c65bc034e872602021-12-22 11:48:19.208root 11241100x80000000000000003854201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c10a28bd756e4d2021-12-22 11:48:19.208root 11241100x80000000000000003854202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55722ac97633c3182021-12-22 11:48:19.209root 11241100x80000000000000003854203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a3105c733214d62021-12-22 11:48:19.209root 11241100x80000000000000003854204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb15eab09756cca2021-12-22 11:48:19.209root 11241100x80000000000000003854205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc17cbc44caf5972021-12-22 11:48:19.209root 11241100x80000000000000003854206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bff08cba2d567c72021-12-22 11:48:19.209root 11241100x80000000000000003854207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3aff156eb69dc1b2021-12-22 11:48:19.209root 11241100x80000000000000003854208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a3a1c42c4295042021-12-22 11:48:19.209root 11241100x80000000000000003854209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a666fc2f489fa42021-12-22 11:48:19.210root 11241100x80000000000000003854210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a424d82e421089f2021-12-22 11:48:19.210root 11241100x80000000000000003854211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa93b14ff151f5922021-12-22 11:48:19.210root 11241100x80000000000000003854212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72019a566180625e2021-12-22 11:48:19.210root 11241100x80000000000000003854213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e00c2ee8ff8c162021-12-22 11:48:19.210root 11241100x80000000000000003854214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf23bbdac631ca02021-12-22 11:48:19.210root 11241100x80000000000000003854215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9165bf7f18cd69722021-12-22 11:48:19.210root 11241100x80000000000000003854216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56285008bb4b3cf62021-12-22 11:48:19.210root 11241100x80000000000000003854217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22014c163ad2caa82021-12-22 11:48:19.210root 11241100x80000000000000003854218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff993dd53219bf22021-12-22 11:48:19.211root 11241100x80000000000000003854219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd49931007321942021-12-22 11:48:19.211root 11241100x80000000000000003854220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d67e324ffab5952021-12-22 11:48:19.211root 11241100x80000000000000003854221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880f75589cbaf0912021-12-22 11:48:19.211root 11241100x80000000000000003854222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf05f92521e5b4722021-12-22 11:48:19.211root 11241100x80000000000000003854223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe27c8d243a462c2021-12-22 11:48:19.211root 11241100x80000000000000003854224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62acde2b0f6ff8b52021-12-22 11:48:19.211root 11241100x80000000000000003854225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfe43568538d0e12021-12-22 11:48:19.212root 11241100x80000000000000003854226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54906e0f9a167c402021-12-22 11:48:19.212root 11241100x80000000000000003854227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc0b0dff35d19302021-12-22 11:48:19.212root 11241100x80000000000000003854228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eaf205ab006ab352021-12-22 11:48:19.212root 11241100x80000000000000003854229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc84cfe0de3dc0e22021-12-22 11:48:19.212root 11241100x80000000000000003854230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0696cc11bbd7b42021-12-22 11:48:19.693root 11241100x80000000000000003854231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54237fb7dfd6c3c2021-12-22 11:48:19.693root 11241100x80000000000000003854232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfac479c5bdb2a052021-12-22 11:48:19.693root 11241100x80000000000000003854233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0b947fe9fafeca2021-12-22 11:48:19.693root 11241100x80000000000000003854234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06126e15dc5daada2021-12-22 11:48:19.693root 11241100x80000000000000003854235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc2078b68d174e52021-12-22 11:48:19.693root 11241100x80000000000000003854236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0545dc7978a097542021-12-22 11:48:19.694root 11241100x80000000000000003854237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb396d7f39333fe2021-12-22 11:48:19.694root 11241100x80000000000000003854238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7258f639edaac3b02021-12-22 11:48:19.694root 11241100x80000000000000003854239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca2db27d2f30afe2021-12-22 11:48:19.694root 11241100x80000000000000003854240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a53ea7b01b87f452021-12-22 11:48:19.694root 11241100x80000000000000003854241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df828e1bfd08c4252021-12-22 11:48:19.694root 11241100x80000000000000003854242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bacb0289c078c2692021-12-22 11:48:19.694root 11241100x80000000000000003854243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b6411aab8bbdcb2021-12-22 11:48:19.694root 11241100x80000000000000003854244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabdf6074aa4319d2021-12-22 11:48:19.695root 11241100x80000000000000003854245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79c6e342001946d2021-12-22 11:48:19.695root 11241100x80000000000000003854246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4a9c696b4fa0892021-12-22 11:48:19.695root 11241100x80000000000000003854247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c28870bbb856522021-12-22 11:48:19.695root 11241100x80000000000000003854248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4831be7721bcf0c32021-12-22 11:48:19.695root 11241100x80000000000000003854249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b0949bac7777c02021-12-22 11:48:19.695root 11241100x80000000000000003854250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56ee63200583a162021-12-22 11:48:19.695root 11241100x80000000000000003854251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0403df2ac3460f2021-12-22 11:48:19.695root 11241100x80000000000000003854252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac217236d33a180f2021-12-22 11:48:19.695root 11241100x80000000000000003854253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe1cb5999fab8982021-12-22 11:48:19.695root 11241100x80000000000000003854254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c87f036559ea3f2021-12-22 11:48:19.696root 11241100x80000000000000003854255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa30e27a696d2af2021-12-22 11:48:19.696root 11241100x80000000000000003854256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb34daab37b0eaf2021-12-22 11:48:19.696root 11241100x80000000000000003854257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9323531769fb5d32021-12-22 11:48:19.696root 11241100x80000000000000003854258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400c7afe7e8b70962021-12-22 11:48:19.696root 11241100x80000000000000003854259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3e73232d6bcc592021-12-22 11:48:19.696root 11241100x80000000000000003854260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0133f102052e9dca2021-12-22 11:48:19.696root 11241100x80000000000000003854261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5589ea55107302512021-12-22 11:48:19.696root 11241100x80000000000000003854262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30caef756672a9532021-12-22 11:48:19.696root 11241100x80000000000000003854263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774d29176aeaca8e2021-12-22 11:48:19.696root 11241100x80000000000000003854264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c5ac050f7747fe2021-12-22 11:48:19.697root 11241100x80000000000000003854265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd6cd959a8a70502021-12-22 11:48:19.697root 11241100x80000000000000003854266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6bdfbc8723a5632021-12-22 11:48:19.697root 11241100x80000000000000003854267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b988bcb155c59de2021-12-22 11:48:19.697root 11241100x80000000000000003854268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65476adf10c314c42021-12-22 11:48:19.697root 11241100x80000000000000003854269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d683fcfe164ce6022021-12-22 11:48:19.697root 11241100x80000000000000003854270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79097648b5eeeb852021-12-22 11:48:19.697root 11241100x80000000000000003854271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534c373d85d8acb92021-12-22 11:48:19.697root 11241100x80000000000000003854272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fbb7345bd74b5e62021-12-22 11:48:19.697root 11241100x80000000000000003854273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a83c2b1f20732e62021-12-22 11:48:19.698root 11241100x80000000000000003854274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb782c0de2d3734c2021-12-22 11:48:19.698root 11241100x80000000000000003854275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507e102d3ced16c82021-12-22 11:48:19.698root 11241100x80000000000000003854276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bd54ab761d0e2f2021-12-22 11:48:19.698root 11241100x80000000000000003854277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2482b71d35f4212021-12-22 11:48:19.698root 11241100x80000000000000003854278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41da62c543f184b2021-12-22 11:48:19.699root 11241100x80000000000000003854279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25d9f889698ec992021-12-22 11:48:19.699root 11241100x80000000000000003854280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c835958f5aa7a0e2021-12-22 11:48:19.699root 11241100x80000000000000003854281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51206d0b6200cf92021-12-22 11:48:19.699root 11241100x80000000000000003854282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43214e4966cb977a2021-12-22 11:48:19.700root 11241100x80000000000000003854283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb2c0cfaab0e1c52021-12-22 11:48:19.700root 11241100x80000000000000003854284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8622cff1d89f652021-12-22 11:48:19.700root 11241100x80000000000000003854285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4591577983b6a5b2021-12-22 11:48:19.701root 11241100x80000000000000003854286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a96dd2e654fd4c2021-12-22 11:48:19.701root 11241100x80000000000000003854287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d84336a3ec88d0c2021-12-22 11:48:19.701root 11241100x80000000000000003854288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81da7ff05e7108482021-12-22 11:48:19.701root 11241100x80000000000000003854289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb136d7ca3b20742021-12-22 11:48:19.702root 11241100x80000000000000003854290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a76bab33b574f8d32021-12-22 11:48:19.702root 11241100x80000000000000003854291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad129f303e4fa96b2021-12-22 11:48:19.702root 11241100x80000000000000003854292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff64ebbc608ab0a32021-12-22 11:48:19.702root 11241100x80000000000000003854293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3d256d822ecf872021-12-22 11:48:19.702root 11241100x80000000000000003854294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118248470f8833cb2021-12-22 11:48:19.703root 11241100x80000000000000003854295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e75d62286249d62021-12-22 11:48:19.703root 11241100x80000000000000003854296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051d78d84c3aa7682021-12-22 11:48:19.703root 11241100x80000000000000003854297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a8588ab948c8de2021-12-22 11:48:19.703root 11241100x80000000000000003854298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfb28b593486b9b2021-12-22 11:48:19.703root 11241100x80000000000000003854299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470b5b4fdc8fd46a2021-12-22 11:48:19.703root 11241100x80000000000000003854300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c6c4b429f32cd42021-12-22 11:48:19.703root 11241100x80000000000000003854301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076a15bc50213e5e2021-12-22 11:48:19.703root 11241100x80000000000000003854302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd10be65052470eb2021-12-22 11:48:19.703root 11241100x80000000000000003854303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97eb389cf6b75342021-12-22 11:48:19.703root 11241100x80000000000000003854304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5b9b683aaa1d982021-12-22 11:48:19.704root 11241100x80000000000000003854305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c146ac4505679e92021-12-22 11:48:19.704root 11241100x80000000000000003854306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71bba90d481a201a2021-12-22 11:48:19.704root 11241100x80000000000000003854307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d9f3dc6e2719842021-12-22 11:48:19.704root 11241100x80000000000000003854308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931943ed9139e19f2021-12-22 11:48:19.704root 11241100x80000000000000003854309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17340e00bfe6c4a32021-12-22 11:48:19.704root 11241100x80000000000000003854310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f348816769e4ab62021-12-22 11:48:19.705root 11241100x80000000000000003854311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73145af5ec7044d82021-12-22 11:48:19.705root 11241100x80000000000000003854312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3c6bb54f89ec6f2021-12-22 11:48:19.705root 11241100x80000000000000003854313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bcc7ffe7119bbe2021-12-22 11:48:19.705root 11241100x80000000000000003854314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3b3d6b3fd909952021-12-22 11:48:19.705root 11241100x80000000000000003854315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f4a91bbb51aa6d2021-12-22 11:48:19.706root 11241100x80000000000000003854316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e75ed87348b4da2021-12-22 11:48:19.706root 11241100x80000000000000003854317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43cdc748cce17a932021-12-22 11:48:19.706root 11241100x80000000000000003854318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286b47e98bace34c2021-12-22 11:48:19.706root 11241100x80000000000000003854319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52fe9735c83597a82021-12-22 11:48:19.706root 11241100x80000000000000003854320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d19bd41f9bfe982021-12-22 11:48:19.707root 11241100x80000000000000003854321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6388ddb01bc8d7262021-12-22 11:48:19.707root 11241100x80000000000000003854322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e60149fb1913dd52021-12-22 11:48:19.707root 11241100x80000000000000003854323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294e5b0e463381f62021-12-22 11:48:19.708root 11241100x80000000000000003854324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e42939a69b777252021-12-22 11:48:19.708root 11241100x80000000000000003854325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c7d9a3d3a7bd4c2021-12-22 11:48:19.708root 11241100x80000000000000003854326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723b00c74b8c15e22021-12-22 11:48:19.708root 11241100x80000000000000003854327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f040ddc1274e032021-12-22 11:48:19.708root 11241100x80000000000000003854328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ee8f5063a7fec82021-12-22 11:48:19.708root 11241100x80000000000000003854329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0e0cad737a0de82021-12-22 11:48:19.708root 11241100x80000000000000003854330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081ec60c76cdf7772021-12-22 11:48:19.709root 11241100x80000000000000003854331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737349c94eefd5362021-12-22 11:48:19.709root 11241100x80000000000000003854332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2806101c2f5b6c2021-12-22 11:48:19.709root 11241100x80000000000000003854333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0a6e2f1d1c3a5b2021-12-22 11:48:19.709root 11241100x80000000000000003854334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a378c790ead97102021-12-22 11:48:19.710root 11241100x80000000000000003854335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e16c0ce447dc4ee2021-12-22 11:48:19.710root 11241100x80000000000000003854336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac1cec25dd382742021-12-22 11:48:19.710root 11241100x80000000000000003854337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c90f784a9061ab42021-12-22 11:48:19.710root 11241100x80000000000000003854338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6cdc628e6e6510f2021-12-22 11:48:19.710root 11241100x80000000000000003854339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b460ee973bef722021-12-22 11:48:19.710root 11241100x80000000000000003854340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c02231f5337ae82021-12-22 11:48:19.710root 11241100x80000000000000003854341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9a3952d38a4eaf2021-12-22 11:48:19.710root 11241100x80000000000000003854342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88683b30669474a2021-12-22 11:48:19.711root 11241100x80000000000000003854343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87244d96b77a40d2021-12-22 11:48:19.711root 11241100x80000000000000003854344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cdcde012b4012b52021-12-22 11:48:19.711root 11241100x80000000000000003854345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a11f8083706cdbb2021-12-22 11:48:19.711root 11241100x80000000000000003854346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f2645446cf5e742021-12-22 11:48:19.711root 11241100x80000000000000003854347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6802c0b5f65d6aaa2021-12-22 11:48:19.711root 11241100x80000000000000003854348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0d6741fe03abc02021-12-22 11:48:19.711root 11241100x80000000000000003854349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb937b86d99b6762021-12-22 11:48:19.711root 11241100x80000000000000003854350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862c38e91bea787a2021-12-22 11:48:19.712root 11241100x80000000000000003854351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7335797ee40c5642021-12-22 11:48:19.712root 11241100x80000000000000003854352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c45a1d3ca0a9cd2021-12-22 11:48:19.712root 11241100x80000000000000003854353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e1ead0ad8f0c262021-12-22 11:48:19.712root 11241100x80000000000000003854354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e2ec8f129f04652021-12-22 11:48:19.712root 11241100x80000000000000003854355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e9c794a2d014542021-12-22 11:48:19.712root 11241100x80000000000000003854356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39992ce70088e59e2021-12-22 11:48:19.712root 11241100x80000000000000003854357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4104917ad6ffce182021-12-22 11:48:19.713root 11241100x80000000000000003854358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5fbc04a317415fa2021-12-22 11:48:19.713root 11241100x80000000000000003854359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a8f706212a826e2021-12-22 11:48:19.713root 11241100x80000000000000003854360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a43bd2bc2f87bb82021-12-22 11:48:19.713root 11241100x80000000000000003854361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e05a0b90c55a7f2021-12-22 11:48:19.713root 11241100x80000000000000003854362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012ba5348a61b9972021-12-22 11:48:19.713root 11241100x80000000000000003854363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb9c010ab76597d2021-12-22 11:48:19.714root 11241100x80000000000000003854364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e03f8ec6e08eaa2021-12-22 11:48:19.714root 11241100x80000000000000003854365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2288581a0d6caea2021-12-22 11:48:19.714root 11241100x80000000000000003854366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e743926adf5ba3a12021-12-22 11:48:19.714root 11241100x80000000000000003854367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18084074d3a304c2021-12-22 11:48:19.714root 11241100x80000000000000003854368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba4ee1bed4f91be2021-12-22 11:48:19.715root 11241100x80000000000000003854369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4737158f33786102021-12-22 11:48:19.715root 11241100x80000000000000003854370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dac94822b0047152021-12-22 11:48:19.715root 11241100x80000000000000003854371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca899a130b1992c62021-12-22 11:48:19.715root 11241100x80000000000000003854372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36862cee23bf47b32021-12-22 11:48:19.715root 11241100x80000000000000003854373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b177932021f0fe2021-12-22 11:48:19.715root 11241100x80000000000000003854374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4952dd4eb47e4d222021-12-22 11:48:19.715root 11241100x80000000000000003854375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a311017cf9b69de2021-12-22 11:48:19.716root 11241100x80000000000000003854376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbe3749bf451d752021-12-22 11:48:19.716root 11241100x80000000000000003854377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c8f5de02ec7bcc2021-12-22 11:48:19.716root 11241100x80000000000000003854378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9530722a4e156d22021-12-22 11:48:19.716root 11241100x80000000000000003854379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e18764a14cdd1402021-12-22 11:48:19.716root 11241100x80000000000000003854380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6a278b8a4a91da2021-12-22 11:48:19.716root 11241100x80000000000000003854381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c6a62c1bb95ae22021-12-22 11:48:19.717root 11241100x80000000000000003854382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf4958c3b4ef24f2021-12-22 11:48:19.717root 11241100x80000000000000003854383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ff53af4e8fab962021-12-22 11:48:19.717root 11241100x80000000000000003854384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd99b5e1e959cca2021-12-22 11:48:19.717root 11241100x80000000000000003854385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bdd9facc0488c5a2021-12-22 11:48:19.717root 11241100x80000000000000003854386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2fe0e7fc976f552021-12-22 11:48:19.718root 11241100x80000000000000003854387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15eeae98b534e9462021-12-22 11:48:19.718root 11241100x80000000000000003854388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffa2554600f0c0c2021-12-22 11:48:19.718root 11241100x80000000000000003854389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076cf3affa03ee342021-12-22 11:48:19.718root 11241100x80000000000000003854390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0647ea659de79962021-12-22 11:48:19.718root 11241100x80000000000000003854391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510a47bc82503a9c2021-12-22 11:48:19.719root 11241100x80000000000000003854392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa253e3b11f78ed02021-12-22 11:48:19.719root 11241100x80000000000000003854393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f5a2de4de86dbf2021-12-22 11:48:19.719root 11241100x80000000000000003854394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8804396b17cefcea2021-12-22 11:48:19.719root 11241100x80000000000000003854395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81b89083591587c2021-12-22 11:48:19.719root 11241100x80000000000000003854396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03d4f4e9026f3692021-12-22 11:48:19.720root 11241100x80000000000000003854397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776281dc4c6216882021-12-22 11:48:19.720root 11241100x80000000000000003854398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7120e6f35ab5e8772021-12-22 11:48:19.720root 11241100x80000000000000003854399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaca9a96707f96a02021-12-22 11:48:19.720root 11241100x80000000000000003854400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35116e1209acbee2021-12-22 11:48:19.720root 11241100x80000000000000003854401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9101b975c6857bba2021-12-22 11:48:19.720root 11241100x80000000000000003854402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edadce175fb346172021-12-22 11:48:19.720root 11241100x80000000000000003854403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c447d59023485692021-12-22 11:48:19.721root 11241100x80000000000000003854404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6eba1e18f48e0862021-12-22 11:48:19.721root 11241100x80000000000000003854405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f482193c01a47fe22021-12-22 11:48:19.721root 11241100x80000000000000003854406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257821d411ccf6c42021-12-22 11:48:19.721root 11241100x80000000000000003854407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83015cf58c08dc922021-12-22 11:48:19.721root 11241100x80000000000000003854408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983aff3431bbf15d2021-12-22 11:48:19.721root 11241100x80000000000000003854409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf3cdaf449fc0eb2021-12-22 11:48:19.721root 11241100x80000000000000003854410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d06bce769613faa2021-12-22 11:48:19.722root 11241100x80000000000000003854411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69511e482c90f5de2021-12-22 11:48:19.722root 11241100x80000000000000003854412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97914604020cbf252021-12-22 11:48:19.722root 11241100x80000000000000003854413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804508348a2b77632021-12-22 11:48:19.722root 11241100x80000000000000003854414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78e44c7133bac652021-12-22 11:48:19.722root 11241100x80000000000000003854415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cfd25ac10309fe62021-12-22 11:48:19.722root 11241100x80000000000000003854416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20177d6cc80027d12021-12-22 11:48:19.722root 11241100x80000000000000003854417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b91eb2c5e904dc2021-12-22 11:48:19.722root 11241100x80000000000000003854418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad4384c76d7e7a32021-12-22 11:48:19.723root 11241100x80000000000000003854419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441103fed7b4ada22021-12-22 11:48:19.723root 11241100x80000000000000003854420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696d46fb91f794ab2021-12-22 11:48:19.723root 11241100x80000000000000003854421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8be47f18e8e11b2021-12-22 11:48:19.723root 11241100x80000000000000003854422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82a7937ebf289bc2021-12-22 11:48:19.723root 11241100x80000000000000003854423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfec8ef9c4b53f372021-12-22 11:48:19.724root 11241100x80000000000000003854424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1032b7fe2b74c12021-12-22 11:48:19.724root 11241100x80000000000000003854425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36aaf125f51f3512021-12-22 11:48:19.724root 11241100x80000000000000003854426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1929b9c73e184b782021-12-22 11:48:19.724root 11241100x80000000000000003854427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4cb064b90d39352021-12-22 11:48:19.724root 11241100x80000000000000003854428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5981b379ec85632021-12-22 11:48:19.724root 11241100x80000000000000003854429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c2c37960d669642021-12-22 11:48:19.725root 11241100x80000000000000003854430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6130e495220f3cf42021-12-22 11:48:19.725root 11241100x80000000000000003854431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28279835e6b88fac2021-12-22 11:48:19.725root 11241100x80000000000000003854432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d318f0987190f2c02021-12-22 11:48:19.725root 11241100x80000000000000003854433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274087d470a0f83e2021-12-22 11:48:19.725root 11241100x80000000000000003854434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c380261f67ea6b62021-12-22 11:48:19.726root 11241100x80000000000000003854435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167c8f79818030052021-12-22 11:48:19.726root 11241100x80000000000000003854436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded9d336ea3e47d92021-12-22 11:48:19.726root 11241100x80000000000000003854437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e60b753a9b8dc642021-12-22 11:48:19.726root 11241100x80000000000000003854438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84206c3ad51eed512021-12-22 11:48:19.726root 11241100x80000000000000003854439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bce677f34228eb12021-12-22 11:48:19.727root 11241100x80000000000000003854440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f43ba17132d19c62021-12-22 11:48:19.727root 11241100x80000000000000003854441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7ed02170246c562021-12-22 11:48:19.727root 11241100x80000000000000003854442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2324a042fb89175b2021-12-22 11:48:19.727root 11241100x80000000000000003854443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf1afce7052abe62021-12-22 11:48:19.727root 11241100x80000000000000003854444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd244e4292246c282021-12-22 11:48:19.727root 11241100x80000000000000003854445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f402628cb5e248c2021-12-22 11:48:19.728root 11241100x80000000000000003854446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274df0194467d4b82021-12-22 11:48:19.728root 11241100x80000000000000003854447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ccb573f2a5a4442021-12-22 11:48:19.728root 11241100x80000000000000003854448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d97ceb6e645b9f2021-12-22 11:48:19.728root 11241100x80000000000000003854449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5c53f54a0afc6f2021-12-22 11:48:19.728root 11241100x80000000000000003854450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.729{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2caa150888f25c942021-12-22 11:48:19.729root 11241100x80000000000000003854451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.729{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ef8c862f7b91cf2021-12-22 11:48:19.729root 11241100x80000000000000003854452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.729{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5dd8f8df956f742021-12-22 11:48:19.729root 11241100x80000000000000003854453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.729{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154d5b40a1cc09612021-12-22 11:48:19.729root 11241100x80000000000000003854454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.729{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174b52d6e07d73972021-12-22 11:48:19.729root 11241100x80000000000000003854455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.730{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da4232a1e3bd9a8a2021-12-22 11:48:19.730root 11241100x80000000000000003854456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.730{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ccecf7cb4cb2902021-12-22 11:48:19.730root 11241100x80000000000000003854457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.730{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27ee851d3438c0e2021-12-22 11:48:19.730root 11241100x80000000000000003854458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.730{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d6e54fa79ae7032021-12-22 11:48:19.730root 11241100x80000000000000003854459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.730{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b129d1f8c59b6eb82021-12-22 11:48:19.730root 11241100x80000000000000003854460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.731{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2f51286dd53fe92021-12-22 11:48:19.731root 11241100x80000000000000003854461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.731{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e77c0288244b992021-12-22 11:48:19.731root 11241100x80000000000000003854462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.731{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bfcac1e24c555832021-12-22 11:48:19.731root 11241100x80000000000000003854463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.731{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2030d3ccc92b4af62021-12-22 11:48:19.731root 11241100x80000000000000003854464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8403fdf05bef9e22021-12-22 11:48:19.732root 11241100x80000000000000003854465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6369d3439bde18fa2021-12-22 11:48:19.732root 11241100x80000000000000003854466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14410173c39088312021-12-22 11:48:19.732root 11241100x80000000000000003854467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112b7273c28e892d2021-12-22 11:48:19.732root 11241100x80000000000000003854468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56acf95d573f475f2021-12-22 11:48:19.732root 11241100x80000000000000003854469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07184f069670c9e52021-12-22 11:48:19.732root 11241100x80000000000000003854470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33fcfe07cf48e2ef2021-12-22 11:48:19.733root 11241100x80000000000000003854471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4cadba41412ca62021-12-22 11:48:19.733root 11241100x80000000000000003854472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d049b71c312f70d2021-12-22 11:48:19.733root 11241100x80000000000000003854473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f46ba72e0d50882021-12-22 11:48:19.733root 11241100x80000000000000003854474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ecaf91c3d0976352021-12-22 11:48:19.733root 11241100x80000000000000003854475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.734{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbea73d7cc3290db2021-12-22 11:48:19.734root 11241100x80000000000000003854476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.734{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c72cda4fdc12672021-12-22 11:48:19.734root 11241100x80000000000000003854477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.734{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ee9c34be3c05882021-12-22 11:48:19.734root 11241100x80000000000000003854478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.734{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d15b87e262c6222021-12-22 11:48:19.734root 11241100x80000000000000003854479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.734{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdccb83b6e1f9d962021-12-22 11:48:19.734root 11241100x80000000000000003854480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.735{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b33bf71e22cb34d2021-12-22 11:48:19.735root 11241100x80000000000000003854481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.735{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596cd54e4b2333922021-12-22 11:48:19.735root 11241100x80000000000000003854482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.735{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2eba9cf8af7e0c82021-12-22 11:48:19.735root 11241100x80000000000000003854483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.735{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc76818cfc5ddf22021-12-22 11:48:19.735root 11241100x80000000000000003854484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.735{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f032268d367655a2021-12-22 11:48:19.735root 11241100x80000000000000003854485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.736{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4553efdbc7baccef2021-12-22 11:48:19.736root 11241100x80000000000000003854486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.736{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5775f8d6eb3463442021-12-22 11:48:19.736root 11241100x80000000000000003854487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.736{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b105b2953615cd4f2021-12-22 11:48:19.736root 11241100x80000000000000003854488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.736{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19876ac3fc589bbc2021-12-22 11:48:19.736root 11241100x80000000000000003854489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.736{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135f9cbc78b0f2eb2021-12-22 11:48:19.736root 11241100x80000000000000003854490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.736{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8bc5cf1bb85e512021-12-22 11:48:19.736root 11241100x80000000000000003854491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.737{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4442aa4279d06a6f2021-12-22 11:48:19.737root 11241100x80000000000000003854492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.737{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f578288bceadb5002021-12-22 11:48:19.737root 11241100x80000000000000003854493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.737{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78fa9467cdcee662021-12-22 11:48:19.737root 11241100x80000000000000003854494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.737{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa9736924f939fe2021-12-22 11:48:19.737root 11241100x80000000000000003854495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.737{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367e5dd6b35726cd2021-12-22 11:48:19.737root 11241100x80000000000000003854496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.737{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275ef57ad8a2d1aa2021-12-22 11:48:19.737root 11241100x80000000000000003854497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.737{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2bb633442f21882021-12-22 11:48:19.737root 11241100x80000000000000003854498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.738{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e049c87921f1631f2021-12-22 11:48:19.738root 11241100x80000000000000003854499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.738{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a787b0dfcd1effda2021-12-22 11:48:19.738root 11241100x80000000000000003854500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.738{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053c1dd9536eb22f2021-12-22 11:48:19.738root 11241100x80000000000000003854501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.738{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbcf21c597001792021-12-22 11:48:19.738root 11241100x80000000000000003854502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.738{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3d3934936e7ecb2021-12-22 11:48:19.738root 11241100x80000000000000003854503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.739{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658c6d57c91b31ab2021-12-22 11:48:19.739root 11241100x80000000000000003854504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.739{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832e548b904a9f7a2021-12-22 11:48:19.739root 11241100x80000000000000003854505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.739{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3e799889566f0d2021-12-22 11:48:19.739root 11241100x80000000000000003854506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.739{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebfd45a7ace043d22021-12-22 11:48:19.739root 11241100x80000000000000003854507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.740{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75df934968a1b03a2021-12-22 11:48:19.740root 11241100x80000000000000003854508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.740{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626ef6cbf3bdcae72021-12-22 11:48:19.740root 11241100x80000000000000003854509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.740{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec7f50dd30aca212021-12-22 11:48:19.740root 11241100x80000000000000003854510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.740{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12a722aa997a54e2021-12-22 11:48:19.740root 11241100x80000000000000003854511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.740{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e70b714324e4432021-12-22 11:48:19.740root 11241100x80000000000000003854512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.741{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2f6884c583b6912021-12-22 11:48:19.741root 11241100x80000000000000003854513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.741{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e10c84aaa9d32542021-12-22 11:48:19.741root 11241100x80000000000000003854514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.741{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ff464dc62902012021-12-22 11:48:19.741root 11241100x80000000000000003854515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.741{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8200c6ab837db8fd2021-12-22 11:48:19.741root 11241100x80000000000000003854516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.741{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf10b27580fd4fc62021-12-22 11:48:19.741root 11241100x80000000000000003854517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.742{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253f3898d10d96da2021-12-22 11:48:19.742root 11241100x80000000000000003854518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.742{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806acc5b973048a92021-12-22 11:48:19.742root 11241100x80000000000000003854519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.742{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1acc133c721895722021-12-22 11:48:19.742root 11241100x80000000000000003854520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.742{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4641bb61be339942021-12-22 11:48:19.742root 11241100x80000000000000003854521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.742{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26cb8695fc394ece2021-12-22 11:48:19.742root 11241100x80000000000000003854522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.743{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ce5a17e8b099ac2021-12-22 11:48:19.743root 11241100x80000000000000003854523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.743{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83eccdd5968893a2021-12-22 11:48:19.743root 11241100x80000000000000003854524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.743{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de18ec53f02718492021-12-22 11:48:19.743root 11241100x80000000000000003854525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.743{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfaf79ece2dc431a2021-12-22 11:48:19.743root 11241100x80000000000000003854526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.744{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b204c89b1814e5c72021-12-22 11:48:19.744root 11241100x80000000000000003854527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.744{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a98e29eafe2e0cd2021-12-22 11:48:19.744root 11241100x80000000000000003854528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.744{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63307594201178d32021-12-22 11:48:19.744root 11241100x80000000000000003854529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.744{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360dcedecd9efc3f2021-12-22 11:48:19.744root 11241100x80000000000000003854530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.744{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036bb260d0f2ec642021-12-22 11:48:19.744root 11241100x80000000000000003854531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.745{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4dffd0491be57152021-12-22 11:48:19.745root 11241100x80000000000000003854532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.745{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd474621fc656e02021-12-22 11:48:19.745root 11241100x80000000000000003854533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.745{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f84845fcf3604c2021-12-22 11:48:19.745root 11241100x80000000000000003854534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.745{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9c78c7576b10ea2021-12-22 11:48:19.745root 11241100x80000000000000003854535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.745{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9fcf14e5be49302021-12-22 11:48:19.745root 11241100x80000000000000003854536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.745{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ddd749f0391df272021-12-22 11:48:19.745root 11241100x80000000000000003854537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.745{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aeb39ef196c1a592021-12-22 11:48:19.745root 11241100x80000000000000003854538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.745{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62d3a4564387dc72021-12-22 11:48:19.745root 11241100x80000000000000003854539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.746{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab765676b65507f2021-12-22 11:48:19.746root 11241100x80000000000000003854540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.746{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4edd1078473511a32021-12-22 11:48:19.746root 11241100x80000000000000003854541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.746{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efca451c7c3197042021-12-22 11:48:19.746root 11241100x80000000000000003854542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.746{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34509c5707b61ae32021-12-22 11:48:19.746root 11241100x80000000000000003854543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.746{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d04371b89f909602021-12-22 11:48:19.746root 11241100x80000000000000003854544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.746{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed33a2bdff66ada2021-12-22 11:48:19.746root 11241100x80000000000000003854545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.746{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ff51ba850ff0c22021-12-22 11:48:19.746root 11241100x80000000000000003854546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.746{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e4e3e6c2b1fa382021-12-22 11:48:19.746root 11241100x80000000000000003854547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.746{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4a992bfbafa8a32021-12-22 11:48:19.746root 11241100x80000000000000003854548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.747{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2784cb2c8c5c8ef92021-12-22 11:48:19.747root 11241100x80000000000000003854549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.747{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df4c278c3839c042021-12-22 11:48:19.747root 11241100x80000000000000003854550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.747{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d201d59c3731cd12021-12-22 11:48:19.747root 11241100x80000000000000003854551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.747{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1810045b047dedfb2021-12-22 11:48:19.747root 11241100x80000000000000003854552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.747{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b42341b6c2e0112021-12-22 11:48:19.747root 11241100x80000000000000003854553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.747{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345fd9a042acba2f2021-12-22 11:48:19.747root 11241100x80000000000000003854554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.747{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5782b33c7456197b2021-12-22 11:48:19.747root 11241100x80000000000000003854555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.747{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa13c3c04da92e12021-12-22 11:48:19.747root 11241100x80000000000000003854556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.748{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f681567a532505c02021-12-22 11:48:19.748root 11241100x80000000000000003854557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.748{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d5d9fba2b9b4af2021-12-22 11:48:19.748root 11241100x80000000000000003854558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.748{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb053d36891b585a2021-12-22 11:48:19.748root 11241100x80000000000000003854559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.748{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d163e24772f6572021-12-22 11:48:19.748root 11241100x80000000000000003854560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.748{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf37173f22249632021-12-22 11:48:19.748root 11241100x80000000000000003854561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.748{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400a5f026f24342a2021-12-22 11:48:19.748root 11241100x80000000000000003854562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.748{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d0a3b0789e2e542021-12-22 11:48:19.748root 11241100x80000000000000003854563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.748{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79cb1d7cb6e7a1a22021-12-22 11:48:19.748root 11241100x80000000000000003854564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.748{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5b5f8cfa44fa412021-12-22 11:48:19.748root 11241100x80000000000000003854565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.748{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c2e4ad482b6d2eb2021-12-22 11:48:19.748root 11241100x80000000000000003854566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.749{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7625aee5be4bb44b2021-12-22 11:48:19.749root 11241100x80000000000000003854567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.749{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a807f5e393113eb2021-12-22 11:48:19.749root 11241100x80000000000000003854568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.749{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e38832c609ccac82021-12-22 11:48:19.749root 11241100x80000000000000003854569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.749{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44cc967eb489542e2021-12-22 11:48:19.749root 11241100x80000000000000003854570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.749{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb519086d7de6bd12021-12-22 11:48:19.749root 11241100x80000000000000003854571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.749{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a68d40ee3ddc4b2021-12-22 11:48:19.749root 11241100x80000000000000003854572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.749{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1f2167652a85262021-12-22 11:48:19.749root 11241100x80000000000000003854573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.749{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b0c0d3e6ee1f162021-12-22 11:48:19.749root 11241100x80000000000000003854574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.749{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254a5663573efa0a2021-12-22 11:48:19.749root 11241100x80000000000000003854575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.750{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2598cc1483a68b962021-12-22 11:48:19.750root 11241100x80000000000000003854576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.750{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c50fa9a791c6a142021-12-22 11:48:19.750root 11241100x80000000000000003854577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.750{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc68fd88ddb4ecb72021-12-22 11:48:19.750root 11241100x80000000000000003854578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:19.750{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a5e09c5d2856e22021-12-22 11:48:19.750root 11241100x80000000000000003854579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b873e5eb9551d1ec2021-12-22 11:48:20.194root 11241100x80000000000000003854580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53794792d6afcd7d2021-12-22 11:48:20.195root 11241100x80000000000000003854581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758eb337b00f976e2021-12-22 11:48:20.195root 11241100x80000000000000003854582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed82741026529fb2021-12-22 11:48:20.196root 11241100x80000000000000003854583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0368dedc3bf7c832021-12-22 11:48:20.196root 11241100x80000000000000003854584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fad1418694ea5372021-12-22 11:48:20.196root 11241100x80000000000000003854585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d710b4de51acdbc2021-12-22 11:48:20.197root 11241100x80000000000000003854586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc5cc0ca74b95b52021-12-22 11:48:20.197root 11241100x80000000000000003854587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72df927b4dcba182021-12-22 11:48:20.197root 11241100x80000000000000003854588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654aedd7cbf443c92021-12-22 11:48:20.197root 11241100x80000000000000003854589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c92e08e65f39d1d2021-12-22 11:48:20.198root 11241100x80000000000000003854590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7427c57818a5fb2021-12-22 11:48:20.198root 11241100x80000000000000003854591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307d4e976d117e232021-12-22 11:48:20.198root 11241100x80000000000000003854592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36fcc1ad23d9887d2021-12-22 11:48:20.198root 11241100x80000000000000003854593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff15c72b4195f832021-12-22 11:48:20.198root 11241100x80000000000000003854594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5dcbba0313620b32021-12-22 11:48:20.199root 11241100x80000000000000003854595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eba76899cc315322021-12-22 11:48:20.199root 11241100x80000000000000003854596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be84577964116db22021-12-22 11:48:20.199root 11241100x80000000000000003854597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7ea10319d11afb2021-12-22 11:48:20.199root 11241100x80000000000000003854598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af5a87d451f61492021-12-22 11:48:20.199root 11241100x80000000000000003854599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a052106a249b3b812021-12-22 11:48:20.200root 11241100x80000000000000003854600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eef4c16c607e9582021-12-22 11:48:20.200root 11241100x80000000000000003854601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd865a084050b91c2021-12-22 11:48:20.200root 11241100x80000000000000003854602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49fddd2fa5ae25e2021-12-22 11:48:20.200root 11241100x80000000000000003854603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46e5f644d0d8bf92021-12-22 11:48:20.200root 11241100x80000000000000003854604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554531e05e175a832021-12-22 11:48:20.200root 11241100x80000000000000003854605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43614c3878ec11a2021-12-22 11:48:20.201root 11241100x80000000000000003854606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1df0a7d53b1c8b72021-12-22 11:48:20.201root 11241100x80000000000000003854607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74606dbddef59cce2021-12-22 11:48:20.202root 11241100x80000000000000003854608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb092f6cf76d5d152021-12-22 11:48:20.202root 11241100x80000000000000003854609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc2183140ca1d202021-12-22 11:48:20.202root 11241100x80000000000000003854610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd465c026859dd22021-12-22 11:48:20.202root 11241100x80000000000000003854611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b94eb869ae949a2021-12-22 11:48:20.202root 11241100x80000000000000003854612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118424592820c91f2021-12-22 11:48:20.203root 11241100x80000000000000003854613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d972365d40a5952021-12-22 11:48:20.203root 11241100x80000000000000003854614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653937beff6f49a92021-12-22 11:48:20.204root 11241100x80000000000000003854615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a322dd95490ccaa2021-12-22 11:48:20.204root 11241100x80000000000000003854616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e4486406316bc02021-12-22 11:48:20.204root 11241100x80000000000000003854617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6152d04826e0dd7c2021-12-22 11:48:20.204root 11241100x80000000000000003854618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa8c35ebae967642021-12-22 11:48:20.204root 11241100x80000000000000003854619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae1a81da315f92a2021-12-22 11:48:20.205root 11241100x80000000000000003854620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d2dc0c929783a82021-12-22 11:48:20.205root 11241100x80000000000000003854621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc70c79e806b1b52021-12-22 11:48:20.205root 11241100x80000000000000003854622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba9b3c5671b1d8a2021-12-22 11:48:20.205root 11241100x80000000000000003854623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6806908ead1b89442021-12-22 11:48:20.205root 11241100x80000000000000003854624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4111b33673bca32021-12-22 11:48:20.206root 11241100x80000000000000003854625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e724bb0ce385ee7c2021-12-22 11:48:20.206root 11241100x80000000000000003854626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6288663106ead562021-12-22 11:48:20.206root 11241100x80000000000000003854627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77eede54233e76c2021-12-22 11:48:20.206root 11241100x80000000000000003854628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4b997d5c4c701e2021-12-22 11:48:20.206root 11241100x80000000000000003854629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35eabbac88e9d282021-12-22 11:48:20.206root 11241100x80000000000000003854630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e1115b6043c1622021-12-22 11:48:20.207root 11241100x80000000000000003854631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bb9d2eaa45daef2021-12-22 11:48:20.207root 11241100x80000000000000003854632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca20ce5be16900f02021-12-22 11:48:20.207root 11241100x80000000000000003854633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e319fff5ff23bf332021-12-22 11:48:20.207root 11241100x80000000000000003854634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57f39a7faf91d0b2021-12-22 11:48:20.207root 11241100x80000000000000003854635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3bc401e36bf54682021-12-22 11:48:20.208root 11241100x80000000000000003854636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80fdd1b3744d21732021-12-22 11:48:20.208root 11241100x80000000000000003854637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db573f143b99bf8d2021-12-22 11:48:20.208root 11241100x80000000000000003854638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32967dcfcbb0f6c2021-12-22 11:48:20.208root 11241100x80000000000000003854639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5770873ba0a89be22021-12-22 11:48:20.208root 11241100x80000000000000003854640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83aa4d5508712a152021-12-22 11:48:20.208root 11241100x80000000000000003854641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8818319fe46a202021-12-22 11:48:20.208root 11241100x80000000000000003854642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac6c114ceac8b5b2021-12-22 11:48:20.208root 11241100x80000000000000003854643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89e5ebafe6b3c462021-12-22 11:48:20.209root 11241100x80000000000000003854644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce91c5897fce7c92021-12-22 11:48:20.209root 11241100x80000000000000003854645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da367ff54fbe38f62021-12-22 11:48:20.209root 11241100x80000000000000003854646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ddd0bad7e0375d2021-12-22 11:48:20.209root 11241100x80000000000000003854647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0ff4524731a7df2021-12-22 11:48:20.209root 11241100x80000000000000003854648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd36b8afdf60aa32021-12-22 11:48:20.209root 11241100x80000000000000003854649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e04f3278f44cfbe2021-12-22 11:48:20.209root 11241100x80000000000000003854650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4905c73da0c7692021-12-22 11:48:20.209root 11241100x80000000000000003854651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7201ac26cbc114042021-12-22 11:48:20.209root 11241100x80000000000000003854652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46c375ed87576362021-12-22 11:48:20.209root 11241100x80000000000000003854653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4997fb162e7660af2021-12-22 11:48:20.209root 11241100x80000000000000003854654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a5840c3c1487122021-12-22 11:48:20.209root 11241100x80000000000000003854655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8eab6c11751666a2021-12-22 11:48:20.209root 11241100x80000000000000003854656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3493722c5d5e8e12021-12-22 11:48:20.209root 11241100x80000000000000003854657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89bd64dadf9786982021-12-22 11:48:20.209root 11241100x80000000000000003854658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1fd8b6424c3a3872021-12-22 11:48:20.210root 11241100x80000000000000003854659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f54682e0d7268a2021-12-22 11:48:20.210root 11241100x80000000000000003854660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf4a0fe8f0f0bcb2021-12-22 11:48:20.210root 11241100x80000000000000003854661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97f95e625f4e9832021-12-22 11:48:20.210root 11241100x80000000000000003854662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01671f6d457a567e2021-12-22 11:48:20.210root 11241100x80000000000000003854663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983d7870c704edf22021-12-22 11:48:20.210root 11241100x80000000000000003854664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a066230c35904f512021-12-22 11:48:20.210root 11241100x80000000000000003854665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1618b5db12538a1b2021-12-22 11:48:20.210root 11241100x80000000000000003854666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752635b6d7d7ddfc2021-12-22 11:48:20.210root 11241100x80000000000000003854667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e092252f8e90582021-12-22 11:48:20.210root 11241100x80000000000000003854668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3359a59122dfc82021-12-22 11:48:20.210root 11241100x80000000000000003854669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e45e70cce793d82021-12-22 11:48:20.210root 11241100x80000000000000003854670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6db8229735fa6622021-12-22 11:48:20.211root 11241100x80000000000000003854671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa437050b5addad2021-12-22 11:48:20.211root 11241100x80000000000000003854672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93208d929283643e2021-12-22 11:48:20.211root 11241100x80000000000000003854673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e98590be0fb6ccb2021-12-22 11:48:20.211root 11241100x80000000000000003854674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9df6af9d3a95d2f2021-12-22 11:48:20.211root 11241100x80000000000000003854675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe1541628e432c92021-12-22 11:48:20.211root 11241100x80000000000000003854676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c33ebfebe027f4e2021-12-22 11:48:20.211root 11241100x80000000000000003854677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2adef8ad8f3312c2021-12-22 11:48:20.211root 11241100x80000000000000003854678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8789f38287edc4bc2021-12-22 11:48:20.211root 11241100x80000000000000003854679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52aeb8b81fe4f6c62021-12-22 11:48:20.212root 11241100x80000000000000003854680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ac94e9720f1ea02021-12-22 11:48:20.212root 11241100x80000000000000003854681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c16d2821e2788f2021-12-22 11:48:20.212root 11241100x80000000000000003854682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65b1b997f63551a2021-12-22 11:48:20.212root 11241100x80000000000000003854683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc6355c718e7ece2021-12-22 11:48:20.212root 11241100x80000000000000003854684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7f6764855ffb702021-12-22 11:48:20.212root 11241100x80000000000000003854685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5277b9028eeacdfa2021-12-22 11:48:20.694root 11241100x80000000000000003854686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8f1f7e11b247d52021-12-22 11:48:20.694root 11241100x80000000000000003854687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17342fdc871cafd02021-12-22 11:48:20.695root 11241100x80000000000000003854688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3b7a4133fbdd892021-12-22 11:48:20.695root 11241100x80000000000000003854689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112047242004f4ef2021-12-22 11:48:20.695root 11241100x80000000000000003854690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa605ea7f15c0b12021-12-22 11:48:20.695root 11241100x80000000000000003854691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3592163d43770fa02021-12-22 11:48:20.695root 11241100x80000000000000003854692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7ae037e215e1462021-12-22 11:48:20.696root 11241100x80000000000000003854693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f518f92abd8a092021-12-22 11:48:20.696root 11241100x80000000000000003854694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7449be20373e892021-12-22 11:48:20.696root 11241100x80000000000000003854695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a6b7f1f3aca88b2021-12-22 11:48:20.696root 11241100x80000000000000003854696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b589994415a0192021-12-22 11:48:20.696root 11241100x80000000000000003854697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef62e1e90b947762021-12-22 11:48:20.697root 11241100x80000000000000003854698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b378616cb14f6202021-12-22 11:48:20.697root 11241100x80000000000000003854699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea6ac8d055f00de2021-12-22 11:48:20.697root 11241100x80000000000000003854700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42c68a86902edec2021-12-22 11:48:20.697root 11241100x80000000000000003854701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1446c5dd398f445a2021-12-22 11:48:20.697root 11241100x80000000000000003854702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1011428585bbb22021-12-22 11:48:20.698root 11241100x80000000000000003854703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8c89f72e7034272021-12-22 11:48:20.698root 11241100x80000000000000003854704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea11975b1b24a732021-12-22 11:48:20.698root 11241100x80000000000000003854705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c2e53236992ae82021-12-22 11:48:20.698root 11241100x80000000000000003854706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948e8cef75e207ee2021-12-22 11:48:20.699root 11241100x80000000000000003854707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0edaf96ef6fa7cd22021-12-22 11:48:20.699root 11241100x80000000000000003854708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5488af0d307ffa72021-12-22 11:48:20.699root 11241100x80000000000000003854709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a07015b9161864c2021-12-22 11:48:20.700root 11241100x80000000000000003854710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64d14030f96e6712021-12-22 11:48:20.700root 11241100x80000000000000003854711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b770611af80d642021-12-22 11:48:20.700root 11241100x80000000000000003854712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fbec19c8000d9a2021-12-22 11:48:20.701root 11241100x80000000000000003854713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dedd8219d9867f172021-12-22 11:48:20.701root 11241100x80000000000000003854714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401db2de82138b432021-12-22 11:48:20.701root 11241100x80000000000000003854715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69eb63fb9d929a392021-12-22 11:48:20.702root 11241100x80000000000000003854716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d4f805a7843b1d2021-12-22 11:48:20.702root 11241100x80000000000000003854717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e6e62b43d549f72021-12-22 11:48:20.702root 11241100x80000000000000003854718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db9713a697f91042021-12-22 11:48:20.702root 11241100x80000000000000003854719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec6b89a8625c5292021-12-22 11:48:20.702root 11241100x80000000000000003854720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e9aad0f98d38ab2021-12-22 11:48:20.703root 11241100x80000000000000003854721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd1f2aa7432ec8a2021-12-22 11:48:20.704root 11241100x80000000000000003854722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6c6ce1e27a1ded2021-12-22 11:48:20.704root 11241100x80000000000000003854723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43779f277126aede2021-12-22 11:48:20.704root 11241100x80000000000000003854724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366b388306232e972021-12-22 11:48:20.704root 11241100x80000000000000003854725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2a847bd1a8dc582021-12-22 11:48:20.705root 11241100x80000000000000003854726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a6e10b5630afe12021-12-22 11:48:20.705root 11241100x80000000000000003854727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f191bc964e80f69f2021-12-22 11:48:20.705root 11241100x80000000000000003854728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8f571684c5c24b2021-12-22 11:48:20.705root 11241100x80000000000000003854729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350d6d100a5e889c2021-12-22 11:48:20.705root 11241100x80000000000000003854730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9127f07ef34e95be2021-12-22 11:48:20.706root 11241100x80000000000000003854731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e502b02970d42f62021-12-22 11:48:20.706root 11241100x80000000000000003854732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94127cfb641f0e72021-12-22 11:48:20.706root 11241100x80000000000000003854733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a84c684a8ba38f2021-12-22 11:48:20.706root 11241100x80000000000000003854734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5e564a6e36e7892021-12-22 11:48:20.706root 11241100x80000000000000003854735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1230334c2264b47e2021-12-22 11:48:20.706root 11241100x80000000000000003854736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd169f94c190fa52021-12-22 11:48:20.707root 11241100x80000000000000003854737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff7eb97ab8fe9432021-12-22 11:48:20.707root 11241100x80000000000000003854738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2843d05c178cf82021-12-22 11:48:20.707root 11241100x80000000000000003854739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5bd5c15238e6e42021-12-22 11:48:20.707root 11241100x80000000000000003854740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97a2c09116a3b952021-12-22 11:48:20.707root 11241100x80000000000000003854741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d0007075f20ead2021-12-22 11:48:20.708root 11241100x80000000000000003854742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d309d6b7d35fac2021-12-22 11:48:20.708root 11241100x80000000000000003854743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4ac5450e6211132021-12-22 11:48:20.708root 11241100x80000000000000003854744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bffbb295e4c5ed82021-12-22 11:48:20.708root 11241100x80000000000000003854745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a166f4745290f22021-12-22 11:48:20.708root 11241100x80000000000000003854746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e87d63374fafd62021-12-22 11:48:20.709root 11241100x80000000000000003854747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda6330aa64588602021-12-22 11:48:20.709root 11241100x80000000000000003854748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de453c4f2260edee2021-12-22 11:48:20.709root 11241100x80000000000000003854749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263e164e598726f12021-12-22 11:48:20.709root 11241100x80000000000000003854750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426d89c9725ba10c2021-12-22 11:48:20.709root 11241100x80000000000000003854751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0504e753a227d6d72021-12-22 11:48:20.710root 11241100x80000000000000003854752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769c12d190d83ba42021-12-22 11:48:20.710root 11241100x80000000000000003854753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f876c2be813dc4c42021-12-22 11:48:20.710root 11241100x80000000000000003854754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc437844308e94312021-12-22 11:48:20.710root 11241100x80000000000000003854755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063de306769d88142021-12-22 11:48:20.710root 11241100x80000000000000003854756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98db2542970125f2021-12-22 11:48:20.711root 11241100x80000000000000003854757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e641e7ad3eab3cd12021-12-22 11:48:20.711root 11241100x80000000000000003854758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.accec667ceea77072021-12-22 11:48:20.711root 11241100x80000000000000003854759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f856ee1d0e7102f2021-12-22 11:48:20.711root 11241100x80000000000000003854760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615364d1d118fc7d2021-12-22 11:48:20.712root 11241100x80000000000000003854761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58cf8f1e5964f7c72021-12-22 11:48:20.712root 11241100x80000000000000003854762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a78e7827723e7502021-12-22 11:48:20.712root 11241100x80000000000000003854763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3393f36d61981d2021-12-22 11:48:20.712root 11241100x80000000000000003854764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53feb02c5f28c372021-12-22 11:48:20.712root 11241100x80000000000000003854765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8d95e1d20b296a2021-12-22 11:48:20.713root 11241100x80000000000000003854766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cdf209d2a1736d2021-12-22 11:48:20.713root 11241100x80000000000000003854767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b91314ef7d77362021-12-22 11:48:20.713root 11241100x80000000000000003854768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e7f0d91dc1808ad2021-12-22 11:48:20.713root 11241100x80000000000000003854769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f931eb26c5165a62021-12-22 11:48:20.714root 11241100x80000000000000003854770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310c52adf234b73f2021-12-22 11:48:20.714root 11241100x80000000000000003854771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed9eeeb54657c862021-12-22 11:48:20.714root 11241100x80000000000000003854772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d1cfc650e5237b2021-12-22 11:48:20.714root 11241100x80000000000000003854773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2648715ed771e4872021-12-22 11:48:20.714root 11241100x80000000000000003854774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e8df5cfa6f37c02021-12-22 11:48:20.715root 11241100x80000000000000003854775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31a77cb48f6b72e2021-12-22 11:48:20.715root 11241100x80000000000000003854776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3711f611ddf79772021-12-22 11:48:20.716root 11241100x80000000000000003854777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3672753584c1e62021-12-22 11:48:20.716root 11241100x80000000000000003854778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797aa2e47f078c602021-12-22 11:48:20.716root 11241100x80000000000000003854779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d94b9349ab3f0fa2021-12-22 11:48:20.717root 11241100x80000000000000003854780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f878bf6bcceee42b2021-12-22 11:48:20.717root 11241100x80000000000000003854781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db04ed56f2c7bce32021-12-22 11:48:20.717root 11241100x80000000000000003854782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0bcd4f19a81ecba2021-12-22 11:48:20.717root 11241100x80000000000000003854783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0475c67f3031f02021-12-22 11:48:20.718root 11241100x80000000000000003854784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318ac40c324692f32021-12-22 11:48:20.718root 11241100x80000000000000003854785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7b613ceac0bef92021-12-22 11:48:20.718root 11241100x80000000000000003854786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0adec8e0dc035182021-12-22 11:48:20.718root 11241100x80000000000000003854787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2657a756816aff582021-12-22 11:48:20.718root 11241100x80000000000000003854788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959356f9a599d4d32021-12-22 11:48:20.719root 11241100x80000000000000003854789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4a03efa247438c2021-12-22 11:48:20.719root 11241100x80000000000000003854790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e0558223838de72021-12-22 11:48:20.719root 11241100x80000000000000003854791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6765e3ab51b2171a2021-12-22 11:48:20.719root 11241100x80000000000000003854792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65c95be396a1c502021-12-22 11:48:20.719root 11241100x80000000000000003854793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3439de477bd4cad82021-12-22 11:48:20.720root 11241100x80000000000000003854794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5ab7dea69505a62021-12-22 11:48:20.720root 11241100x80000000000000003854795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce69796495fc6c62021-12-22 11:48:20.720root 11241100x80000000000000003854796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1503678fcbc5938b2021-12-22 11:48:20.720root 11241100x80000000000000003854797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3b08e95e6bddcb2021-12-22 11:48:20.720root 11241100x80000000000000003854798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7958cd3c05c2ce0e2021-12-22 11:48:20.720root 11241100x80000000000000003854799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b287f7098361d22021-12-22 11:48:20.720root 11241100x80000000000000003854800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c42150b9339b9f12021-12-22 11:48:20.720root 11241100x80000000000000003854801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e840667051194022021-12-22 11:48:20.720root 11241100x80000000000000003854802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55080c0de9235e3a2021-12-22 11:48:20.721root 11241100x80000000000000003854803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14dd55c2face9e3e2021-12-22 11:48:20.721root 11241100x80000000000000003854804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2f4dc590f26b682021-12-22 11:48:20.721root 11241100x80000000000000003854805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8b70a9cdcf4f9c2021-12-22 11:48:20.721root 11241100x80000000000000003854806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba8d4bfac88f2562021-12-22 11:48:20.721root 11241100x80000000000000003854807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a29bf7f3df92b92021-12-22 11:48:20.721root 11241100x80000000000000003854808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084a67f364fb42cd2021-12-22 11:48:20.721root 11241100x80000000000000003854809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b84694aed3ede2c2021-12-22 11:48:20.721root 11241100x80000000000000003854810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a71f92926915372021-12-22 11:48:20.722root 11241100x80000000000000003854811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb99c82ef4349692021-12-22 11:48:20.722root 11241100x80000000000000003854812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82190bea6dedefa2021-12-22 11:48:20.722root 11241100x80000000000000003854813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e2243076750edc2021-12-22 11:48:20.722root 11241100x80000000000000003854814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d831be1ebac9e12021-12-22 11:48:20.722root 11241100x80000000000000003854815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3687e60800726c72021-12-22 11:48:20.722root 11241100x80000000000000003854816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24162eea7d6de5132021-12-22 11:48:20.722root 11241100x80000000000000003854817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4782b3a0262de382021-12-22 11:48:20.722root 11241100x80000000000000003854818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406d3ab4c565bc122021-12-22 11:48:20.722root 11241100x80000000000000003854819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308dcfa1270489ac2021-12-22 11:48:20.722root 11241100x80000000000000003854820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc519a7869794ae2021-12-22 11:48:20.723root 11241100x80000000000000003854821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41798c508972d6ec2021-12-22 11:48:20.723root 11241100x80000000000000003854822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa876e6436f7c042021-12-22 11:48:20.723root 11241100x80000000000000003854823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c834d45828033432021-12-22 11:48:20.723root 11241100x80000000000000003854824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfa3ab13dea53872021-12-22 11:48:20.723root 11241100x80000000000000003854825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b224c433f1e6c50f2021-12-22 11:48:20.723root 11241100x80000000000000003854826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f68600bb7a005c2021-12-22 11:48:20.723root 11241100x80000000000000003854827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66284c7454837b92021-12-22 11:48:20.723root 11241100x80000000000000003854828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9e7b6a6b7c37c92021-12-22 11:48:20.723root 11241100x80000000000000003854829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a6f63205b2494f2021-12-22 11:48:20.723root 11241100x80000000000000003854830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deebc62154fcd6352021-12-22 11:48:20.723root 11241100x80000000000000003854831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b53ba1f74eeb19b2021-12-22 11:48:20.724root 11241100x80000000000000003854832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb6c7454ad96d332021-12-22 11:48:20.724root 11241100x80000000000000003854833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf40ce2e59cd8c2d2021-12-22 11:48:20.724root 11241100x80000000000000003854834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71ee7fe29184b762021-12-22 11:48:20.724root 11241100x80000000000000003854835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff5885507c914432021-12-22 11:48:20.724root 11241100x80000000000000003854836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959ba9fc992620b72021-12-22 11:48:20.724root 11241100x80000000000000003854837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4351caed899939cd2021-12-22 11:48:20.724root 11241100x80000000000000003854838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8ecf795a89b9f82021-12-22 11:48:20.724root 11241100x80000000000000003854839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c79977a3fe5a712021-12-22 11:48:20.724root 11241100x80000000000000003854840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b0dfa0424c52d422021-12-22 11:48:20.725root 11241100x80000000000000003854841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3ae8dcab7083072021-12-22 11:48:20.725root 11241100x80000000000000003854842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa0a4504c27ff0f2021-12-22 11:48:20.725root 11241100x80000000000000003854843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fcc69661509a0f42021-12-22 11:48:20.725root 11241100x80000000000000003854844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f9a65324a673722021-12-22 11:48:20.725root 11241100x80000000000000003854845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc332bde8656f3a2021-12-22 11:48:20.725root 11241100x80000000000000003854846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc8ecff612884972021-12-22 11:48:20.725root 11241100x80000000000000003854847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86a42f2e24297282021-12-22 11:48:20.725root 11241100x80000000000000003854848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d462de61b1d8672021-12-22 11:48:20.725root 11241100x80000000000000003854849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97dd11183d2358432021-12-22 11:48:20.725root 11241100x80000000000000003854850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0789d97a9d17af52021-12-22 11:48:20.725root 11241100x80000000000000003854851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385b2b952c411be02021-12-22 11:48:20.726root 11241100x80000000000000003854852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eaa1523422ceb152021-12-22 11:48:20.726root 11241100x80000000000000003854853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98cc2e2e96459c482021-12-22 11:48:20.726root 11241100x80000000000000003854854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66352ef56c4b4b42021-12-22 11:48:20.726root 11241100x80000000000000003854855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70310c84099980622021-12-22 11:48:20.726root 11241100x80000000000000003854856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531b280485ec99232021-12-22 11:48:20.726root 11241100x80000000000000003854857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54582bea91f44652021-12-22 11:48:20.726root 11241100x80000000000000003854858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a640bce0b3fde8c62021-12-22 11:48:20.726root 11241100x80000000000000003854859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5220b824077bc4d2021-12-22 11:48:20.726root 11241100x80000000000000003854860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:20.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa8697d20f2f61d2021-12-22 11:48:20.726root 11241100x80000000000000003854861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68278889727c1d92021-12-22 11:48:21.193root 11241100x80000000000000003854862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17943dcba095a632021-12-22 11:48:21.193root 11241100x80000000000000003854863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9cb61ea27507c02021-12-22 11:48:21.194root 11241100x80000000000000003854864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d7c60e37d6a26a2021-12-22 11:48:21.194root 11241100x80000000000000003854865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff5e77953aa45402021-12-22 11:48:21.194root 11241100x80000000000000003854866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d6fa06fb16083f2021-12-22 11:48:21.194root 11241100x80000000000000003854867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7084f935f15ba7bd2021-12-22 11:48:21.195root 11241100x80000000000000003854868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ee73b4bac0597d2021-12-22 11:48:21.195root 11241100x80000000000000003854869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f10c18588c655e52021-12-22 11:48:21.195root 11241100x80000000000000003854870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7724b9287dc75e2021-12-22 11:48:21.195root 11241100x80000000000000003854871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15022d5a85bd132e2021-12-22 11:48:21.196root 11241100x80000000000000003854872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653b32f97ac6a0002021-12-22 11:48:21.196root 11241100x80000000000000003854873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a025ee65f8afe62021-12-22 11:48:21.197root 11241100x80000000000000003854874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1415ad131b9ed8a2021-12-22 11:48:21.197root 11241100x80000000000000003854875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ffe13efabd35c422021-12-22 11:48:21.197root 11241100x80000000000000003854876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c9e1858eead3022021-12-22 11:48:21.197root 11241100x80000000000000003854877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30c3771eb081cd12021-12-22 11:48:21.197root 11241100x80000000000000003854878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8b850c69b9a0502021-12-22 11:48:21.198root 11241100x80000000000000003854879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d89e438b6e1a592021-12-22 11:48:21.198root 11241100x80000000000000003854880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c6690aa38135742021-12-22 11:48:21.198root 11241100x80000000000000003854881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1009b7ce5cabed712021-12-22 11:48:21.198root 11241100x80000000000000003854882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cedc0ce3a54ce0752021-12-22 11:48:21.198root 11241100x80000000000000003854883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2ba1c00ebc94be2021-12-22 11:48:21.199root 11241100x80000000000000003854884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f142c2af8ed8cce62021-12-22 11:48:21.199root 11241100x80000000000000003854885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a660bd2653d22ac2021-12-22 11:48:21.199root 11241100x80000000000000003854886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62545566fd9dafb62021-12-22 11:48:21.199root 11241100x80000000000000003854887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f25ecd75b94b0b2021-12-22 11:48:21.199root 11241100x80000000000000003854888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148f24a3651141af2021-12-22 11:48:21.199root 11241100x80000000000000003854889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4826ef477c9602f82021-12-22 11:48:21.200root 11241100x80000000000000003854890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffdc1a6b91ba50372021-12-22 11:48:21.200root 11241100x80000000000000003854891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f068a2e55352704b2021-12-22 11:48:21.200root 11241100x80000000000000003854892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a090eafd91d736e2021-12-22 11:48:21.200root 11241100x80000000000000003854893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6307abcbe1b02b2021-12-22 11:48:21.200root 11241100x80000000000000003854894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432e532cee24d6d62021-12-22 11:48:21.201root 11241100x80000000000000003854895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c35d89cea5c9d52021-12-22 11:48:21.201root 11241100x80000000000000003854896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2efa7741ab38cd042021-12-22 11:48:21.201root 11241100x80000000000000003854897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e097620d507932af2021-12-22 11:48:21.201root 11241100x80000000000000003854898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43d6c7923679f212021-12-22 11:48:21.201root 11241100x80000000000000003854899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a1be1eb6beaa252021-12-22 11:48:21.202root 11241100x80000000000000003854900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac03de13527a3d262021-12-22 11:48:21.202root 11241100x80000000000000003854901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c180c05e36910682021-12-22 11:48:21.202root 11241100x80000000000000003854902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19528855671d39442021-12-22 11:48:21.202root 11241100x80000000000000003854903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39bb70e656534162021-12-22 11:48:21.202root 11241100x80000000000000003854904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eadd2f3b2b3654802021-12-22 11:48:21.202root 11241100x80000000000000003854905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27e7d85294a2b532021-12-22 11:48:21.202root 11241100x80000000000000003854906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed155603255e00162021-12-22 11:48:21.202root 11241100x80000000000000003854907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18273cb5f75d555d2021-12-22 11:48:21.202root 11241100x80000000000000003854908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc9fb27606da4ac2021-12-22 11:48:21.202root 11241100x80000000000000003854909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8096a7766e42db1e2021-12-22 11:48:21.203root 11241100x80000000000000003854910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8db4068eaf36f012021-12-22 11:48:21.203root 11241100x80000000000000003854911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07727a9ec20595fb2021-12-22 11:48:21.203root 11241100x80000000000000003854912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb9afdbd02ea7812021-12-22 11:48:21.203root 11241100x80000000000000003854913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06c87adee01d3752021-12-22 11:48:21.203root 11241100x80000000000000003854914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136e219eed1322e02021-12-22 11:48:21.203root 11241100x80000000000000003854915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3330d4b88eccd72021-12-22 11:48:21.203root 11241100x80000000000000003854916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96e0463cf90328b2021-12-22 11:48:21.203root 11241100x80000000000000003854917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4c54168a42f0732021-12-22 11:48:21.203root 11241100x80000000000000003854918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa093167f4f9e4c02021-12-22 11:48:21.204root 11241100x80000000000000003854919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d17e95aa72ba7122021-12-22 11:48:21.204root 11241100x80000000000000003854920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f20c8de09f9e3b2021-12-22 11:48:21.204root 11241100x80000000000000003854921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54d1dbdac2755e92021-12-22 11:48:21.204root 11241100x80000000000000003854922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd14249a2726a59c2021-12-22 11:48:21.204root 11241100x80000000000000003854923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c53db01e0ea70a2021-12-22 11:48:21.204root 11241100x80000000000000003854924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0d50809e37c9952021-12-22 11:48:21.204root 11241100x80000000000000003854925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba0c989c9abf08f2021-12-22 11:48:21.204root 11241100x80000000000000003854926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d962093b217970e2021-12-22 11:48:21.204root 11241100x80000000000000003854927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6e111e6092a9922021-12-22 11:48:21.204root 11241100x80000000000000003854928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c02164768090be22021-12-22 11:48:21.205root 11241100x80000000000000003854929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980919b8dc055b8d2021-12-22 11:48:21.205root 11241100x80000000000000003854930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcfbe84710e4c3b2021-12-22 11:48:21.205root 11241100x80000000000000003854931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a058f4edd73e9fa2021-12-22 11:48:21.205root 11241100x80000000000000003854932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f166ac5c4c55252021-12-22 11:48:21.205root 11241100x80000000000000003854933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1167d5a07b0c4152021-12-22 11:48:21.205root 11241100x80000000000000003854934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995e23a23151e44e2021-12-22 11:48:21.205root 11241100x80000000000000003854935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949dd04e503032832021-12-22 11:48:21.205root 11241100x80000000000000003854936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2a8fbe01a08ce62021-12-22 11:48:21.206root 11241100x80000000000000003854937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f14e8742a1527162021-12-22 11:48:21.206root 11241100x80000000000000003854938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338c7c87b552f1e72021-12-22 11:48:21.206root 11241100x80000000000000003854939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d6528d09471e972021-12-22 11:48:21.206root 11241100x80000000000000003854940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9053a53c33470b462021-12-22 11:48:21.206root 11241100x80000000000000003854941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ad117d95cee7be2021-12-22 11:48:21.206root 11241100x80000000000000003854942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1858d03fcd3deed2021-12-22 11:48:21.206root 11241100x80000000000000003854943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b06fa39b0310fa2021-12-22 11:48:21.207root 11241100x80000000000000003854944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be0f968633a52f62021-12-22 11:48:21.207root 11241100x80000000000000003854945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187b046c042cdc9e2021-12-22 11:48:21.694root 11241100x80000000000000003854946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f644405a73640f02021-12-22 11:48:21.695root 11241100x80000000000000003854947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41cd3379a5fb089c2021-12-22 11:48:21.695root 11241100x80000000000000003854948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f25510158a5e7072021-12-22 11:48:21.695root 11241100x80000000000000003854949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701e9267023bac9e2021-12-22 11:48:21.695root 11241100x80000000000000003854950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9821c0ef1d25a52021-12-22 11:48:21.696root 11241100x80000000000000003854951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0556d3ade82ac7d92021-12-22 11:48:21.696root 11241100x80000000000000003854952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfdedc9818592de62021-12-22 11:48:21.696root 11241100x80000000000000003854953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d0eae5c18e47e92021-12-22 11:48:21.696root 11241100x80000000000000003854954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976b86e3edc5ff462021-12-22 11:48:21.696root 11241100x80000000000000003854955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b15c3f6625c66292021-12-22 11:48:21.696root 11241100x80000000000000003854956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5414029c6e2fb432021-12-22 11:48:21.696root 11241100x80000000000000003854957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ecb8936bd4a0fa2021-12-22 11:48:21.697root 11241100x80000000000000003854958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7895224db1f352892021-12-22 11:48:21.697root 11241100x80000000000000003854959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f75458d669b3e22021-12-22 11:48:21.697root 11241100x80000000000000003854960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb68748cb611fe272021-12-22 11:48:21.697root 11241100x80000000000000003854961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b69878333ff3a652021-12-22 11:48:21.697root 11241100x80000000000000003854962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a5bc443bfbaf0ee2021-12-22 11:48:21.697root 11241100x80000000000000003854963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab1ea3ebd0e84af2021-12-22 11:48:21.697root 11241100x80000000000000003854964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6dc05329bb536c2021-12-22 11:48:21.697root 11241100x80000000000000003854965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421ce5f16ae6736b2021-12-22 11:48:21.697root 11241100x80000000000000003854966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c6d6fc38e6601d2021-12-22 11:48:21.698root 11241100x80000000000000003854967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a393254c8a7d29df2021-12-22 11:48:21.698root 11241100x80000000000000003854968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9a66dc40afa89c2021-12-22 11:48:21.698root 11241100x80000000000000003854969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6bd1cb6ce10ddf2021-12-22 11:48:21.698root 11241100x80000000000000003854970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd3b5901f97542c2021-12-22 11:48:21.698root 11241100x80000000000000003854971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98111569f952d4a92021-12-22 11:48:21.698root 11241100x80000000000000003854972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d10c3a118d2c99f2021-12-22 11:48:21.698root 11241100x80000000000000003854973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0da79ececeabcf2021-12-22 11:48:21.698root 11241100x80000000000000003854974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d1279831f73fa22021-12-22 11:48:21.698root 11241100x80000000000000003854975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d598759a565dd1062021-12-22 11:48:21.699root 11241100x80000000000000003854976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b4e5e341442f532021-12-22 11:48:21.699root 11241100x80000000000000003854977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a93eeb1f8c30b12021-12-22 11:48:21.699root 11241100x80000000000000003854978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44ef881bdd796602021-12-22 11:48:21.699root 11241100x80000000000000003854979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093b4890cd1f1da32021-12-22 11:48:21.699root 11241100x80000000000000003854980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724eefd7cd58e06f2021-12-22 11:48:21.700root 11241100x80000000000000003854981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7b1fffe635bdf52021-12-22 11:48:21.700root 11241100x80000000000000003854982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d7f52a590a40f52021-12-22 11:48:21.700root 11241100x80000000000000003854983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b54a58823f09f92021-12-22 11:48:21.700root 11241100x80000000000000003854984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544cdcd96145fc532021-12-22 11:48:21.700root 11241100x80000000000000003854985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a9662fd6d9d0ba2021-12-22 11:48:21.701root 11241100x80000000000000003854986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f95d45083f3df22021-12-22 11:48:21.701root 11241100x80000000000000003854987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3121193cba64f4a2021-12-22 11:48:21.701root 11241100x80000000000000003854988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909be4d75a0c4b732021-12-22 11:48:21.701root 11241100x80000000000000003854989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc76e11c3904fd552021-12-22 11:48:21.701root 11241100x80000000000000003854990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ccc3907b2a71602021-12-22 11:48:21.701root 11241100x80000000000000003854991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d3f55c9cffdc572021-12-22 11:48:21.701root 11241100x80000000000000003854992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f866ae189af694302021-12-22 11:48:21.702root 11241100x80000000000000003854993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568c8133872af5fc2021-12-22 11:48:21.702root 11241100x80000000000000003854994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85880e6a4ecbbc3d2021-12-22 11:48:21.702root 11241100x80000000000000003854995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd8a909a15742e22021-12-22 11:48:21.702root 11241100x80000000000000003854996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f8a4f63e2b938c2021-12-22 11:48:21.702root 11241100x80000000000000003854997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173156de2c98ed012021-12-22 11:48:21.702root 11241100x80000000000000003854998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a06be673f8ee4c62021-12-22 11:48:21.703root 11241100x80000000000000003854999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921fc19ffcf1457d2021-12-22 11:48:21.703root 11241100x80000000000000003855000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9040af815b4fad892021-12-22 11:48:21.703root 11241100x80000000000000003855001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9dda6393c2421a2021-12-22 11:48:21.703root 11241100x80000000000000003855002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6e777dc357dc482021-12-22 11:48:21.703root 11241100x80000000000000003855003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e519e21bada594cf2021-12-22 11:48:21.703root 11241100x80000000000000003855004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889f60eaf7c386852021-12-22 11:48:21.703root 11241100x80000000000000003855005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf7d8abdd2820b62021-12-22 11:48:21.703root 11241100x80000000000000003855006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa994655108d64c42021-12-22 11:48:21.704root 11241100x80000000000000003855007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23562336f1b69e322021-12-22 11:48:21.704root 11241100x80000000000000003855008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68845245888b8e002021-12-22 11:48:21.704root 11241100x80000000000000003855009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d3505822bf6a9fe2021-12-22 11:48:21.704root 11241100x80000000000000003855010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49274e425d6a1e62021-12-22 11:48:21.704root 11241100x80000000000000003855011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0036b65bc9040fc02021-12-22 11:48:21.704root 11241100x80000000000000003855012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbedb5b2252205d92021-12-22 11:48:21.704root 11241100x80000000000000003855013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f16a066048e7612021-12-22 11:48:21.704root 11241100x80000000000000003855014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769b0c1b49fe475b2021-12-22 11:48:21.704root 11241100x80000000000000003855015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd44449cb09aecf62021-12-22 11:48:21.704root 11241100x80000000000000003855016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32cf136ce77e1f2b2021-12-22 11:48:21.704root 11241100x80000000000000003855017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f01254fe3297fe2021-12-22 11:48:21.705root 11241100x80000000000000003855018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4332057c40dce8672021-12-22 11:48:21.705root 11241100x80000000000000003855019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13ab06861e5c58b2021-12-22 11:48:21.705root 11241100x80000000000000003855020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d4e704271252ec2021-12-22 11:48:21.705root 11241100x80000000000000003855021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a5d7dd4a43c9c72021-12-22 11:48:21.705root 11241100x80000000000000003855022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53cba3a8b5a25ced2021-12-22 11:48:21.705root 11241100x80000000000000003855023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a6550be50810c82021-12-22 11:48:21.705root 11241100x80000000000000003855024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93016588a93fd1d2021-12-22 11:48:21.705root 11241100x80000000000000003855025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ce0cce3fb7e6222021-12-22 11:48:21.706root 11241100x80000000000000003855026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce60e24619f022b2021-12-22 11:48:21.706root 11241100x80000000000000003855027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10214a473e2aff62021-12-22 11:48:21.706root 11241100x80000000000000003855028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd5c706f927f0c62021-12-22 11:48:21.706root 11241100x80000000000000003855029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3c8b264bcee6a12021-12-22 11:48:21.706root 11241100x80000000000000003855030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c1cdc898710c702021-12-22 11:48:21.706root 11241100x80000000000000003855031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7b88f6ca3a030c2021-12-22 11:48:21.706root 11241100x80000000000000003855032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a8d1d99ed00a332021-12-22 11:48:21.706root 11241100x80000000000000003855033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ebe7148e3a6e4f2021-12-22 11:48:21.706root 11241100x80000000000000003855034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5d91f2626f26832021-12-22 11:48:21.706root 11241100x80000000000000003855035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c1d7a6f927a8562021-12-22 11:48:21.706root 11241100x80000000000000003855036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2505b8b8aa08f6d72021-12-22 11:48:21.707root 11241100x80000000000000003855037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed007ed2843308202021-12-22 11:48:21.707root 11241100x80000000000000003855038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb4cfd2d5596b252021-12-22 11:48:21.707root 11241100x80000000000000003855039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f4d933f10661082021-12-22 11:48:21.707root 11241100x80000000000000003855040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088eac8c5659ca042021-12-22 11:48:21.707root 11241100x80000000000000003855041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beefe44c0d96e52d2021-12-22 11:48:21.707root 11241100x80000000000000003855042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7eca0dc75d964b92021-12-22 11:48:21.707root 11241100x80000000000000003855043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7f3cb61f7f52252021-12-22 11:48:21.707root 11241100x80000000000000003855044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de5e7934461d46b2021-12-22 11:48:21.707root 11241100x80000000000000003855045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f82a7e40e9f2a1c2021-12-22 11:48:21.707root 11241100x80000000000000003855046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252990f1ee421b9b2021-12-22 11:48:21.707root 11241100x80000000000000003855047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf233648d6a2f4a02021-12-22 11:48:21.708root 11241100x80000000000000003855048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ebc5521c28b56ab2021-12-22 11:48:21.708root 11241100x80000000000000003855049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30574f5b80f38ad2021-12-22 11:48:21.708root 11241100x80000000000000003855050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:21.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1111fad3fa34d22021-12-22 11:48:21.708root 354300x80000000000000003855051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.107{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55478-false10.0.1.12-8000- 11241100x80000000000000003855052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.108{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef70eec5ccf799c92021-12-22 11:48:22.108root 11241100x80000000000000003855053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.108{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987351317d56844d2021-12-22 11:48:22.108root 11241100x80000000000000003855054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.108{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008d0503d86ed0962021-12-22 11:48:22.108root 11241100x80000000000000003855055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.108{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e6a0288c29c6842021-12-22 11:48:22.108root 11241100x80000000000000003855056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.108{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ffe4e22effb39b92021-12-22 11:48:22.108root 11241100x80000000000000003855057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d2970d53e827332021-12-22 11:48:22.109root 11241100x80000000000000003855058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed128a6c87d04812021-12-22 11:48:22.109root 11241100x80000000000000003855059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264121133a36d4ae2021-12-22 11:48:22.109root 11241100x80000000000000003855060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381ec6d090d2438c2021-12-22 11:48:22.110root 11241100x80000000000000003855061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4d2b90b29654212021-12-22 11:48:22.110root 11241100x80000000000000003855062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054aef2ea4dd5b602021-12-22 11:48:22.110root 11241100x80000000000000003855063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e31e824addc13bb2021-12-22 11:48:22.110root 11241100x80000000000000003855064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc9f4e5608196732021-12-22 11:48:22.110root 11241100x80000000000000003855065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bec9e05dc176c282021-12-22 11:48:22.110root 11241100x80000000000000003855066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8290f89d1a66d1c2021-12-22 11:48:22.110root 11241100x80000000000000003855067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d0c0f4d4e34dcc2021-12-22 11:48:22.110root 11241100x80000000000000003855068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495c12af527934c62021-12-22 11:48:22.110root 11241100x80000000000000003855069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a0bede1f7a78ad2021-12-22 11:48:22.111root 11241100x80000000000000003855070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5c81ae446c7a472021-12-22 11:48:22.111root 11241100x80000000000000003855071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3f884effb9e1aa2021-12-22 11:48:22.111root 11241100x80000000000000003855072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470869f1b20651fc2021-12-22 11:48:22.111root 11241100x80000000000000003855073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdac658ea052d8242021-12-22 11:48:22.111root 11241100x80000000000000003855074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a4e89cc5e3e1222021-12-22 11:48:22.111root 11241100x80000000000000003855075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b34139fa5322b1e2021-12-22 11:48:22.111root 11241100x80000000000000003855076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee014a30dc2ef792021-12-22 11:48:22.111root 11241100x80000000000000003855077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4842e82b5756aa2021-12-22 11:48:22.112root 11241100x80000000000000003855078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06c2a480e1071bd2021-12-22 11:48:22.112root 11241100x80000000000000003855079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ff70ddb7b6c00a2021-12-22 11:48:22.112root 11241100x80000000000000003855080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801d9562ad2f0ae52021-12-22 11:48:22.112root 11241100x80000000000000003855081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c703e5ba8c3d382021-12-22 11:48:22.112root 11241100x80000000000000003855082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1055350a56ff949e2021-12-22 11:48:22.112root 11241100x80000000000000003855083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485b25c2147d82622021-12-22 11:48:22.112root 11241100x80000000000000003855084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73154bf9965a03df2021-12-22 11:48:22.112root 11241100x80000000000000003855085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bee91ce47413b702021-12-22 11:48:22.112root 11241100x80000000000000003855086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e7ca643792427d2021-12-22 11:48:22.112root 11241100x80000000000000003855087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75be6fe3a7d7bdc2021-12-22 11:48:22.113root 11241100x80000000000000003855088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d016b214d06c95862021-12-22 11:48:22.113root 11241100x80000000000000003855089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09734d26e73136b92021-12-22 11:48:22.113root 11241100x80000000000000003855090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f353f98172f145322021-12-22 11:48:22.113root 11241100x80000000000000003855091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029360ca1f40e0702021-12-22 11:48:22.113root 11241100x80000000000000003855092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0de0b0690341a5b2021-12-22 11:48:22.113root 11241100x80000000000000003855093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957d13ac4431b7912021-12-22 11:48:22.113root 11241100x80000000000000003855094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c87bb2ae9990ad2021-12-22 11:48:22.113root 11241100x80000000000000003855095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662acf809017aaf62021-12-22 11:48:22.113root 11241100x80000000000000003855096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b973854702fb09e62021-12-22 11:48:22.114root 11241100x80000000000000003855097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d7bf8b50ba7b092021-12-22 11:48:22.114root 11241100x80000000000000003855098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad15771526ad73dc2021-12-22 11:48:22.114root 11241100x80000000000000003855099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b692b2688f918b2021-12-22 11:48:22.114root 11241100x80000000000000003855100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b6b6a45bcbbca62021-12-22 11:48:22.115root 11241100x80000000000000003855101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5121b129e5d1621a2021-12-22 11:48:22.115root 11241100x80000000000000003855102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abcd16c4fe0ccdb2021-12-22 11:48:22.115root 11241100x80000000000000003855103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b941828b301718612021-12-22 11:48:22.115root 11241100x80000000000000003855104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd1f7808e9f3d262021-12-22 11:48:22.115root 11241100x80000000000000003855105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a382254c08ff47a12021-12-22 11:48:22.115root 11241100x80000000000000003855106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2a4db2d75af14b2021-12-22 11:48:22.115root 11241100x80000000000000003855107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4570563599aca9872021-12-22 11:48:22.116root 11241100x80000000000000003855108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baafe61232edd9d12021-12-22 11:48:22.116root 11241100x80000000000000003855109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b044d47e9a01f42021-12-22 11:48:22.116root 11241100x80000000000000003855110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9afb8c0bf6f3192021-12-22 11:48:22.116root 11241100x80000000000000003855111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bfc178eed3c82c2021-12-22 11:48:22.116root 11241100x80000000000000003855112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664aa138cc9399c52021-12-22 11:48:22.116root 11241100x80000000000000003855113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425c75d364c43bc72021-12-22 11:48:22.116root 11241100x80000000000000003855114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3e38ad9ed12e1b2021-12-22 11:48:22.116root 11241100x80000000000000003855115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6c60d9413fc3da2021-12-22 11:48:22.116root 11241100x80000000000000003855116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e46662d02305fc2021-12-22 11:48:22.117root 11241100x80000000000000003855117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226e340b7a1690bf2021-12-22 11:48:22.117root 11241100x80000000000000003855118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217666e27612c79d2021-12-22 11:48:22.117root 11241100x80000000000000003855119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa66635582e0b852021-12-22 11:48:22.117root 11241100x80000000000000003855120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.118{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2050ab2acd9c350e2021-12-22 11:48:22.118root 11241100x80000000000000003855121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.118{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3d66b37f60c3382021-12-22 11:48:22.118root 11241100x80000000000000003855122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.118{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb29b44d15433ed2021-12-22 11:48:22.118root 11241100x80000000000000003855123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.119{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb539df5b5339fa2021-12-22 11:48:22.119root 11241100x80000000000000003855124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.119{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38219200b7a953242021-12-22 11:48:22.119root 11241100x80000000000000003855125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.119{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85182b7c7c8ce9e12021-12-22 11:48:22.119root 11241100x80000000000000003855126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee715fdaecf8ec152021-12-22 11:48:22.120root 11241100x80000000000000003855127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246836eacee543ea2021-12-22 11:48:22.120root 11241100x80000000000000003855128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f32cffab7d22762021-12-22 11:48:22.121root 11241100x80000000000000003855129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4822d310fae11d1f2021-12-22 11:48:22.121root 11241100x80000000000000003855130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4dfe05a95d7c2a2021-12-22 11:48:22.122root 11241100x80000000000000003855131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90b1bc5e5d6e0a92021-12-22 11:48:22.122root 11241100x80000000000000003855132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e79ace5c0b54922021-12-22 11:48:22.122root 11241100x80000000000000003855133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35fec6db1b99f2752021-12-22 11:48:22.122root 11241100x80000000000000003855134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f73d038b0b522572021-12-22 11:48:22.123root 11241100x80000000000000003855135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd02fd0f6b8829ed2021-12-22 11:48:22.123root 11241100x80000000000000003855136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68fd44904239c7d2021-12-22 11:48:22.123root 11241100x80000000000000003855137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a901832484d8ad2021-12-22 11:48:22.124root 11241100x80000000000000003855138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1b3aeb3edee0672021-12-22 11:48:22.124root 11241100x80000000000000003855139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56fe014138137a532021-12-22 11:48:22.124root 11241100x80000000000000003855140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2746705dc78ca4dd2021-12-22 11:48:22.124root 11241100x80000000000000003855141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.125{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab07885783d564f2021-12-22 11:48:22.125root 11241100x80000000000000003855142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.125{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355cfe3919c1292a2021-12-22 11:48:22.125root 11241100x80000000000000003855143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.125{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17efa5bc52b9ba9a2021-12-22 11:48:22.125root 11241100x80000000000000003855144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.125{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a72e640ac5780112021-12-22 11:48:22.125root 11241100x80000000000000003855145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.125{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5577fab4cff13f2021-12-22 11:48:22.125root 11241100x80000000000000003855146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.125{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34dabd95b6327302021-12-22 11:48:22.125root 11241100x80000000000000003855147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.125{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2efa03236eb5ba582021-12-22 11:48:22.125root 11241100x80000000000000003855148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.125{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1eddc3a0b730212021-12-22 11:48:22.125root 11241100x80000000000000003855149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.125{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b25131a80481c62021-12-22 11:48:22.125root 11241100x80000000000000003855150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5bd11b6fe2f70212021-12-22 11:48:22.126root 11241100x80000000000000003855151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369fe1be73f019ed2021-12-22 11:48:22.126root 11241100x80000000000000003855152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c429bd90a484d0f2021-12-22 11:48:22.126root 11241100x80000000000000003855153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020cac889b5c7f952021-12-22 11:48:22.126root 11241100x80000000000000003855154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4286993379773d2021-12-22 11:48:22.126root 11241100x80000000000000003855155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2695e902c41662102021-12-22 11:48:22.126root 11241100x80000000000000003855156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a854e405211a3e2021-12-22 11:48:22.126root 11241100x80000000000000003855157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d2e298e062f4ce2021-12-22 11:48:22.126root 11241100x80000000000000003855158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce11f1c57f320d42021-12-22 11:48:22.126root 11241100x80000000000000003855159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d60718d1c776d02021-12-22 11:48:22.127root 11241100x80000000000000003855160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d32c684f280784b2021-12-22 11:48:22.127root 11241100x80000000000000003855161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e11eb24abd0ad662021-12-22 11:48:22.127root 11241100x80000000000000003855162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a193aa0fdedbd76f2021-12-22 11:48:22.127root 11241100x80000000000000003855163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07881f73a3840f812021-12-22 11:48:22.128root 11241100x80000000000000003855164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ffbe152ecebf27f2021-12-22 11:48:22.129root 11241100x80000000000000003855165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a54cf92ee815f2d2021-12-22 11:48:22.129root 11241100x80000000000000003855166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5f25d683048d032021-12-22 11:48:22.129root 11241100x80000000000000003855167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660d33ad7ee746302021-12-22 11:48:22.129root 11241100x80000000000000003855168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e07d684f5435872021-12-22 11:48:22.129root 11241100x80000000000000003855169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18793db8476ebea12021-12-22 11:48:22.130root 11241100x80000000000000003855170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1dafb03877830592021-12-22 11:48:22.130root 11241100x80000000000000003855171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c0baf45c8360ca2021-12-22 11:48:22.130root 11241100x80000000000000003855172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17fbdb6320348d782021-12-22 11:48:22.130root 11241100x80000000000000003855173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b7d8445bab0ef12021-12-22 11:48:22.130root 11241100x80000000000000003855174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9b33def91ef69b2021-12-22 11:48:22.130root 11241100x80000000000000003855175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccae7638bac2f3eb2021-12-22 11:48:22.131root 11241100x80000000000000003855176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50f46167647ad032021-12-22 11:48:22.131root 11241100x80000000000000003855177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c472cd0ac604f9a62021-12-22 11:48:22.131root 11241100x80000000000000003855178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68dac35195ac22492021-12-22 11:48:22.131root 11241100x80000000000000003855179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7995090ad9e40a2021-12-22 11:48:22.131root 11241100x80000000000000003855180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104ea186ba1664002021-12-22 11:48:22.131root 11241100x80000000000000003855181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409f6b5439be87ba2021-12-22 11:48:22.132root 11241100x80000000000000003855182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61fb8eb42b4e5d82021-12-22 11:48:22.132root 11241100x80000000000000003855183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b842f3dc753adfc2021-12-22 11:48:22.132root 11241100x80000000000000003855184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94db1b5f6177a042021-12-22 11:48:22.132root 11241100x80000000000000003855185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d7f5641a9c137f2021-12-22 11:48:22.132root 11241100x80000000000000003855186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d472867edbdd334e2021-12-22 11:48:22.133root 11241100x80000000000000003855187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1d3bf57255f3942021-12-22 11:48:22.133root 11241100x80000000000000003855188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b8c2482c4d0ee62021-12-22 11:48:22.133root 11241100x80000000000000003855189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9df413c6d933f52021-12-22 11:48:22.133root 11241100x80000000000000003855190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159e1dbd9af46c6e2021-12-22 11:48:22.133root 11241100x80000000000000003855191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e634f6dea353b0b92021-12-22 11:48:22.133root 11241100x80000000000000003855192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef559a2caf812d392021-12-22 11:48:22.133root 11241100x80000000000000003855193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1fa1191f174fae12021-12-22 11:48:22.134root 11241100x80000000000000003855194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f78b96e24444ae2021-12-22 11:48:22.134root 11241100x80000000000000003855195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282bcb0cd8b5337a2021-12-22 11:48:22.134root 11241100x80000000000000003855196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ccd6982845ed45b2021-12-22 11:48:22.134root 11241100x80000000000000003855197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2f21e19b7820f12021-12-22 11:48:22.134root 11241100x80000000000000003855198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b01a708efd8a532021-12-22 11:48:22.134root 11241100x80000000000000003855199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb53f1fc33ca33502021-12-22 11:48:22.135root 11241100x80000000000000003855200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abf8bf00673de922021-12-22 11:48:22.135root 11241100x80000000000000003855201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0560b2023acee2ca2021-12-22 11:48:22.135root 11241100x80000000000000003855202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf09bd56f5c7964f2021-12-22 11:48:22.135root 11241100x80000000000000003855203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9efbe99559e9b45f2021-12-22 11:48:22.135root 11241100x80000000000000003855204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c435aea5e38fb012021-12-22 11:48:22.135root 11241100x80000000000000003855205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329d6bd9b7477ef22021-12-22 11:48:22.135root 11241100x80000000000000003855206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30c910a07511fc82021-12-22 11:48:22.135root 11241100x80000000000000003855207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2b1f79e5cc372a2021-12-22 11:48:22.136root 11241100x80000000000000003855208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898b9fbd7ac98b9b2021-12-22 11:48:22.136root 11241100x80000000000000003855209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9cafd4777e4c42e2021-12-22 11:48:22.136root 11241100x80000000000000003855210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9972dea835909c982021-12-22 11:48:22.136root 11241100x80000000000000003855211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9dee1339b0cd1f2021-12-22 11:48:22.136root 11241100x80000000000000003855212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d552ee11fa8517ec2021-12-22 11:48:22.136root 11241100x80000000000000003855213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4a354d75e85ce42021-12-22 11:48:22.136root 11241100x80000000000000003855214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd91695d0bce6f882021-12-22 11:48:22.136root 11241100x80000000000000003855215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf91e4a7ff04a442021-12-22 11:48:22.136root 11241100x80000000000000003855216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6001af7ebeda62f02021-12-22 11:48:22.136root 11241100x80000000000000003855217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43920a305756022c2021-12-22 11:48:22.136root 11241100x80000000000000003855218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca831401fa0fb1d2021-12-22 11:48:22.137root 11241100x80000000000000003855219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c9195d7fbec6bc2021-12-22 11:48:22.137root 11241100x80000000000000003855220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae5c6f17302ff112021-12-22 11:48:22.137root 11241100x80000000000000003855221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08bc6ec20fd8a4a2021-12-22 11:48:22.137root 11241100x80000000000000003855222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3442ab1114e681ca2021-12-22 11:48:22.137root 11241100x80000000000000003855223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b6c5b5f13d04dc2021-12-22 11:48:22.137root 11241100x80000000000000003855224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b45e257962f6f912021-12-22 11:48:22.137root 11241100x80000000000000003855225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2771607589f21f942021-12-22 11:48:22.137root 11241100x80000000000000003855226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb4fe40f4e416f32021-12-22 11:48:22.137root 11241100x80000000000000003855227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc43f2437d15deb2021-12-22 11:48:22.137root 11241100x80000000000000003855228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9caa791279e018602021-12-22 11:48:22.138root 11241100x80000000000000003855229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a182191ac1f3ac2a2021-12-22 11:48:22.138root 11241100x80000000000000003855230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4adea8233530542021-12-22 11:48:22.138root 11241100x80000000000000003855231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285c2293243e58822021-12-22 11:48:22.138root 11241100x80000000000000003855232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f1636de2c2dff72021-12-22 11:48:22.138root 11241100x80000000000000003855233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97b5d63ea6acb782021-12-22 11:48:22.138root 11241100x80000000000000003855234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978f79cf0313b6d22021-12-22 11:48:22.138root 11241100x80000000000000003855235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce81db177d2703f62021-12-22 11:48:22.138root 11241100x80000000000000003855236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390464ee3f8451df2021-12-22 11:48:22.138root 11241100x80000000000000003855237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c110b2259d727d52021-12-22 11:48:22.138root 11241100x80000000000000003855238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8cf7bad0591a922021-12-22 11:48:22.139root 11241100x80000000000000003855239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a283da208699f0162021-12-22 11:48:22.139root 11241100x80000000000000003855240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a4ee3eeb181ec12021-12-22 11:48:22.139root 11241100x80000000000000003855241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd5bfe19c77642b2021-12-22 11:48:22.139root 11241100x80000000000000003855242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ace6fd8b73154952021-12-22 11:48:22.139root 11241100x80000000000000003855243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4004e37fe744beb42021-12-22 11:48:22.139root 11241100x80000000000000003855244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd6dabafb552b262021-12-22 11:48:22.139root 11241100x80000000000000003855245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8b4a384accdbca2021-12-22 11:48:22.139root 11241100x80000000000000003855246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a92f2cf9e7f1812021-12-22 11:48:22.140root 11241100x80000000000000003855247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c9bc7c99ec7e392021-12-22 11:48:22.140root 11241100x80000000000000003855248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ca29fe8f0587c32021-12-22 11:48:22.140root 11241100x80000000000000003855249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7ab2d7d7d41dbf2021-12-22 11:48:22.140root 11241100x80000000000000003855250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4d0aa2a614d94c2021-12-22 11:48:22.140root 11241100x80000000000000003855251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1885e58d2596b2ad2021-12-22 11:48:22.140root 11241100x80000000000000003855252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a20a87708071b262021-12-22 11:48:22.140root 11241100x80000000000000003855253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f8ee4c40dc2e412021-12-22 11:48:22.140root 11241100x80000000000000003855254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f9802477d4ac5c2021-12-22 11:48:22.140root 11241100x80000000000000003855255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f877de45bed6132021-12-22 11:48:22.141root 11241100x80000000000000003855256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a71d02aed7b2992021-12-22 11:48:22.141root 11241100x80000000000000003855257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b5a778b837506c2021-12-22 11:48:22.141root 11241100x80000000000000003855258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28ea2e2d125ee012021-12-22 11:48:22.141root 11241100x80000000000000003855259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0034b59e6a66ea4e2021-12-22 11:48:22.141root 11241100x80000000000000003855260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed27cbaece2f4382021-12-22 11:48:22.141root 11241100x80000000000000003855261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a208d64069004cc2021-12-22 11:48:22.141root 11241100x80000000000000003855262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e081ace597deef42021-12-22 11:48:22.141root 11241100x80000000000000003855263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62216eeab78e3b192021-12-22 11:48:22.141root 11241100x80000000000000003855264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ebdba5cc4e7c2e2021-12-22 11:48:22.141root 11241100x80000000000000003855265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0a145d795cd4cf2021-12-22 11:48:22.442root 11241100x80000000000000003855266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67e349ebee8937f2021-12-22 11:48:22.443root 11241100x80000000000000003855267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03bad0fe30840f52021-12-22 11:48:22.443root 11241100x80000000000000003855268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504d737c2b020ad62021-12-22 11:48:22.443root 11241100x80000000000000003855269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20f57951f96c1e42021-12-22 11:48:22.443root 11241100x80000000000000003855270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5e13ed9363a5f62021-12-22 11:48:22.443root 11241100x80000000000000003855271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a355fa692c92272021-12-22 11:48:22.443root 11241100x80000000000000003855272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f478c9bf9777482021-12-22 11:48:22.443root 11241100x80000000000000003855273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8d5d4d0b7574c92021-12-22 11:48:22.443root 11241100x80000000000000003855274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2feb8f88424ff362021-12-22 11:48:22.443root 11241100x80000000000000003855275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e58cefd808f22e2021-12-22 11:48:22.443root 11241100x80000000000000003855276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633d9dce9ae4a0d92021-12-22 11:48:22.444root 11241100x80000000000000003855277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0d0611cc2cc2152021-12-22 11:48:22.444root 11241100x80000000000000003855278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9381cf79d429f3a42021-12-22 11:48:22.444root 11241100x80000000000000003855279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296dde9546138bde2021-12-22 11:48:22.444root 11241100x80000000000000003855280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc33679283b767b2021-12-22 11:48:22.444root 11241100x80000000000000003855281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b927d64c0d395d52021-12-22 11:48:22.444root 11241100x80000000000000003855282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c99bdb5302aee42021-12-22 11:48:22.444root 11241100x80000000000000003855283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12c914172a4e3d32021-12-22 11:48:22.444root 11241100x80000000000000003855284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28781a0c0d9f5942021-12-22 11:48:22.444root 11241100x80000000000000003855285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a791e6d3c618632021-12-22 11:48:22.444root 11241100x80000000000000003855286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7f19a33f8b86fe2021-12-22 11:48:22.445root 11241100x80000000000000003855287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fba9a40b626eac92021-12-22 11:48:22.445root 11241100x80000000000000003855288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d648154d0773d28e2021-12-22 11:48:22.445root 11241100x80000000000000003855289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b249fe97ed22712021-12-22 11:48:22.445root 11241100x80000000000000003855290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52229f3b3adc84902021-12-22 11:48:22.445root 11241100x80000000000000003855291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91641f8306f934b82021-12-22 11:48:22.446root 11241100x80000000000000003855292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8035e793ff6ba20d2021-12-22 11:48:22.446root 11241100x80000000000000003855293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36b910de739bcc72021-12-22 11:48:22.446root 11241100x80000000000000003855294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78fa6a16cb16d032021-12-22 11:48:22.446root 11241100x80000000000000003855295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037683d6d50a6ba32021-12-22 11:48:22.446root 11241100x80000000000000003855296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d874d9e98832395e2021-12-22 11:48:22.446root 11241100x80000000000000003855297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3e65d8528077a42021-12-22 11:48:22.446root 11241100x80000000000000003855298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee40cb70dd806ec12021-12-22 11:48:22.447root 11241100x80000000000000003855299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6fc813755cb1fb2021-12-22 11:48:22.447root 11241100x80000000000000003855300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f439d3e66223902021-12-22 11:48:22.447root 11241100x80000000000000003855301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e53c90d3352f5102021-12-22 11:48:22.447root 11241100x80000000000000003855302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d860b054b05020712021-12-22 11:48:22.447root 11241100x80000000000000003855303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab6f78e9c2e60102021-12-22 11:48:22.447root 11241100x80000000000000003855304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7cbea640e2e30532021-12-22 11:48:22.447root 11241100x80000000000000003855305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5361e5763e8568a52021-12-22 11:48:22.447root 11241100x80000000000000003855306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3163f6cc9fb044672021-12-22 11:48:22.447root 11241100x80000000000000003855307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb9ba26ef89dd062021-12-22 11:48:22.447root 11241100x80000000000000003855308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092919eb64defe162021-12-22 11:48:22.448root 11241100x80000000000000003855309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21537d0d1e9974f22021-12-22 11:48:22.448root 11241100x80000000000000003855310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f123e92c5de2dc272021-12-22 11:48:22.448root 11241100x80000000000000003855311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad2d66f15d06c6e2021-12-22 11:48:22.448root 11241100x80000000000000003855312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67d1fc8fa0df99f2021-12-22 11:48:22.448root 11241100x80000000000000003855313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0808f224f4a6c02021-12-22 11:48:22.448root 11241100x80000000000000003855314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329fa02d023a412f2021-12-22 11:48:22.448root 11241100x80000000000000003855315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e70f8b5edba27452021-12-22 11:48:22.448root 11241100x80000000000000003855316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158cc1e7de204bc62021-12-22 11:48:22.448root 11241100x80000000000000003855317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faba16f8017f5d542021-12-22 11:48:22.449root 11241100x80000000000000003855318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c26d2dc8df60112021-12-22 11:48:22.449root 11241100x80000000000000003855319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbba8a10a1f1cada2021-12-22 11:48:22.449root 11241100x80000000000000003855320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1ff0914b1228052021-12-22 11:48:22.449root 11241100x80000000000000003855321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15820b4bf60c35902021-12-22 11:48:22.449root 11241100x80000000000000003855322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b897997170051f42021-12-22 11:48:22.449root 11241100x80000000000000003855323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d9bce9de87e2892021-12-22 11:48:22.449root 11241100x80000000000000003855324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3110f41558c767a12021-12-22 11:48:22.449root 11241100x80000000000000003855325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44cc7fc49705eda2021-12-22 11:48:22.449root 11241100x80000000000000003855326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ad2728ecffe1b82021-12-22 11:48:22.450root 11241100x80000000000000003855327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956eb145928ca38c2021-12-22 11:48:22.450root 11241100x80000000000000003855328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299e5e822df50fe02021-12-22 11:48:22.450root 11241100x80000000000000003855329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a355c3bae136af2021-12-22 11:48:22.450root 11241100x80000000000000003855330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76614dd87b5994c92021-12-22 11:48:22.451root 11241100x80000000000000003855331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c7c94a5960f8232021-12-22 11:48:22.451root 11241100x80000000000000003855332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b3401f2d1fd8162021-12-22 11:48:22.451root 11241100x80000000000000003855333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03853fa6bec8912f2021-12-22 11:48:22.452root 11241100x80000000000000003855334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490bd6168664d7252021-12-22 11:48:22.452root 11241100x80000000000000003855335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894429758415ae982021-12-22 11:48:22.452root 11241100x80000000000000003855336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6743d023a8edbbd2021-12-22 11:48:22.452root 11241100x80000000000000003855337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c0579c3b4e70d62021-12-22 11:48:22.452root 11241100x80000000000000003855338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0355a6fa4668e99d2021-12-22 11:48:22.452root 11241100x80000000000000003855339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1e6d2e086532392021-12-22 11:48:22.452root 11241100x80000000000000003855340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22cff2ea0834cadf2021-12-22 11:48:22.452root 11241100x80000000000000003855341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3355ffc0a2a443752021-12-22 11:48:22.452root 11241100x80000000000000003855342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f1054795f46259a2021-12-22 11:48:22.453root 11241100x80000000000000003855343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a49f1095cca2a332021-12-22 11:48:22.453root 11241100x80000000000000003855344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69a129aecbfc32a2021-12-22 11:48:22.453root 11241100x80000000000000003855345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bcc34fd9ad4af882021-12-22 11:48:22.453root 11241100x80000000000000003855346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e198e071ad31d0bd2021-12-22 11:48:22.453root 11241100x80000000000000003855347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec720281062c3da2021-12-22 11:48:22.453root 11241100x80000000000000003855348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b7226c16f482db02021-12-22 11:48:22.454root 11241100x80000000000000003855349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc625da7d047ee512021-12-22 11:48:22.454root 11241100x80000000000000003855350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ffbec7c8813c4472021-12-22 11:48:22.454root 11241100x80000000000000003855351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25eb11e75611d96c2021-12-22 11:48:22.454root 11241100x80000000000000003855352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0313a0af2be01f2021-12-22 11:48:22.455root 11241100x80000000000000003855353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60c13911ba88f5a2021-12-22 11:48:22.455root 11241100x80000000000000003855354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c03b8ea6377d6a2021-12-22 11:48:22.455root 11241100x80000000000000003855355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7616912c6e95e5512021-12-22 11:48:22.455root 11241100x80000000000000003855356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131795cf6ca926322021-12-22 11:48:22.455root 11241100x80000000000000003855357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1499f6ab485cc8322021-12-22 11:48:22.455root 11241100x80000000000000003855358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615bff3f0f007aa32021-12-22 11:48:22.456root 11241100x80000000000000003855359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23a63d2a780070e2021-12-22 11:48:22.456root 11241100x80000000000000003855360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1815ee7177fe37bf2021-12-22 11:48:22.456root 11241100x80000000000000003855361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9483865ada931a6b2021-12-22 11:48:22.456root 11241100x80000000000000003855362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e497544da74f5d12021-12-22 11:48:22.456root 11241100x80000000000000003855363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efab979c130306072021-12-22 11:48:22.457root 11241100x80000000000000003855364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798ab43aa78a65f22021-12-22 11:48:22.457root 11241100x80000000000000003855365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5e754cf148de332021-12-22 11:48:22.457root 11241100x80000000000000003855366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9d29fe3a491c0d2021-12-22 11:48:22.457root 11241100x80000000000000003855367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7091b833cdced3792021-12-22 11:48:22.457root 11241100x80000000000000003855368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2caec82ffbb7c8f52021-12-22 11:48:22.457root 11241100x80000000000000003855369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc78b2019b3cd2022021-12-22 11:48:22.458root 11241100x80000000000000003855370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a505f79e35a91ace2021-12-22 11:48:22.458root 11241100x80000000000000003855371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377d290d2108ca2f2021-12-22 11:48:22.458root 11241100x80000000000000003855372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22aea6516b98fb652021-12-22 11:48:22.458root 11241100x80000000000000003855373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b9dd26276bc6af2021-12-22 11:48:22.458root 11241100x80000000000000003855374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32172fec098ad1b2021-12-22 11:48:22.459root 11241100x80000000000000003855375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adaf4f2e8d1e5be82021-12-22 11:48:22.459root 11241100x80000000000000003855376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ac5efea4502a0c2021-12-22 11:48:22.459root 11241100x80000000000000003855377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d05cac1e920a1382021-12-22 11:48:22.459root 11241100x80000000000000003855378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202cb94e3345145a2021-12-22 11:48:22.459root 11241100x80000000000000003855379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea548a07033e02a12021-12-22 11:48:22.459root 11241100x80000000000000003855380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7387fc433ae4882021-12-22 11:48:22.459root 11241100x80000000000000003855381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27fc5d1f335ba072021-12-22 11:48:22.459root 11241100x80000000000000003855382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4316bd7c29da3d3f2021-12-22 11:48:22.460root 11241100x80000000000000003855383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a477e040ad4f79c2021-12-22 11:48:22.460root 11241100x80000000000000003855384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3733b2942cbaf9c2021-12-22 11:48:22.460root 11241100x80000000000000003855385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b65fa3584c2eccb2021-12-22 11:48:22.460root 11241100x80000000000000003855386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a1ba067ddddd442021-12-22 11:48:22.460root 11241100x80000000000000003855387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc3fa67876d3f212021-12-22 11:48:22.460root 11241100x80000000000000003855388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54afde3e97a48972021-12-22 11:48:22.460root 11241100x80000000000000003855389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7047059f11ca86492021-12-22 11:48:22.460root 11241100x80000000000000003855390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1489133d019fa56c2021-12-22 11:48:22.460root 11241100x80000000000000003855391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c7512a3b9da75742021-12-22 11:48:22.460root 11241100x80000000000000003855392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1679b5b2442b2bd72021-12-22 11:48:22.460root 11241100x80000000000000003855393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a672eaf68616762021-12-22 11:48:22.460root 11241100x80000000000000003855394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4ca1285c162f642021-12-22 11:48:22.460root 11241100x80000000000000003855395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c553e2f94eb3612021-12-22 11:48:22.460root 11241100x80000000000000003855396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724ed2c5b60e056a2021-12-22 11:48:22.460root 11241100x80000000000000003855397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0c8f48cc85ef862021-12-22 11:48:22.461root 11241100x80000000000000003855398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6abcf38773fe334d2021-12-22 11:48:22.461root 11241100x80000000000000003855399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24405a7b9ac4ae52021-12-22 11:48:22.461root 11241100x80000000000000003855400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a7438f3d1cc63f2021-12-22 11:48:22.461root 11241100x80000000000000003855401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e40519be4bf72a2021-12-22 11:48:22.461root 11241100x80000000000000003855402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f54b2d853435e062021-12-22 11:48:22.461root 11241100x80000000000000003855403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b05314a4c826c12021-12-22 11:48:22.461root 11241100x80000000000000003855404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1740df171e6a8a632021-12-22 11:48:22.461root 11241100x80000000000000003855405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9f73896815451f2021-12-22 11:48:22.461root 11241100x80000000000000003855406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5d5523f492f67e2021-12-22 11:48:22.461root 11241100x80000000000000003855407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1f65f4749a69c92021-12-22 11:48:22.461root 11241100x80000000000000003855408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33a8d193e48ddf82021-12-22 11:48:22.461root 11241100x80000000000000003855409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1745aa4cca0b4b92021-12-22 11:48:22.461root 11241100x80000000000000003855410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79b853519df72d62021-12-22 11:48:22.462root 11241100x80000000000000003855411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af5f59b3e1b2be12021-12-22 11:48:22.462root 11241100x80000000000000003855412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa51bb2861956562021-12-22 11:48:22.462root 11241100x80000000000000003855413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b2c5cf519c41772021-12-22 11:48:22.462root 11241100x80000000000000003855414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90da1b43d7d006e12021-12-22 11:48:22.462root 11241100x80000000000000003855415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084a2051809251092021-12-22 11:48:22.462root 11241100x80000000000000003855416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932fe22c52f0f5912021-12-22 11:48:22.462root 11241100x80000000000000003855417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435af80fa87470a02021-12-22 11:48:22.463root 11241100x80000000000000003855418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141ff8b1f82016062021-12-22 11:48:22.463root 11241100x80000000000000003855419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b08b1bd3af5ef0f2021-12-22 11:48:22.463root 11241100x80000000000000003855420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1cc874df1717a2c2021-12-22 11:48:22.464root 11241100x80000000000000003855421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8081f9c20ac0bb1d2021-12-22 11:48:22.464root 11241100x80000000000000003855422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafbcefafd05bfb62021-12-22 11:48:22.464root 11241100x80000000000000003855423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99063ec3a2e6e4192021-12-22 11:48:22.464root 11241100x80000000000000003855424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f057c17c6becec102021-12-22 11:48:22.465root 11241100x80000000000000003855425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4708037bd6c61b2021-12-22 11:48:22.465root 11241100x80000000000000003855426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55ece6123291d9d2021-12-22 11:48:22.465root 11241100x80000000000000003855427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49d9fbd86c4637a2021-12-22 11:48:22.465root 11241100x80000000000000003855428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7452f0bdb3239a6e2021-12-22 11:48:22.465root 11241100x80000000000000003855429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76173fcc2db2fb72021-12-22 11:48:22.465root 11241100x80000000000000003855430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f832f92217a34bf22021-12-22 11:48:22.465root 11241100x80000000000000003855431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cbd58362db53d32021-12-22 11:48:22.465root 11241100x80000000000000003855432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc9340fa3e36c0e2021-12-22 11:48:22.465root 11241100x80000000000000003855433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd865e778ec417972021-12-22 11:48:22.465root 11241100x80000000000000003855434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc91c0eca485e40e2021-12-22 11:48:22.465root 11241100x80000000000000003855435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc0fd9e2c7854332021-12-22 11:48:22.465root 11241100x80000000000000003855436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6ea72af7ec7ea02021-12-22 11:48:22.466root 11241100x80000000000000003855437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad092ec0f7e1d192021-12-22 11:48:22.466root 11241100x80000000000000003855438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf7c6322a8b57ef2021-12-22 11:48:22.466root 11241100x80000000000000003855439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d862e09460a8c2192021-12-22 11:48:22.466root 11241100x80000000000000003855440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449e46fb0da20abe2021-12-22 11:48:22.466root 11241100x80000000000000003855441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f007567e3e3446c12021-12-22 11:48:22.466root 11241100x80000000000000003855442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d73818cc0c81e532021-12-22 11:48:22.466root 11241100x80000000000000003855443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e049cb223f4da92021-12-22 11:48:22.466root 11241100x80000000000000003855444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eedbd6a73c55ba1c2021-12-22 11:48:22.466root 11241100x80000000000000003855445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb86b1002b4716952021-12-22 11:48:22.467root 11241100x80000000000000003855446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1482672eb05e9af82021-12-22 11:48:22.467root 11241100x80000000000000003855447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf43d6e8c0e22ec22021-12-22 11:48:22.467root 11241100x80000000000000003855448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466628fb2ed564312021-12-22 11:48:22.467root 11241100x80000000000000003855449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776ab01c342eb5e52021-12-22 11:48:22.467root 11241100x80000000000000003855450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b8726e0e564a912021-12-22 11:48:22.467root 11241100x80000000000000003855451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c42e969300ecc02021-12-22 11:48:22.467root 11241100x80000000000000003855452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b1a9a28863a8d22021-12-22 11:48:22.467root 11241100x80000000000000003855453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ab3fd812f21b582021-12-22 11:48:22.467root 11241100x80000000000000003855454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a54c1cbd57108f82021-12-22 11:48:22.467root 11241100x80000000000000003855455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263d6ce7e72fe24d2021-12-22 11:48:22.468root 11241100x80000000000000003855456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3d6a7b034b94492021-12-22 11:48:22.468root 11241100x80000000000000003855457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e7e267575580622021-12-22 11:48:22.468root 11241100x80000000000000003855458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e77f4b3ee9540c02021-12-22 11:48:22.468root 11241100x80000000000000003855459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26977bf6f7b3c5182021-12-22 11:48:22.468root 11241100x80000000000000003855460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4342c35df36ba78f2021-12-22 11:48:22.468root 11241100x80000000000000003855461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4996fd2eaf333aaf2021-12-22 11:48:22.468root 11241100x80000000000000003855462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd140c4101169962021-12-22 11:48:22.468root 11241100x80000000000000003855463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62b286256a571ff2021-12-22 11:48:22.468root 11241100x80000000000000003855464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655c1ad093ead0f72021-12-22 11:48:22.468root 11241100x80000000000000003855465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0e6b9addf845dd2021-12-22 11:48:22.468root 11241100x80000000000000003855466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e57b3ca8ab5aa8a2021-12-22 11:48:22.469root 11241100x80000000000000003855467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c680a13cdcd19ce42021-12-22 11:48:22.469root 11241100x80000000000000003855468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e662853552e2bc2021-12-22 11:48:22.469root 11241100x80000000000000003855469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32c4e4db66e66522021-12-22 11:48:22.469root 11241100x80000000000000003855470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1118deaa42ceef2021-12-22 11:48:22.469root 11241100x80000000000000003855471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5480ab50453f9d12021-12-22 11:48:22.469root 11241100x80000000000000003855472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11396d9e001888ac2021-12-22 11:48:22.469root 11241100x80000000000000003855473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc923fdc7c1c498f2021-12-22 11:48:22.469root 11241100x80000000000000003855474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb2e0a817cc8f7f2021-12-22 11:48:22.469root 11241100x80000000000000003855475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ac2bb302e4f4c82021-12-22 11:48:22.469root 11241100x80000000000000003855476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbcb1d1203ef3a02021-12-22 11:48:22.469root 11241100x80000000000000003855477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56d8cbeeac546322021-12-22 11:48:22.469root 11241100x80000000000000003855478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e04193e26ca01c2021-12-22 11:48:22.469root 11241100x80000000000000003855479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f2d532c1087fc72021-12-22 11:48:22.470root 11241100x80000000000000003855480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820e83eedc317ced2021-12-22 11:48:22.470root 11241100x80000000000000003855481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e416ba4ca40df9a22021-12-22 11:48:22.470root 11241100x80000000000000003855482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36f24fce7bf84612021-12-22 11:48:22.470root 11241100x80000000000000003855483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98621a5e2e20d9cd2021-12-22 11:48:22.470root 11241100x80000000000000003855484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b22e6e6538172e22021-12-22 11:48:22.470root 11241100x80000000000000003855485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ed9d705892b5022021-12-22 11:48:22.470root 11241100x80000000000000003855486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84f972af88d16a12021-12-22 11:48:22.470root 11241100x80000000000000003855487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4c10715e14e5252021-12-22 11:48:22.470root 11241100x80000000000000003855488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6df09d96e27bddd2021-12-22 11:48:22.470root 11241100x80000000000000003855489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65475b14d68a8042021-12-22 11:48:22.470root 11241100x80000000000000003855490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5029ad262faad00c2021-12-22 11:48:22.470root 11241100x80000000000000003855491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a6cd7cb8a595082021-12-22 11:48:22.470root 11241100x80000000000000003855492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8d627b0acdf4892021-12-22 11:48:22.471root 11241100x80000000000000003855493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95fec7279efe03c2021-12-22 11:48:22.471root 11241100x80000000000000003855494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c60775bdc89eda52021-12-22 11:48:22.471root 11241100x80000000000000003855495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2835c2663b19123f2021-12-22 11:48:22.471root 11241100x80000000000000003855496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92318eeabd5ad8ab2021-12-22 11:48:22.471root 11241100x80000000000000003855497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.473{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d59e34013e72432021-12-22 11:48:22.473root 11241100x80000000000000003855498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.473{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148219ba4541afdd2021-12-22 11:48:22.473root 11241100x80000000000000003855499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.473{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d448956f108cbf912021-12-22 11:48:22.473root 11241100x80000000000000003855500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.473{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7f76a87b13a7cf2021-12-22 11:48:22.473root 11241100x80000000000000003855501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.473{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74c37a955e4ef8f2021-12-22 11:48:22.473root 11241100x80000000000000003855502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9133d85aeefa57f92021-12-22 11:48:22.474root 11241100x80000000000000003855503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d200859435444282021-12-22 11:48:22.474root 11241100x80000000000000003855504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d456cf25b70f442021-12-22 11:48:22.474root 11241100x80000000000000003855505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7991f97f0efd1af52021-12-22 11:48:22.474root 11241100x80000000000000003855506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c24742bbe0125132021-12-22 11:48:22.474root 11241100x80000000000000003855507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84acbc12e1baa6692021-12-22 11:48:22.474root 11241100x80000000000000003855508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90fbddbd8c4223662021-12-22 11:48:22.474root 11241100x80000000000000003855509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617b938c835d6a002021-12-22 11:48:22.474root 11241100x80000000000000003855510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.decd1d2a48c831c22021-12-22 11:48:22.474root 11241100x80000000000000003855511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01666582e6d45db22021-12-22 11:48:22.474root 11241100x80000000000000003855512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72eb61d49d8dbfc52021-12-22 11:48:22.474root 11241100x80000000000000003855513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd33c7899a7aa8e2021-12-22 11:48:22.475root 11241100x80000000000000003855514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13a310188ae7a3b2021-12-22 11:48:22.475root 11241100x80000000000000003855515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29abdb48db28ee1d2021-12-22 11:48:22.475root 11241100x80000000000000003855516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55cfd0916a8e3f1d2021-12-22 11:48:22.475root 11241100x80000000000000003855517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eeb1cc7314cb85e2021-12-22 11:48:22.475root 11241100x80000000000000003855518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d2f0faa89b2d372021-12-22 11:48:22.475root 11241100x80000000000000003855519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564fa3fca7acb9dd2021-12-22 11:48:22.475root 11241100x80000000000000003855520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514927a0606528b82021-12-22 11:48:22.475root 11241100x80000000000000003855521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50884a130d658fa72021-12-22 11:48:22.475root 11241100x80000000000000003855522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eade5e1165b84de52021-12-22 11:48:22.475root 11241100x80000000000000003855523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d247b1dd6668e82021-12-22 11:48:22.475root 11241100x80000000000000003855524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b93ea726b190802021-12-22 11:48:22.475root 11241100x80000000000000003855525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2964b2bfbfcf7f2021-12-22 11:48:22.475root 11241100x80000000000000003855526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.476{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0657d400580b212021-12-22 11:48:22.476root 11241100x80000000000000003855527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.476{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051ad99241c74ace2021-12-22 11:48:22.476root 11241100x80000000000000003855528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.476{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3b825f315f3e162021-12-22 11:48:22.476root 11241100x80000000000000003855529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.476{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb90d3528b460802021-12-22 11:48:22.476root 11241100x80000000000000003855530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.476{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af089aa9d742aae2021-12-22 11:48:22.476root 11241100x80000000000000003855531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.476{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d6af645fbb8ef02021-12-22 11:48:22.476root 11241100x80000000000000003855532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.476{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6634bcfa1556653b2021-12-22 11:48:22.476root 11241100x80000000000000003855533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.476{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d37a545b4a2ff72021-12-22 11:48:22.476root 11241100x80000000000000003855534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.476{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb069e529428a52e2021-12-22 11:48:22.476root 11241100x80000000000000003855535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.476{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f483c3ab9b3ad1b32021-12-22 11:48:22.476root 11241100x80000000000000003855536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.476{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07177ef5a00fd142021-12-22 11:48:22.476root 11241100x80000000000000003855537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.476{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8cdf960c4728a42021-12-22 11:48:22.476root 11241100x80000000000000003855538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857e5f07f73eb48b2021-12-22 11:48:22.478root 11241100x80000000000000003855539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71f56839a6bdc792021-12-22 11:48:22.479root 11241100x80000000000000003855540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a0b9439e77e2692021-12-22 11:48:22.479root 11241100x80000000000000003855541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d76b5494d88575a2021-12-22 11:48:22.479root 11241100x80000000000000003855542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef2413b194a21982021-12-22 11:48:22.479root 11241100x80000000000000003855543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9909cd32f1afc6c2021-12-22 11:48:22.479root 11241100x80000000000000003855544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb004696782b539b2021-12-22 11:48:22.479root 11241100x80000000000000003855545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355d4e90d9bc5b6c2021-12-22 11:48:22.479root 11241100x80000000000000003855546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c640f944a71095fe2021-12-22 11:48:22.479root 11241100x80000000000000003855547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793861f7be3879b82021-12-22 11:48:22.479root 11241100x80000000000000003855548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f055f4bcffed24052021-12-22 11:48:22.479root 11241100x80000000000000003855549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dccb1b59c7144d742021-12-22 11:48:22.479root 11241100x80000000000000003855550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9084e82008c76a2021-12-22 11:48:22.479root 11241100x80000000000000003855551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0f97e66a09c0cf2021-12-22 11:48:22.480root 11241100x80000000000000003855552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502c1984cd6363a92021-12-22 11:48:22.480root 11241100x80000000000000003855553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50d9dda5e767bd62021-12-22 11:48:22.480root 11241100x80000000000000003855554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e651b3d16a6898d2021-12-22 11:48:22.480root 11241100x80000000000000003855555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3cf62c60d58a992021-12-22 11:48:22.480root 11241100x80000000000000003855556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d5046339b5a0142021-12-22 11:48:22.480root 11241100x80000000000000003855557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8e8ceca04e57652021-12-22 11:48:22.480root 11241100x80000000000000003855558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c997556db0595c2f2021-12-22 11:48:22.480root 11241100x80000000000000003855559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4eb8f69bc9816762021-12-22 11:48:22.480root 11241100x80000000000000003855560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7d61f2363bdab62021-12-22 11:48:22.480root 11241100x80000000000000003855561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77bc6459a6a5d612021-12-22 11:48:22.480root 11241100x80000000000000003855562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6359dae1b39997502021-12-22 11:48:22.480root 11241100x80000000000000003855563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7179b3711ceaa02c2021-12-22 11:48:22.480root 11241100x80000000000000003855564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1f2278cb6b42cb2021-12-22 11:48:22.481root 11241100x80000000000000003855565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820445d6f115d9b72021-12-22 11:48:22.481root 11241100x80000000000000003855566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418d5370969c725b2021-12-22 11:48:22.481root 11241100x80000000000000003855567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d3628305135c692021-12-22 11:48:22.481root 11241100x80000000000000003855568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8672fc2966166b292021-12-22 11:48:22.481root 11241100x80000000000000003855569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c7460136cbd2b22021-12-22 11:48:22.481root 11241100x80000000000000003855570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bef3baa7213dc562021-12-22 11:48:22.481root 11241100x80000000000000003855571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc1bfc90a5d27d82021-12-22 11:48:22.481root 11241100x80000000000000003855572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031735fadd55c0212021-12-22 11:48:22.481root 11241100x80000000000000003855573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c7ca67602facaa62021-12-22 11:48:22.481root 11241100x80000000000000003855574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc79829a98310d462021-12-22 11:48:22.481root 11241100x80000000000000003855575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0daf2fc05f7e1ed42021-12-22 11:48:22.481root 11241100x80000000000000003855576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82baf05d92bd6bd12021-12-22 11:48:22.481root 11241100x80000000000000003855577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9ee77ccf3669c12021-12-22 11:48:22.481root 11241100x80000000000000003855578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ea8eec79bb9b222021-12-22 11:48:22.482root 11241100x80000000000000003855579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af51d2f66b1a3a672021-12-22 11:48:22.482root 11241100x80000000000000003855580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483f1102bc0de19b2021-12-22 11:48:22.482root 11241100x80000000000000003855581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2a24fd0a3467292021-12-22 11:48:22.482root 11241100x80000000000000003855582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c8dd64e6ca31332021-12-22 11:48:22.482root 11241100x80000000000000003855583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c328d03863121ed2021-12-22 11:48:22.482root 11241100x80000000000000003855584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667cc00a5ff825e32021-12-22 11:48:22.482root 11241100x80000000000000003855585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8afba09f6ccc8c4b2021-12-22 11:48:22.482root 11241100x80000000000000003855586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d2493977a213ef2021-12-22 11:48:22.482root 11241100x80000000000000003855587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be342e09a79c17f2021-12-22 11:48:22.482root 11241100x80000000000000003855588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96cc5cae72c231ba2021-12-22 11:48:22.482root 11241100x80000000000000003855589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69ea6625fd537eb2021-12-22 11:48:22.482root 11241100x80000000000000003855590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126016ecc6265e412021-12-22 11:48:22.482root 11241100x80000000000000003855591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e5d549856b17c82021-12-22 11:48:22.483root 11241100x80000000000000003855592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689d7d7b8247c34c2021-12-22 11:48:22.483root 11241100x80000000000000003855593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8632a77442e9b252021-12-22 11:48:22.483root 11241100x80000000000000003855594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817d3ba3b873a1932021-12-22 11:48:22.483root 11241100x80000000000000003855595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa973b93d7cf26ec2021-12-22 11:48:22.483root 11241100x80000000000000003855596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f7d6f8ad6e94572021-12-22 11:48:22.483root 11241100x80000000000000003855597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6ac51be481479d2021-12-22 11:48:22.483root 11241100x80000000000000003855598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39b37a2c721c7182021-12-22 11:48:22.483root 11241100x80000000000000003855599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4995e8798199e92021-12-22 11:48:22.483root 11241100x80000000000000003855600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d1a82160e1cae92021-12-22 11:48:22.483root 11241100x80000000000000003855601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca831066de24ff382021-12-22 11:48:22.483root 11241100x80000000000000003855602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844832938ba1edca2021-12-22 11:48:22.483root 11241100x80000000000000003855603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a12411b9a00f9d42021-12-22 11:48:22.483root 11241100x80000000000000003855604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0bf31579905aeca2021-12-22 11:48:22.484root 11241100x80000000000000003855605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b6ce329e0c06fa2021-12-22 11:48:22.484root 11241100x80000000000000003855606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee657e0a7189a2c2021-12-22 11:48:22.484root 11241100x80000000000000003855607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57db2b93a35b5c242021-12-22 11:48:22.484root 11241100x80000000000000003855608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc4eaff8291a1fa2021-12-22 11:48:22.484root 11241100x80000000000000003855609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bde01e9f92a04382021-12-22 11:48:22.484root 11241100x80000000000000003855610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48751de01d347f672021-12-22 11:48:22.484root 11241100x80000000000000003855611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013aa307f1c3e5b52021-12-22 11:48:22.484root 11241100x80000000000000003855612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6efa237fbb84c3b72021-12-22 11:48:22.484root 11241100x80000000000000003855613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51704a20bc1e97852021-12-22 11:48:22.484root 11241100x80000000000000003855614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90bf6b9d223ad5d12021-12-22 11:48:22.484root 11241100x80000000000000003855615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3329de3ba8a48d62021-12-22 11:48:22.484root 11241100x80000000000000003855616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cddaec99d386ad6b2021-12-22 11:48:22.484root 11241100x80000000000000003855617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.485{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b35e1f2681fe8602021-12-22 11:48:22.485root 11241100x80000000000000003855618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.485{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc39f72f02d50212021-12-22 11:48:22.485root 11241100x80000000000000003855619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.485{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7389cca12975e662021-12-22 11:48:22.485root 11241100x80000000000000003855620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.485{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a57fe5010597502021-12-22 11:48:22.485root 11241100x80000000000000003855621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.485{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65fc2e97beed5b002021-12-22 11:48:22.485root 11241100x80000000000000003855622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.485{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc054648b2463502021-12-22 11:48:22.485root 11241100x80000000000000003855623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.485{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6073a00949b8b4c42021-12-22 11:48:22.485root 11241100x80000000000000003855624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.485{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8354c108a68b05a92021-12-22 11:48:22.485root 11241100x80000000000000003855625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.485{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c27f92fc7097f962021-12-22 11:48:22.485root 11241100x80000000000000003855626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.485{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6d203424e8cbd52021-12-22 11:48:22.485root 11241100x80000000000000003855627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.485{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea4cf8d0748a6a32021-12-22 11:48:22.485root 11241100x80000000000000003855628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.485{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03bb1b7113bdc662021-12-22 11:48:22.485root 11241100x80000000000000003855629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.485{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7803424d82f5c42021-12-22 11:48:22.485root 11241100x80000000000000003855630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.486{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d624a49c976567eb2021-12-22 11:48:22.486root 11241100x80000000000000003855631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.486{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922727b66649ea692021-12-22 11:48:22.486root 11241100x80000000000000003855632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.486{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349b03b846b845f52021-12-22 11:48:22.486root 11241100x80000000000000003855633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.486{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c3c28387d71c082021-12-22 11:48:22.486root 11241100x80000000000000003855634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.486{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b029ddb11170047f2021-12-22 11:48:22.486root 11241100x80000000000000003855635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.486{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc66912c6eb212ba2021-12-22 11:48:22.486root 11241100x80000000000000003855636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.486{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379388ab6071b12c2021-12-22 11:48:22.486root 11241100x80000000000000003855637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.486{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9683f1d6187c05c2021-12-22 11:48:22.486root 11241100x80000000000000003855638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.486{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b60c21c47660302021-12-22 11:48:22.486root 11241100x80000000000000003855639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.486{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85a973670e263942021-12-22 11:48:22.486root 11241100x80000000000000003855640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.486{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993a5d218faa95762021-12-22 11:48:22.486root 11241100x80000000000000003855641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.486{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628ee1a0d818e2092021-12-22 11:48:22.486root 11241100x80000000000000003855642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.486{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b512dae5580d6b2021-12-22 11:48:22.486root 11241100x80000000000000003855643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.486{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428819f356300f0c2021-12-22 11:48:22.486root 11241100x80000000000000003855644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.487{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aacfa937da222a172021-12-22 11:48:22.487root 11241100x80000000000000003855645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.487{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c154dd644125caa82021-12-22 11:48:22.487root 11241100x80000000000000003855646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.487{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854a70026fc9d4b92021-12-22 11:48:22.487root 11241100x80000000000000003855647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.487{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d071d8b8cee26982021-12-22 11:48:22.487root 11241100x80000000000000003855648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.487{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80facea31f97abc2021-12-22 11:48:22.487root 11241100x80000000000000003855649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89014fd0a6e3a5862021-12-22 11:48:22.943root 11241100x80000000000000003855650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39225dad71cd4fe2021-12-22 11:48:22.943root 11241100x80000000000000003855651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070a2f9aa9eeef162021-12-22 11:48:22.943root 11241100x80000000000000003855652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3415963d6339efb02021-12-22 11:48:22.943root 354300x80000000000000003855746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:44.206{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55488-false10.0.1.12-8000- 11241100x80000000000000003855747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:44.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260341efdd4f56122021-12-22 11:48:44.692root 11241100x80000000000000003855748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:45.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c19af8779476682021-12-22 11:48:45.192root 11241100x80000000000000003855749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:45.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0109c50d8e52f782021-12-22 11:48:45.692root 11241100x80000000000000003855750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:46.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d240c0c175afcc032021-12-22 11:48:46.192root 11241100x80000000000000003855751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:46.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad6f3673dd0bb142021-12-22 11:48:46.692root 11241100x80000000000000003855752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:47.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aef032abeda79032021-12-22 11:48:47.192root 11241100x80000000000000003855753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:47.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84711b44754bb922021-12-22 11:48:47.692root 11241100x80000000000000003855754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:48.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465ba3bbac82e6602021-12-22 11:48:48.192root 11241100x80000000000000003855755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e380cf9c2dff481f2021-12-22 11:48:48.693root 11241100x80000000000000003855756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:49.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dffad18d4b977ce92021-12-22 11:48:49.192root 11241100x80000000000000003855757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:49.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3406241897a852722021-12-22 11:48:49.692root 354300x80000000000000003855758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:50.071{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55490-false10.0.1.12-8000- 11241100x80000000000000003855759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:50.071{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37628888efd10fca2021-12-22 11:48:50.071root 11241100x80000000000000003855760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:50.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00cc309c915318d2021-12-22 11:48:50.442root 11241100x80000000000000003855761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730f24b4f435b96f2021-12-22 11:48:50.443root 11241100x80000000000000003855762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:50.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94607c8d26ccd472021-12-22 11:48:50.942root 11241100x80000000000000003855763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:50.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e45eb4bc4569962021-12-22 11:48:50.942root 11241100x80000000000000003855764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:51.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313e32466011400a2021-12-22 11:48:51.442root 11241100x80000000000000003855765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57581ca1597fbd542021-12-22 11:48:51.443root 11241100x80000000000000003855766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:51.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f1870bce900319e2021-12-22 11:48:51.942root 11241100x80000000000000003855767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:51.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a78dddb999fdd22021-12-22 11:48:51.942root 11241100x80000000000000003855768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:52.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f724ec0ed9036b12021-12-22 11:48:52.442root 11241100x80000000000000003855769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:52.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833124b960f355a72021-12-22 11:48:52.442root 11241100x80000000000000003855770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:52.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f7bc16d15ff6762021-12-22 11:48:52.942root 11241100x80000000000000003855771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1454a093165ca62021-12-22 11:48:52.943root 11241100x80000000000000003855772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:53.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e5a1d93c03c4302021-12-22 11:48:53.442root 11241100x80000000000000003855773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:53.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f538310581a7f3312021-12-22 11:48:53.442root 11241100x80000000000000003855774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:53.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3655711ee03e678b2021-12-22 11:48:53.942root 11241100x80000000000000003855775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:53.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9706fd8a564ac4d62021-12-22 11:48:53.942root 11241100x80000000000000003855776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:54.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb9f4fb631b07b12021-12-22 11:48:54.442root 11241100x80000000000000003855777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bb46888cc432192021-12-22 11:48:54.443root 11241100x80000000000000003855778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:54.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2419f8f539c2d3f12021-12-22 11:48:54.942root 11241100x80000000000000003855779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:54.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32529fc31f34e70b2021-12-22 11:48:54.942root 354300x80000000000000003855780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:55.236{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55492-false10.0.1.12-8000- 11241100x80000000000000003855781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:55.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b222106eab423c82021-12-22 11:48:55.236root 11241100x80000000000000003855782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:55.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0fbe6c4b39d5b52021-12-22 11:48:55.236root 11241100x80000000000000003855783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:55.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af72498089944262021-12-22 11:48:55.692root 11241100x80000000000000003855784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d76e5ca17232cac2021-12-22 11:48:55.693root 11241100x80000000000000003855785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca608fe6b56658d22021-12-22 11:48:55.693root 11241100x80000000000000003855786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:56.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823c53961fbc4c722021-12-22 11:48:56.192root 11241100x80000000000000003855787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:56.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c994f3ec724c822021-12-22 11:48:56.192root 11241100x80000000000000003855788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4479a7e4969284392021-12-22 11:48:56.193root 11241100x80000000000000003855789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:56.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d03a213c45b9f42021-12-22 11:48:56.692root 11241100x80000000000000003855790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:56.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0314b15544e249232021-12-22 11:48:56.692root 11241100x80000000000000003855791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ba804fec988c852021-12-22 11:48:56.693root 11241100x80000000000000003855792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:57.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbbd5f4b6acde9bb2021-12-22 11:48:57.192root 11241100x80000000000000003855793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5d23fc4031b6ac2021-12-22 11:48:57.193root 11241100x80000000000000003855794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2d873c1e375dad2021-12-22 11:48:57.193root 11241100x80000000000000003855795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9dd8952a0f96452021-12-22 11:48:57.693root 11241100x80000000000000003855796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fbd9a1e7f1a13942021-12-22 11:48:57.693root 11241100x80000000000000003855797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39b6290719a95cc2021-12-22 11:48:57.693root 11241100x80000000000000003855798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:58.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13c875c66d59efb2021-12-22 11:48:58.192root 11241100x80000000000000003855799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299a10c0c09687d12021-12-22 11:48:58.193root 11241100x80000000000000003855800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19dce2516208b7752021-12-22 11:48:58.193root 11241100x80000000000000003855801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:58.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5f958bf9eb2ed32021-12-22 11:48:58.692root 11241100x80000000000000003855802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1540ab2b167a7b32021-12-22 11:48:58.693root 11241100x80000000000000003855803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b5fdfbb34aff622021-12-22 11:48:58.693root 11241100x80000000000000003855804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:59.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9d689c2d0e970b2021-12-22 11:48:59.192root 11241100x80000000000000003855805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4540567f63f6372021-12-22 11:48:59.193root 11241100x80000000000000003855806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d8e8ef799a0e1b2021-12-22 11:48:59.193root 11241100x80000000000000003855807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:59.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb28c2afe516970d2021-12-22 11:48:59.692root 11241100x80000000000000003855808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265c45999f1de6db2021-12-22 11:48:59.693root 11241100x80000000000000003855809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:48:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707152b132f975962021-12-22 11:48:59.693root 11241100x80000000000000003855810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:00.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8cbd353324fb0e92021-12-22 11:49:00.192root 11241100x80000000000000003855811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ccf2305722db602021-12-22 11:49:00.193root 11241100x80000000000000003855812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b2975e102a532c2021-12-22 11:49:00.193root 11241100x80000000000000003855813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:00.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce1d697bba355922021-12-22 11:49:00.692root 11241100x80000000000000003855814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f23157d4decb1742021-12-22 11:49:00.693root 11241100x80000000000000003855815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0d41ba48f8739c2021-12-22 11:49:00.693root 354300x80000000000000003855816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:01.113{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55494-false10.0.1.12-8000- 11241100x80000000000000003855817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:01.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9109e643a803beb72021-12-22 11:49:01.114root 11241100x80000000000000003855818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:01.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25bd07b8dc0b91a2021-12-22 11:49:01.114root 11241100x80000000000000003855819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:01.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421c0e6b59cbf8d62021-12-22 11:49:01.114root 11241100x80000000000000003855820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:01.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849fdec1fea86cc12021-12-22 11:49:01.114root 11241100x80000000000000003855821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:01.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a5c17f23bba7432021-12-22 11:49:01.442root 11241100x80000000000000003855822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf89e64fcabd2af12021-12-22 11:49:01.443root 11241100x80000000000000003855823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5644aa9e20b52cd2021-12-22 11:49:01.443root 11241100x80000000000000003855824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca54d8b8c9fa473c2021-12-22 11:49:01.443root 11241100x80000000000000003855825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:01.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e22772b0f261bf02021-12-22 11:49:01.942root 11241100x80000000000000003855826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485dca9867da00642021-12-22 11:49:01.943root 11241100x80000000000000003855827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec0bd945dba541c2021-12-22 11:49:01.943root 11241100x80000000000000003855828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a85c515dae1f6f2021-12-22 11:49:01.943root 11241100x80000000000000003855829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:02.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f785899f2d6820052021-12-22 11:49:02.442root 11241100x80000000000000003855830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615fc6d62ac7901b2021-12-22 11:49:02.443root 11241100x80000000000000003855831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1361c43093c5662021-12-22 11:49:02.443root 11241100x80000000000000003855832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a9f9ceca5e035d2021-12-22 11:49:02.443root 11241100x80000000000000003855833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:02.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256beff5141ae4182021-12-22 11:49:02.942root 11241100x80000000000000003855834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22679d5bb9f40ddf2021-12-22 11:49:02.943root 11241100x80000000000000003855835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f69ab1aebbd94e2021-12-22 11:49:02.943root 11241100x80000000000000003855836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f14fec334460a42021-12-22 11:49:02.943root 11241100x80000000000000003855837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:03.143{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-22 11:49:03.143root 11241100x80000000000000003855838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1731b1d376053cce2021-12-22 11:49:03.443root 11241100x80000000000000003855839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99c10667a4051ca2021-12-22 11:49:03.443root 11241100x80000000000000003855840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36f6d924383c3152021-12-22 11:49:03.443root 11241100x80000000000000003855841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1fbc54987f2f4f2021-12-22 11:49:03.443root 11241100x80000000000000003855842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b296a7940d6af8142021-12-22 11:49:03.443root 11241100x80000000000000003855843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676fb5bc4bcd28df2021-12-22 11:49:03.943root 11241100x80000000000000003855844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c225dac2dee5e02021-12-22 11:49:03.943root 11241100x80000000000000003855845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db380241f43be1fb2021-12-22 11:49:03.943root 11241100x80000000000000003855846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02bb77d0dac9e862021-12-22 11:49:03.943root 11241100x80000000000000003855847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada183373522ec732021-12-22 11:49:03.943root 11241100x80000000000000003855848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c219ae114663b4022021-12-22 11:49:04.443root 11241100x80000000000000003855849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d8d9aa19d494582021-12-22 11:49:04.443root 11241100x80000000000000003855850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f00d1f2b32b9e4d2021-12-22 11:49:04.443root 11241100x80000000000000003855851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ede1eece2be8252021-12-22 11:49:04.443root 11241100x80000000000000003855852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d4dcb7a05c455f2021-12-22 11:49:04.443root 11241100x80000000000000003855853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f192430b14d56fe42021-12-22 11:49:04.943root 11241100x80000000000000003855854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40938ededb1c05d2021-12-22 11:49:04.943root 11241100x80000000000000003855855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639fdcf7bbece4102021-12-22 11:49:04.943root 11241100x80000000000000003855856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8e112113a0377e2021-12-22 11:49:04.943root 11241100x80000000000000003855857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e311264bd25c32342021-12-22 11:49:04.943root 11241100x80000000000000003855858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:05.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b514240ec17dc952021-12-22 11:49:05.442root 11241100x80000000000000003855859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c2ace51aa70ee12021-12-22 11:49:05.443root 11241100x80000000000000003855860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82c703052bf5eff2021-12-22 11:49:05.443root 11241100x80000000000000003855861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da0a8b8ba03ff3b2021-12-22 11:49:05.443root 11241100x80000000000000003855862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c27b87039f90f592021-12-22 11:49:05.443root 11241100x80000000000000003855863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f8db30dbee42012021-12-22 11:49:05.943root 11241100x80000000000000003855864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4bb1aeed0792c7c2021-12-22 11:49:05.943root 11241100x80000000000000003855865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959992026d4b425e2021-12-22 11:49:05.943root 11241100x80000000000000003855866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f90978406ffe232021-12-22 11:49:05.943root 11241100x80000000000000003855867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d831d2e4c95b2352021-12-22 11:49:05.943root 23542300x80000000000000003855868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:06.144{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000003855869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec749064ffd90c42021-12-22 11:49:06.443root 11241100x80000000000000003855870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deedc430459a97db2021-12-22 11:49:06.443root 11241100x80000000000000003855871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ecafb8f87a6e272021-12-22 11:49:06.443root 11241100x80000000000000003855872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4635a1848335df9a2021-12-22 11:49:06.443root 11241100x80000000000000003855873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf84a9179a2950d2021-12-22 11:49:06.443root 11241100x80000000000000003855874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806ed8d706b784732021-12-22 11:49:06.443root 11241100x80000000000000003855875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e73ce93d30840d12021-12-22 11:49:06.943root 11241100x80000000000000003855876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83de9dd5ef59ace2021-12-22 11:49:06.943root 11241100x80000000000000003855877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7067d56eb39d8fb2021-12-22 11:49:06.943root 11241100x80000000000000003855878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3e8eaacf9d556f2021-12-22 11:49:06.943root 11241100x80000000000000003855879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b971d764db5ef0d2021-12-22 11:49:06.943root 11241100x80000000000000003855880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6141b91f3f7b26ee2021-12-22 11:49:06.943root 354300x80000000000000003855881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:07.071{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55496-false10.0.1.12-8000- 11241100x80000000000000003855882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:07.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61858cac315c2d682021-12-22 11:49:07.442root 11241100x80000000000000003855883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fddb18766d30c82021-12-22 11:49:07.443root 11241100x80000000000000003855884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03acb6a99ac739502021-12-22 11:49:07.443root 11241100x80000000000000003855885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7666040313d07aeb2021-12-22 11:49:07.443root 11241100x80000000000000003855886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d92be0db603fc452021-12-22 11:49:07.443root 11241100x80000000000000003855887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38d2cefee5b7ba22021-12-22 11:49:07.443root 11241100x80000000000000003855888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7d72828bbabcc72021-12-22 11:49:07.443root 11241100x80000000000000003855889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5191eedcc45be6542021-12-22 11:49:07.943root 11241100x80000000000000003855890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6ef9204b2054eb2021-12-22 11:49:07.943root 11241100x80000000000000003855891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c92930dcf62ce72021-12-22 11:49:07.943root 11241100x80000000000000003855892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f75eea5f2c3b8362021-12-22 11:49:07.943root 11241100x80000000000000003855893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d928cf0ab3c8ac2021-12-22 11:49:07.943root 11241100x80000000000000003855894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c4f4e282cfa2632021-12-22 11:49:07.943root 11241100x80000000000000003855895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921824205527b2b42021-12-22 11:49:07.943root 11241100x80000000000000003855896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc32f7eabc3fc702021-12-22 11:49:08.443root 11241100x80000000000000003855897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a92bf25c0bacee22021-12-22 11:49:08.443root 11241100x80000000000000003855898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6da9ca9bd5ec0df2021-12-22 11:49:08.443root 11241100x80000000000000003855899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d4029076d55daa2021-12-22 11:49:08.443root 11241100x80000000000000003855900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009dd3dad8bc17bb2021-12-22 11:49:08.443root 11241100x80000000000000003855901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd777da4b2f4d8f62021-12-22 11:49:08.443root 11241100x80000000000000003855902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618d7e22db3518612021-12-22 11:49:08.443root 11241100x80000000000000003855903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbcbf02f83ca0842021-12-22 11:49:08.943root 11241100x80000000000000003855904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5898dcff4c0c412021-12-22 11:49:08.943root 11241100x80000000000000003855905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362282a8f13a70202021-12-22 11:49:08.943root 11241100x80000000000000003855906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c5508914bf8d8e2021-12-22 11:49:08.943root 11241100x80000000000000003855907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d03ffbab525ab02021-12-22 11:49:08.943root 11241100x80000000000000003855908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608b7b6be6d8d5662021-12-22 11:49:08.943root 11241100x80000000000000003855909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a82b8274b25abd2021-12-22 11:49:08.943root 11241100x80000000000000003855910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ab9f1fc3331bea2021-12-22 11:49:09.443root 11241100x80000000000000003855911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc3219cdf75e90b2021-12-22 11:49:09.443root 11241100x80000000000000003855912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a83d143529db1102021-12-22 11:49:09.443root 11241100x80000000000000003855913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde6eb4d89d0d4382021-12-22 11:49:09.443root 11241100x80000000000000003855914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0988ba60c708b1e2021-12-22 11:49:09.443root 11241100x80000000000000003855915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48db7df55aa60b702021-12-22 11:49:09.443root 11241100x80000000000000003855916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e63c4394f81fae42021-12-22 11:49:09.443root 11241100x80000000000000003855917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e3c2a7354db9792021-12-22 11:49:09.943root 11241100x80000000000000003855918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d6eab80bfbf7f52021-12-22 11:49:09.943root 11241100x80000000000000003855919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba7f23ff5614b1e2021-12-22 11:49:09.943root 11241100x80000000000000003855920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bcad3b8de15f52e2021-12-22 11:49:09.943root 11241100x80000000000000003855921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2de4831570e48502021-12-22 11:49:09.943root 11241100x80000000000000003855922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ddbc0914e89df222021-12-22 11:49:09.943root 11241100x80000000000000003855923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee64f430f984c27b2021-12-22 11:49:09.943root 11241100x80000000000000003855924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082f256c6c0418d12021-12-22 11:49:10.443root 11241100x80000000000000003855925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa185ad351f640e92021-12-22 11:49:10.443root 11241100x80000000000000003855926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc73b67d610a71c2021-12-22 11:49:10.443root 11241100x80000000000000003855927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d04d1cd4fa6f752021-12-22 11:49:10.443root 11241100x80000000000000003855928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26fbe7cf60907272021-12-22 11:49:10.443root 11241100x80000000000000003855929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371a8829dc157bff2021-12-22 11:49:10.443root 11241100x80000000000000003855930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099c4decabde35802021-12-22 11:49:10.443root 11241100x80000000000000003855931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c7e5298d1e03492021-12-22 11:49:10.943root 11241100x80000000000000003855932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049fd9c022e048612021-12-22 11:49:10.943root 11241100x80000000000000003855933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73350de4d614dcc92021-12-22 11:49:10.943root 11241100x80000000000000003855934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f515134ed8ac0ec52021-12-22 11:49:10.943root 11241100x80000000000000003855935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a068ca1acace48d2021-12-22 11:49:10.943root 11241100x80000000000000003855936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddce6535ddbb9cf2021-12-22 11:49:10.943root 11241100x80000000000000003855937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f98f8541b83d1452021-12-22 11:49:10.943root 11241100x80000000000000003855938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4186fb6ba101b13b2021-12-22 11:49:11.443root 11241100x80000000000000003855939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b80b58f3ffd175a2021-12-22 11:49:11.443root 11241100x80000000000000003855940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9081aa34a67bf912021-12-22 11:49:11.443root 11241100x80000000000000003855941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8acb872034eded6f2021-12-22 11:49:11.443root 11241100x80000000000000003855942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22613048f05208572021-12-22 11:49:11.443root 11241100x80000000000000003855943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c23259e55beeb022021-12-22 11:49:11.443root 11241100x80000000000000003855944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4d76277331a8e92021-12-22 11:49:11.443root 11241100x80000000000000003855945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ad90ad7f19bdac2021-12-22 11:49:11.944root 11241100x80000000000000003855946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f597ca7c850752622021-12-22 11:49:11.944root 11241100x80000000000000003855947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31355f1333fe2a242021-12-22 11:49:11.945root 11241100x80000000000000003855948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c232db837a481cd12021-12-22 11:49:11.945root 11241100x80000000000000003855949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a7c2ebfef85dd42021-12-22 11:49:11.945root 11241100x80000000000000003855950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9b236a6c2b8f3a2021-12-22 11:49:11.945root 11241100x80000000000000003855951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82be0a013f39ef672021-12-22 11:49:11.945root 354300x80000000000000003855952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:12.144{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55498-false10.0.1.12-8000- 11241100x80000000000000003855953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7302738fcae11012021-12-22 11:49:12.443root 11241100x80000000000000003855954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d1b46ae3f9f6092021-12-22 11:49:12.443root 11241100x80000000000000003855955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe42bd52bbd93062021-12-22 11:49:12.443root 11241100x80000000000000003855956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339f1e20874d8b6f2021-12-22 11:49:12.443root 11241100x80000000000000003855957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1df62f6fe88066f2021-12-22 11:49:12.443root 11241100x80000000000000003855958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13a61ae4e946e472021-12-22 11:49:12.443root 11241100x80000000000000003855959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631301c29114339a2021-12-22 11:49:12.443root 11241100x80000000000000003855960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3916236dde0bba2021-12-22 11:49:12.443root 11241100x80000000000000003855961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792366887472b5752021-12-22 11:49:12.943root 11241100x80000000000000003855962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5740b38afc105dfa2021-12-22 11:49:12.943root 11241100x80000000000000003855963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2bbfc26bf5f93912021-12-22 11:49:12.943root 11241100x80000000000000003855964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1332f5980ee076942021-12-22 11:49:12.943root 11241100x80000000000000003855965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5ffd2f161e2d752021-12-22 11:49:12.943root 11241100x80000000000000003855966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35c38790c6214712021-12-22 11:49:12.943root 11241100x80000000000000003855967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65075eebad5b3602021-12-22 11:49:12.943root 11241100x80000000000000003855968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4928aed450b81a2021-12-22 11:49:12.943root 154100x80000000000000003855969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:13.300{ec2b6afe-10b9-61c3-10a0-760e8d550000}19091/bin/touch-----touch dll_hook.sh/home/ubuntuubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 11241100x80000000000000003855970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:13.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d3687165867dfa2021-12-22 11:49:13.301root 11241100x80000000000000003855971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:13.301{ec2b6afe-10b9-61c3-10a0-760e8d550000}19091/bin/touch/home/ubuntu/dll_hook.sh2021-12-22 11:49:13.301ubuntu 534500x80000000000000003855972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:13.301{ec2b6afe-10b9-61c3-10a0-760e8d550000}19091/bin/touchubuntu 11241100x80000000000000003855973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:13.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eadfb27efbbce382021-12-22 11:49:13.301root 11241100x80000000000000003855974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:13.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a21cd5ef20c421e2021-12-22 11:49:13.301root 11241100x80000000000000003855975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:13.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8bef6a826f4e7952021-12-22 11:49:13.302root 11241100x80000000000000003855976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:13.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd97848e509ea4bd2021-12-22 11:49:13.302root 11241100x80000000000000003855977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:13.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9c6690ffd537ae2021-12-22 11:49:13.302root 11241100x80000000000000003855978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:13.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365f8905cb8179df2021-12-22 11:49:13.302root 11241100x80000000000000003855979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:13.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae447a681552ae502021-12-22 11:49:13.302root 11241100x80000000000000003855980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:13.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca31eb22bca011ee2021-12-22 11:49:13.302root 11241100x80000000000000003855981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c8f5ecf3d8d7782021-12-22 11:49:13.693root 11241100x80000000000000003855982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e2c4433c20f50b2021-12-22 11:49:13.693root 11241100x80000000000000003855983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c1bec8946f550c2021-12-22 11:49:13.693root 11241100x80000000000000003855984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba0f2aeffc19b622021-12-22 11:49:13.694root 11241100x80000000000000003855985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf715aa4b7463fbe2021-12-22 11:49:13.694root 11241100x80000000000000003855986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63c1ab8b26fed642021-12-22 11:49:13.694root 11241100x80000000000000003855987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19563980ec6229332021-12-22 11:49:13.694root 11241100x80000000000000003855988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590ca116b7ae40fc2021-12-22 11:49:13.694root 11241100x80000000000000003855989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b4c3322fa80bd22021-12-22 11:49:13.694root 11241100x80000000000000003855990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857559187a61884f2021-12-22 11:49:13.694root 11241100x80000000000000003855991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992fbd8bcc43d0a72021-12-22 11:49:13.694root 11241100x80000000000000003855992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121851f900cf6f372021-12-22 11:49:14.193root 11241100x80000000000000003855993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba946ef216711f62021-12-22 11:49:14.193root 11241100x80000000000000003855994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3fd12d1847badd2021-12-22 11:49:14.193root 11241100x80000000000000003855995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb77ccab2be40732021-12-22 11:49:14.193root 11241100x80000000000000003855996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd159d0b37abe482021-12-22 11:49:14.193root 11241100x80000000000000003855997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589af230260aa43a2021-12-22 11:49:14.194root 11241100x80000000000000003855998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014e1508c87e444b2021-12-22 11:49:14.194root 11241100x80000000000000003855999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75f3b543e93e8722021-12-22 11:49:14.194root 11241100x80000000000000003856000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b288e368c9e103832021-12-22 11:49:14.194root 11241100x80000000000000003856001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e600be0da55056972021-12-22 11:49:14.194root 11241100x80000000000000003856002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e2527e96ffdcb02021-12-22 11:49:14.194root 11241100x80000000000000003856003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d465eb1b01a433f2021-12-22 11:49:14.693root 11241100x80000000000000003856004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc0b95bd2f4da902021-12-22 11:49:14.693root 11241100x80000000000000003856005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518e100b2dfa29f12021-12-22 11:49:14.693root 11241100x80000000000000003856006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4f87595c4f087f2021-12-22 11:49:14.693root 11241100x80000000000000003856007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f8b9bbb6ef41432021-12-22 11:49:14.693root 11241100x80000000000000003856008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c8c6c981b64c402021-12-22 11:49:14.693root 11241100x80000000000000003856009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c67dc81652ba222021-12-22 11:49:14.693root 11241100x80000000000000003856010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2701915ffe8e48b2021-12-22 11:49:14.694root 11241100x80000000000000003856011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f86c26c22079a72021-12-22 11:49:14.694root 11241100x80000000000000003856012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e353de19527c022a2021-12-22 11:49:14.694root 11241100x80000000000000003856013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9123e0e447068882021-12-22 11:49:14.694root 11241100x80000000000000003856014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41624acb03c6a09e2021-12-22 11:49:15.193root 11241100x80000000000000003856015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4787d123608f0cf32021-12-22 11:49:15.193root 11241100x80000000000000003856016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de1464cb57efd042021-12-22 11:49:15.193root 11241100x80000000000000003856017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6de99134c2dca8d2021-12-22 11:49:15.193root 11241100x80000000000000003856018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf345d5655ed966b2021-12-22 11:49:15.193root 11241100x80000000000000003856019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51fba32c6850a1c2021-12-22 11:49:15.193root 11241100x80000000000000003856020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b0af2430d5e2e522021-12-22 11:49:15.194root 11241100x80000000000000003856021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a685855d5deff62021-12-22 11:49:15.194root 11241100x80000000000000003856022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31562e423e0aecb2021-12-22 11:49:15.194root 11241100x80000000000000003856023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8166f1a7d2c9c5d92021-12-22 11:49:15.194root 11241100x80000000000000003856024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa0ad47c2fb0cd02021-12-22 11:49:15.194root 11241100x80000000000000003856025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262778ff00b618ad2021-12-22 11:49:15.693root 11241100x80000000000000003856026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a96d300d77419d2021-12-22 11:49:15.693root 11241100x80000000000000003856027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7baa8d0d5957ca172021-12-22 11:49:15.693root 11241100x80000000000000003856028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0ec04dd64ee6002021-12-22 11:49:15.694root 11241100x80000000000000003856029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8cc57e41fa949752021-12-22 11:49:15.694root 11241100x80000000000000003856030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f3516d77680b352021-12-22 11:49:15.694root 11241100x80000000000000003856031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81789980eedef9082021-12-22 11:49:15.694root 11241100x80000000000000003856032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0038f42480b358b2021-12-22 11:49:15.694root 11241100x80000000000000003856033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25427d80017ca2c42021-12-22 11:49:15.694root 11241100x80000000000000003856034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f7342863cc4dac2021-12-22 11:49:15.694root 11241100x80000000000000003856035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9720623169d762882021-12-22 11:49:15.695root 11241100x80000000000000003856036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559d0000f05aff1d2021-12-22 11:49:16.193root 11241100x80000000000000003856037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89d045ea755a04c2021-12-22 11:49:16.193root 11241100x80000000000000003856038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa3116d26ab30912021-12-22 11:49:16.193root 11241100x80000000000000003856039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3604946dd1bfeb72021-12-22 11:49:16.193root 11241100x80000000000000003856040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aefedbe2ab2946dc2021-12-22 11:49:16.193root 11241100x80000000000000003856041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f234f96faf9679f2021-12-22 11:49:16.193root 11241100x80000000000000003856042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9cb4884ccb50b722021-12-22 11:49:16.193root 11241100x80000000000000003856043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6371a11cdb164142021-12-22 11:49:16.194root 11241100x80000000000000003856044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04354f039906c8f02021-12-22 11:49:16.194root 11241100x80000000000000003856045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ba8ee330b182122021-12-22 11:49:16.194root 11241100x80000000000000003856046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6bab137233c3e2d2021-12-22 11:49:16.194root 534500x80000000000000003856047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.677{ec2b6afe-10bc-61c3-0000-000000000000}19092-ubuntu 11241100x80000000000000003856048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.678{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957ec9228c2b170c2021-12-22 11:49:16.678root 11241100x80000000000000003856049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.678{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbef6f6f1fc30402021-12-22 11:49:16.678root 11241100x80000000000000003856050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.678{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7dd8794ff433852021-12-22 11:49:16.678root 11241100x80000000000000003856051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.678{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5370e207fce8322021-12-22 11:49:16.678root 11241100x80000000000000003856052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.678{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472893b810e41c922021-12-22 11:49:16.678root 11241100x80000000000000003856053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.678{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da6c390c74ff5132021-12-22 11:49:16.678root 11241100x80000000000000003856054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.678{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8f3f6357566eb62021-12-22 11:49:16.678root 534500x80000000000000003856055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.679{ec2b6afe-10bc-61c3-0000-000000000000}19093-ubuntu 11241100x80000000000000003856056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.679{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash/tmp/sh-thd.sclhLa2021-12-22 11:49:16.679ubuntu 23542300x80000000000000003856057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.679{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702ubuntu/bin/bash/tmp/sh-thd.sclhLa--- 11241100x80000000000000003856058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.679{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3df80623ffc4ce2021-12-22 11:49:16.679root 11241100x80000000000000003856059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.679{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed90a46528b120072021-12-22 11:49:16.679root 11241100x80000000000000003856060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.679{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5a816c5bb678052021-12-22 11:49:16.679root 11241100x80000000000000003856061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.680{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0cba216f72ca14b2021-12-22 11:49:16.680root 11241100x80000000000000003856062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.680{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c383269379aace972021-12-22 11:49:16.680root 11241100x80000000000000003856063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.680{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a1d1c8b62679bf2021-12-22 11:49:16.680root 11241100x80000000000000003856064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.681{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4796b7d2ef6891442021-12-22 11:49:16.681root 11241100x80000000000000003856065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.681{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a43fd1fe2f881e32021-12-22 11:49:16.681root 11241100x80000000000000003856066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.681{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682bb588b6dea0fc2021-12-22 11:49:16.681root 11241100x80000000000000003856067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.681{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a1f1f4828aa1802021-12-22 11:49:16.681root 11241100x80000000000000003856068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.681{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d196d2eb1a198592021-12-22 11:49:16.681root 11241100x80000000000000003856069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.682{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9862b7a80e69bc3b2021-12-22 11:49:16.682root 11241100x80000000000000003856070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.682{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a474e5bd8f79c902021-12-22 11:49:16.682root 11241100x80000000000000003856071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.682{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e912cddf9dbf1442021-12-22 11:49:16.682root 11241100x80000000000000003856072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.683{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54de1f41f65767f52021-12-22 11:49:16.683root 11241100x80000000000000003856073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.683{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05663ec7aa0ff31a2021-12-22 11:49:16.683root 11241100x80000000000000003856074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.684{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a92de58d207287c2021-12-22 11:49:16.684root 11241100x80000000000000003856075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.684{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b239119bfb5811a2021-12-22 11:49:16.684root 11241100x80000000000000003856076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.684{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8990c142dc7679022021-12-22 11:49:16.684root 11241100x80000000000000003856077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.685{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b9a0d1194d77d42021-12-22 11:49:16.685root 11241100x80000000000000003856078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.685{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35257834e419642b2021-12-22 11:49:16.685root 11241100x80000000000000003856079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.686{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8910edfcc0d7927a2021-12-22 11:49:16.686root 11241100x80000000000000003856080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.686{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea2040517c8b1782021-12-22 11:49:16.686root 11241100x80000000000000003856081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.686{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c5454e5bf5a5df2021-12-22 11:49:16.686root 11241100x80000000000000003856082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.686{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3648571ef0574f1a2021-12-22 11:49:16.686root 11241100x80000000000000003856083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.686{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e6d5e547a05bd12021-12-22 11:49:16.686root 11241100x80000000000000003856084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.687{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258166a49670b7dc2021-12-22 11:49:16.687root 11241100x80000000000000003856085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.687{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08329900e48da8622021-12-22 11:49:16.687root 11241100x80000000000000003856086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.687{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b61967130e054432021-12-22 11:49:16.687root 11241100x80000000000000003856087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.687{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39cc394b84ad3c42021-12-22 11:49:16.687root 11241100x80000000000000003856088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.687{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a144d5225074c6612021-12-22 11:49:16.687root 11241100x80000000000000003856089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.688{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cef0c88452abcf02021-12-22 11:49:16.688root 11241100x80000000000000003856090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.688{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b26c5fcf3d66c9e2021-12-22 11:49:16.688root 11241100x80000000000000003856091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.688{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab59fff6bb4b8262021-12-22 11:49:16.688root 11241100x80000000000000003856092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.689{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a0463ce8d4aa0d2021-12-22 11:49:16.689root 11241100x80000000000000003856093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2a4cf8cff9a7c62021-12-22 11:49:16.943root 11241100x80000000000000003856094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97c4b7897716f232021-12-22 11:49:16.943root 11241100x80000000000000003856095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3c0ab09f320f5f2021-12-22 11:49:16.943root 11241100x80000000000000003856096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3260cc6481932e2021-12-22 11:49:16.943root 11241100x80000000000000003856097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b902f3dbc58fa62021-12-22 11:49:16.943root 11241100x80000000000000003856098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7d7a85260f80e12021-12-22 11:49:16.944root 11241100x80000000000000003856099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d56725376bf03d62021-12-22 11:49:16.944root 11241100x80000000000000003856100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa27ea15db8ab8b2021-12-22 11:49:16.944root 11241100x80000000000000003856101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2fca06d0b549d292021-12-22 11:49:16.944root 11241100x80000000000000003856102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8de8b973ed663b62021-12-22 11:49:16.944root 11241100x80000000000000003856103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed04990b38294262021-12-22 11:49:16.944root 11241100x80000000000000003856104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c07b44989808e92021-12-22 11:49:16.944root 11241100x80000000000000003856105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c20fb3db28661e32021-12-22 11:49:16.944root 11241100x80000000000000003856106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90037989d88b4eff2021-12-22 11:49:16.944root 11241100x80000000000000003856107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a586a2518630768b2021-12-22 11:49:16.945root 154100x80000000000000003856108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.243{ec2b6afe-10bd-61c3-80b2-cf7664550000}19094/bin/nano-----nano dll_hook.sh/home/ubuntuubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 11241100x80000000000000003856109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eed138c0a94bc532021-12-22 11:49:17.245root 11241100x80000000000000003856110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6094764791c0e1412021-12-22 11:49:17.245root 11241100x80000000000000003856111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f876de80e274802021-12-22 11:49:17.245root 11241100x80000000000000003856112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214681af3a44bc9a2021-12-22 11:49:17.245root 11241100x80000000000000003856113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8caeab8f12c78ff2021-12-22 11:49:17.246root 11241100x80000000000000003856114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5149f8797d819f392021-12-22 11:49:17.246root 11241100x80000000000000003856115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7521b49e920894c72021-12-22 11:49:17.246root 11241100x80000000000000003856116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25002df32927bedc2021-12-22 11:49:17.246root 11241100x80000000000000003856117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb801b509a101982021-12-22 11:49:17.246root 11241100x80000000000000003856118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6224a2603ea4c3a92021-12-22 11:49:17.247root 11241100x80000000000000003856119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5454b9b8b804a3562021-12-22 11:49:17.247root 11241100x80000000000000003856120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e37f53e6de52c292021-12-22 11:49:17.247root 11241100x80000000000000003856121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a4765061d13cbd2021-12-22 11:49:17.247root 11241100x80000000000000003856122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba86744e1b0c37e82021-12-22 11:49:17.247root 11241100x80000000000000003856123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4032a6638d2de1fa2021-12-22 11:49:17.248root 11241100x80000000000000003856124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3f1db480479edc2021-12-22 11:49:17.248root 11241100x80000000000000003856125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.262{ec2b6afe-10bd-61c3-80b2-cf7664550000}19094/bin/nano/home/ubuntu/.dll_hook.sh.swp2021-12-22 11:49:17.262ubuntu 11241100x80000000000000003856126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a52c9788341bf5a2021-12-22 11:49:17.693root 11241100x80000000000000003856127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beadcc46385655a12021-12-22 11:49:17.693root 11241100x80000000000000003856128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3108016bf9f94aab2021-12-22 11:49:17.694root 11241100x80000000000000003856129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccaa2c4a74807ca72021-12-22 11:49:17.694root 11241100x80000000000000003856130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9acfcf0c24509d482021-12-22 11:49:17.694root 11241100x80000000000000003856131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8eb3247be9c30dd2021-12-22 11:49:17.694root 11241100x80000000000000003856132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd8b55020e552d52021-12-22 11:49:17.694root 11241100x80000000000000003856133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac810e6547e8d13e2021-12-22 11:49:17.694root 11241100x80000000000000003856134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ec83e871416b982021-12-22 11:49:17.694root 11241100x80000000000000003856135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8151264b0506899a2021-12-22 11:49:17.694root 11241100x80000000000000003856136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5932c3eec9c91c2021-12-22 11:49:17.694root 11241100x80000000000000003856137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e2711037b1ce0d2021-12-22 11:49:17.695root 11241100x80000000000000003856138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f4ac7cbf0c92ae2021-12-22 11:49:17.695root 11241100x80000000000000003856139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10c3023699fe12a2021-12-22 11:49:17.695root 11241100x80000000000000003856140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a597de382265fd32021-12-22 11:49:17.696root 11241100x80000000000000003856141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ab62fcafcfd30c2021-12-22 11:49:17.696root 11241100x80000000000000003856142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37c50a5bfba42862021-12-22 11:49:17.696root 23542300x80000000000000003856143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.803{ec2b6afe-10bd-61c3-80b2-cf7664550000}19094ubuntu/bin/nano/home/ubuntu/./.dll_hook.sh.swp--- 11241100x80000000000000003856144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:17.803{ec2b6afe-10bd-61c3-80b2-cf7664550000}19094/bin/nano/home/ubuntu/.dll_hook.sh.swp2021-12-22 11:49:17.803ubuntu 354300x80000000000000003856145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.065{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55500-false10.0.1.12-8000- 11241100x80000000000000003856146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.066{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48167c377a8751f02021-12-22 11:49:18.066root 11241100x80000000000000003856147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.066{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1bec3d3437211b2021-12-22 11:49:18.066root 11241100x80000000000000003856148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.067{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea5e67feb0bc32b2021-12-22 11:49:18.067root 11241100x80000000000000003856149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.067{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d6c85704f8afdc2021-12-22 11:49:18.067root 11241100x80000000000000003856150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.067{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff9a4b098a18dc22021-12-22 11:49:18.067root 11241100x80000000000000003856151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.067{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f80e8bbe656e482021-12-22 11:49:18.067root 11241100x80000000000000003856152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.067{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb7628cf80852302021-12-22 11:49:18.067root 11241100x80000000000000003856153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.067{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d692e78ea1ac562021-12-22 11:49:18.067root 11241100x80000000000000003856154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.067{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ce5910a96aefda2021-12-22 11:49:18.067root 11241100x80000000000000003856155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6f40758686c79b2021-12-22 11:49:18.068root 11241100x80000000000000003856156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d251b74874325e1f2021-12-22 11:49:18.068root 11241100x80000000000000003856157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de464c84ec513fa12021-12-22 11:49:18.068root 11241100x80000000000000003856158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb60941b4535a2c2021-12-22 11:49:18.068root 11241100x80000000000000003856159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c1bc70972692ef2021-12-22 11:49:18.068root 11241100x80000000000000003856160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcfb4e4fcbc2afb2021-12-22 11:49:18.068root 11241100x80000000000000003856161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcdfce163f9d075b2021-12-22 11:49:18.068root 11241100x80000000000000003856162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496bf657f93940482021-12-22 11:49:18.068root 11241100x80000000000000003856163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.069{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5b3c54e150cd7e2021-12-22 11:49:18.069root 11241100x80000000000000003856164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.069{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b0f9b267a2a1112021-12-22 11:49:18.069root 11241100x80000000000000003856165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.069{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09240f192cacbdf2021-12-22 11:49:18.069root 11241100x80000000000000003856166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.069{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3fd50746eeaa712021-12-22 11:49:18.069root 11241100x80000000000000003856167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.069{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7684620f68a6f92021-12-22 11:49:18.069root 11241100x80000000000000003856168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.069{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c62a56e7c20fdd2021-12-22 11:49:18.069root 11241100x80000000000000003856169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.069{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc658bcd6459dcce2021-12-22 11:49:18.069root 11241100x80000000000000003856170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64a9cf18079dee22021-12-22 11:49:18.443root 11241100x80000000000000003856171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92f6e483236b4802021-12-22 11:49:18.443root 11241100x80000000000000003856172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47887ebdf809e2392021-12-22 11:49:18.443root 11241100x80000000000000003856173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bfcdd5c3b859b352021-12-22 11:49:18.444root 11241100x80000000000000003856174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9457f149ce46ac2021-12-22 11:49:18.444root 11241100x80000000000000003856175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b6929e67569c252021-12-22 11:49:18.444root 11241100x80000000000000003856176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a7180bfc9e57392021-12-22 11:49:18.444root 11241100x80000000000000003856177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4868f44c0d26475b2021-12-22 11:49:18.444root 11241100x80000000000000003856178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a44b0f0812ef3342021-12-22 11:49:18.444root 11241100x80000000000000003856179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec139759989578882021-12-22 11:49:18.444root 11241100x80000000000000003856180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90d8ce195ac09022021-12-22 11:49:18.444root 11241100x80000000000000003856181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f163624225f86132021-12-22 11:49:18.444root 11241100x80000000000000003856182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140a2abdcf9dc11a2021-12-22 11:49:18.444root 11241100x80000000000000003856183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12455431e349085e2021-12-22 11:49:18.444root 11241100x80000000000000003856184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ef8508d540828b2021-12-22 11:49:18.444root 11241100x80000000000000003856185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310689b28df190e62021-12-22 11:49:18.444root 11241100x80000000000000003856186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0e1a9aee338bfa2021-12-22 11:49:18.444root 11241100x80000000000000003856187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9030919e9f2e5e612021-12-22 11:49:18.444root 11241100x80000000000000003856188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e4fc6dd56d540e2021-12-22 11:49:18.445root 11241100x80000000000000003856189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e4bd5fe268a5dc2021-12-22 11:49:18.445root 11241100x80000000000000003856190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3d37aae87e55072021-12-22 11:49:18.944root 11241100x80000000000000003856191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbac52c522087bf52021-12-22 11:49:18.944root 11241100x80000000000000003856192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ddfde82566c76ef2021-12-22 11:49:18.944root 11241100x80000000000000003856193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be5c0c4fccd9ff32021-12-22 11:49:18.944root 11241100x80000000000000003856194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57005c87eff1ba92021-12-22 11:49:18.944root 11241100x80000000000000003856195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424d03904e0b72662021-12-22 11:49:18.944root 11241100x80000000000000003856196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab21346811e7cae2021-12-22 11:49:18.944root 11241100x80000000000000003856197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10ac5d6cd2e556d2021-12-22 11:49:18.944root 11241100x80000000000000003856198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e86e861df1efe62021-12-22 11:49:18.944root 11241100x80000000000000003856199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0907109e193a4fac2021-12-22 11:49:18.945root 11241100x80000000000000003856200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecdcbd380945e9ff2021-12-22 11:49:18.945root 11241100x80000000000000003856201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2cc2221f79e6622021-12-22 11:49:18.945root 11241100x80000000000000003856202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbe3c5a2c3d22e52021-12-22 11:49:18.945root 11241100x80000000000000003856203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930227d619b3c8f22021-12-22 11:49:18.945root 11241100x80000000000000003856204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d0a05a7ff746502021-12-22 11:49:18.945root 11241100x80000000000000003856205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdfa9f9a1b682a2c2021-12-22 11:49:18.945root 11241100x80000000000000003856206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dcfe629894f3d6e2021-12-22 11:49:18.945root 11241100x80000000000000003856207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1579ce061d3a8c52021-12-22 11:49:18.945root 11241100x80000000000000003856208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b7717a3bfb59bb2021-12-22 11:49:18.945root 11241100x80000000000000003856209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76fa1bc7f89068e32021-12-22 11:49:18.946root 11241100x80000000000000003856210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0d738a2a68376f2021-12-22 11:49:19.443root 11241100x80000000000000003856211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ec6407e5320ff62021-12-22 11:49:19.443root 11241100x80000000000000003856212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f426a5aa3379cc2021-12-22 11:49:19.443root 11241100x80000000000000003856213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1c6b4b640e786e2021-12-22 11:49:19.443root 11241100x80000000000000003856214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632bed8fdca2341c2021-12-22 11:49:19.444root 11241100x80000000000000003856215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085048b28a7783f72021-12-22 11:49:19.444root 11241100x80000000000000003856216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f9fd52d0cfc06b2021-12-22 11:49:19.444root 11241100x80000000000000003856217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f58cc24f19513322021-12-22 11:49:19.444root 11241100x80000000000000003856218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca3616013b4101f2021-12-22 11:49:19.444root 11241100x80000000000000003856219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f4bf476ca8cc8d2021-12-22 11:49:19.444root 11241100x80000000000000003856220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052ec14cf1a5c44f2021-12-22 11:49:19.444root 11241100x80000000000000003856221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ec35d1683cd2952021-12-22 11:49:19.444root 11241100x80000000000000003856222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9735c8e6cd4cd32021-12-22 11:49:19.444root 11241100x80000000000000003856223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f706a5b88d50a112021-12-22 11:49:19.444root 11241100x80000000000000003856224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928dab6a5ea7004c2021-12-22 11:49:19.444root 11241100x80000000000000003856225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a994ca032edbc22021-12-22 11:49:19.445root 11241100x80000000000000003856226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f479fc20dfb544e32021-12-22 11:49:19.445root 11241100x80000000000000003856227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe300b138f9815f2021-12-22 11:49:19.445root 11241100x80000000000000003856228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c348fe354b51352021-12-22 11:49:19.445root 11241100x80000000000000003856229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e35b5c2f9fa52f2021-12-22 11:49:19.445root 11241100x80000000000000003856230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79138ca1841ef5562021-12-22 11:49:19.943root 11241100x80000000000000003856231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf06329c127ceb62021-12-22 11:49:19.943root 11241100x80000000000000003856232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78400e0185e2b1b32021-12-22 11:49:19.943root 11241100x80000000000000003856233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6973e94e064e2442021-12-22 11:49:19.943root 11241100x80000000000000003856234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4ec759c203cd272021-12-22 11:49:19.944root 11241100x80000000000000003856235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4735371f1487562021-12-22 11:49:19.944root 11241100x80000000000000003856236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f8067e6700bbb42021-12-22 11:49:19.944root 11241100x80000000000000003856237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966d606ea8e417ec2021-12-22 11:49:19.944root 11241100x80000000000000003856238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c9bfd8f58d9abc2021-12-22 11:49:19.944root 11241100x80000000000000003856239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e211247640ce5262021-12-22 11:49:19.944root 11241100x80000000000000003856240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd3fec4e04e23a82021-12-22 11:49:19.944root 11241100x80000000000000003856241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1d15298462b2792021-12-22 11:49:19.944root 11241100x80000000000000003856242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf7424ff87db4ba2021-12-22 11:49:19.944root 11241100x80000000000000003856243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d4c2f311a78b602021-12-22 11:49:19.944root 11241100x80000000000000003856244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2879e2002000c8ed2021-12-22 11:49:19.944root 11241100x80000000000000003856245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba621e2e4e1411f2021-12-22 11:49:19.944root 11241100x80000000000000003856246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227735f669c9f36b2021-12-22 11:49:19.944root 11241100x80000000000000003856247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74fcc7eda9fa03082021-12-22 11:49:19.944root 11241100x80000000000000003856248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad67ccfbed8e3722021-12-22 11:49:19.944root 11241100x80000000000000003856249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83f814091b73b5d2021-12-22 11:49:19.944root 11241100x80000000000000003856250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af697c533d50efab2021-12-22 11:49:20.443root 11241100x80000000000000003856251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141cad8e3ff2b5ae2021-12-22 11:49:20.443root 11241100x80000000000000003856252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61960d5c81c90d932021-12-22 11:49:20.443root 11241100x80000000000000003856253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67148dd15b0251812021-12-22 11:49:20.444root 11241100x80000000000000003856254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3122be4bb45526dc2021-12-22 11:49:20.444root 11241100x80000000000000003856255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61522b3aa80f6a932021-12-22 11:49:20.444root 11241100x80000000000000003856256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819e8c8878df3bb12021-12-22 11:49:20.444root 11241100x80000000000000003856257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f3fabd960035072021-12-22 11:49:20.444root 11241100x80000000000000003856258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de37b7b99f1eb43b2021-12-22 11:49:20.444root 11241100x80000000000000003856259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d683d2c212a8ba2021-12-22 11:49:20.444root 11241100x80000000000000003856260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6edf50525c0d7a082021-12-22 11:49:20.444root 11241100x80000000000000003856261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4672d1e70a7ed72021-12-22 11:49:20.444root 11241100x80000000000000003856262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a21aae34df11f8762021-12-22 11:49:20.444root 11241100x80000000000000003856263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67d8380c1f8675b2021-12-22 11:49:20.444root 11241100x80000000000000003856264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9b716c575615d62021-12-22 11:49:20.444root 11241100x80000000000000003856265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f3d0f1560eb45a2021-12-22 11:49:20.444root 11241100x80000000000000003856266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce1beccdb78fef72021-12-22 11:49:20.444root 11241100x80000000000000003856267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b2fa94ebda6a672021-12-22 11:49:20.444root 11241100x80000000000000003856268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af250a9a925291c02021-12-22 11:49:20.444root 11241100x80000000000000003856269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fff374b9f98c8092021-12-22 11:49:20.445root 11241100x80000000000000003856270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176eff26122102a72021-12-22 11:49:20.943root 11241100x80000000000000003856271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8176c2bd772e441c2021-12-22 11:49:20.943root 11241100x80000000000000003856272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad78cc0515aa7a6a2021-12-22 11:49:20.943root 11241100x80000000000000003856273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96e893d540d206d2021-12-22 11:49:20.943root 11241100x80000000000000003856274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a336455764e2c8f2021-12-22 11:49:20.944root 11241100x80000000000000003856275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d2f954d7aecf2c2021-12-22 11:49:20.944root 11241100x80000000000000003856276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f353951e32f4cfc2021-12-22 11:49:20.944root 11241100x80000000000000003856277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85fe4019ed60c64c2021-12-22 11:49:20.944root 11241100x80000000000000003856278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7775126b1336e52021-12-22 11:49:20.944root 11241100x80000000000000003856279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df323457e2e159e62021-12-22 11:49:20.944root 11241100x80000000000000003856280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f30b006b672b822021-12-22 11:49:20.944root 11241100x80000000000000003856281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e454ddf65a8c94c22021-12-22 11:49:20.944root 11241100x80000000000000003856282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499a55e69ba1c2ea2021-12-22 11:49:20.944root 11241100x80000000000000003856283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91e253936f17b162021-12-22 11:49:20.944root 11241100x80000000000000003856284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595e4d78c1055e362021-12-22 11:49:20.944root 11241100x80000000000000003856285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a43879528ef65082021-12-22 11:49:20.944root 11241100x80000000000000003856286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d330c9dcd38e47f2021-12-22 11:49:20.944root 11241100x80000000000000003856287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448c15e39a1435142021-12-22 11:49:20.944root 11241100x80000000000000003856288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa4469f71f333ad2021-12-22 11:49:20.944root 11241100x80000000000000003856289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0559df65508c90902021-12-22 11:49:20.944root 11241100x80000000000000003856290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b302be8f6e1a7d262021-12-22 11:49:21.443root 11241100x80000000000000003856291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fce383ccfa5b9082021-12-22 11:49:21.443root 11241100x80000000000000003856292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78be6ea14414e8402021-12-22 11:49:21.444root 11241100x80000000000000003856293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b586c5520c9b4ca22021-12-22 11:49:21.444root 11241100x80000000000000003856294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744dfc034d7674a62021-12-22 11:49:21.444root 11241100x80000000000000003856295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5f971a12bbdf7e2021-12-22 11:49:21.444root 11241100x80000000000000003856296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bc307852d4295b2021-12-22 11:49:21.444root 11241100x80000000000000003856297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0195566af18e0cfc2021-12-22 11:49:21.444root 11241100x80000000000000003856298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c84876c4024df4e2021-12-22 11:49:21.444root 11241100x80000000000000003856299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1205cd5dcc35dd422021-12-22 11:49:21.444root 11241100x80000000000000003856300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f8a9a0a0d242b92021-12-22 11:49:21.444root 11241100x80000000000000003856301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f285d5d93a19d12021-12-22 11:49:21.444root 11241100x80000000000000003856302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1338da4367867e4c2021-12-22 11:49:21.444root 11241100x80000000000000003856303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3046139bfc251b2021-12-22 11:49:21.444root 11241100x80000000000000003856304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872232be561d0e262021-12-22 11:49:21.444root 11241100x80000000000000003856305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d5eedadebc0fb42021-12-22 11:49:21.445root 11241100x80000000000000003856306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1d0c804dbfe3a82021-12-22 11:49:21.445root 11241100x80000000000000003856307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16360df4afe634a42021-12-22 11:49:21.445root 11241100x80000000000000003856308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c12ece4068dbce2021-12-22 11:49:21.445root 11241100x80000000000000003856309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be86123ca64ec7012021-12-22 11:49:21.445root 11241100x80000000000000003856310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76da1325e962dc32021-12-22 11:49:21.943root 11241100x80000000000000003856311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783bef660f8d65d72021-12-22 11:49:21.944root 11241100x80000000000000003856312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcceadfdaf6f15e2021-12-22 11:49:21.944root 11241100x80000000000000003856313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541f49d33f4865332021-12-22 11:49:21.944root 11241100x80000000000000003856314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238b4d19d518f3c82021-12-22 11:49:21.944root 11241100x80000000000000003856315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add90c68d72731e82021-12-22 11:49:21.944root 11241100x80000000000000003856316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c0dde4d11310eb2021-12-22 11:49:21.944root 11241100x80000000000000003856317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6a0ec7aa0a25cb2021-12-22 11:49:21.944root 11241100x80000000000000003856318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11fd09c6939858d2021-12-22 11:49:21.944root 11241100x80000000000000003856319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfb07a23f7249b22021-12-22 11:49:21.945root 11241100x80000000000000003856320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb88478c1e097de2021-12-22 11:49:21.945root 11241100x80000000000000003856321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93975c6c039bba532021-12-22 11:49:21.945root 11241100x80000000000000003856322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5664d0431574ef1d2021-12-22 11:49:21.945root 11241100x80000000000000003856323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41997d9375702182021-12-22 11:49:21.945root 11241100x80000000000000003856324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6872beea00198b42021-12-22 11:49:21.945root 11241100x80000000000000003856325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28c83ebb73778892021-12-22 11:49:21.945root 11241100x80000000000000003856326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cb0eca8af9e5cf2021-12-22 11:49:21.945root 11241100x80000000000000003856327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02596893985e39dc2021-12-22 11:49:21.945root 11241100x80000000000000003856328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baad11724f38c9632021-12-22 11:49:21.945root 11241100x80000000000000003856329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce2b7e4f71f50ab2021-12-22 11:49:21.946root 11241100x80000000000000003856330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de0a8a9df45f4372021-12-22 11:49:22.443root 11241100x80000000000000003856331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b93397324ddf2cf2021-12-22 11:49:22.443root 11241100x80000000000000003856332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9e42327f6499772021-12-22 11:49:22.443root 11241100x80000000000000003856333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3718ad2f1507630d2021-12-22 11:49:22.444root 11241100x80000000000000003856334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30f3bca224d76f62021-12-22 11:49:22.444root 11241100x80000000000000003856335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b8a82200a9b3f82021-12-22 11:49:22.444root 11241100x80000000000000003856336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b040260d7fe70722021-12-22 11:49:22.444root 11241100x80000000000000003856337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af664a2518aad99b2021-12-22 11:49:22.444root 11241100x80000000000000003856338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741a9211895e271e2021-12-22 11:49:22.444root 11241100x80000000000000003856339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0a330ae05ee7682021-12-22 11:49:22.444root 11241100x80000000000000003856340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36942cd519b158e2021-12-22 11:49:22.444root 11241100x80000000000000003856341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4230eb2f2137a1922021-12-22 11:49:22.444root 11241100x80000000000000003856342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b00eef8e2b3c3c2021-12-22 11:49:22.444root 11241100x80000000000000003856343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5f42964c2188c52021-12-22 11:49:22.445root 11241100x80000000000000003856344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd35e86238045dd02021-12-22 11:49:22.445root 11241100x80000000000000003856345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd522a0e51ba01422021-12-22 11:49:22.445root 11241100x80000000000000003856346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f362e6da435cd42021-12-22 11:49:22.445root 11241100x80000000000000003856347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a0afb6b6bae8ae2021-12-22 11:49:22.445root 11241100x80000000000000003856348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3955d0f1ae19b8b32021-12-22 11:49:22.445root 11241100x80000000000000003856349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d71a0229252d9802021-12-22 11:49:22.445root 11241100x80000000000000003856350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da395458bc970f12021-12-22 11:49:22.943root 11241100x80000000000000003856351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718f743a7e2124d52021-12-22 11:49:22.943root 11241100x80000000000000003856352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fa778668e928192021-12-22 11:49:22.944root 11241100x80000000000000003856353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4008a15637d44f052021-12-22 11:49:22.944root 11241100x80000000000000003856354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885a7fb30ccd17a12021-12-22 11:49:22.944root 11241100x80000000000000003856355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8174b4043fc73b2021-12-22 11:49:22.944root 11241100x80000000000000003856356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a537f0f3d23f2842021-12-22 11:49:22.944root 11241100x80000000000000003856357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d942ee2783003d2021-12-22 11:49:22.944root 11241100x80000000000000003856358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ea4ce43f84bc242021-12-22 11:49:22.944root 11241100x80000000000000003856359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8cf85d507efbe22021-12-22 11:49:22.944root 11241100x80000000000000003856360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7216108aa619e472021-12-22 11:49:22.944root 11241100x80000000000000003856361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e326466e24425fc52021-12-22 11:49:22.944root 11241100x80000000000000003856362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf248aeb9e55f582021-12-22 11:49:22.945root 11241100x80000000000000003856363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b952816cfe00b20c2021-12-22 11:49:22.945root 11241100x80000000000000003856364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4c6cc4d04a63fc2021-12-22 11:49:22.945root 11241100x80000000000000003856365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543e6812039b42bf2021-12-22 11:49:22.945root 11241100x80000000000000003856366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82e7fcab4cf81862021-12-22 11:49:22.945root 11241100x80000000000000003856367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb82baea58be8642021-12-22 11:49:22.945root 11241100x80000000000000003856368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58f1858edd5ecab2021-12-22 11:49:22.945root 11241100x80000000000000003856369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3117f02ff2f4b52021-12-22 11:49:22.945root 354300x80000000000000003856370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.231{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55502-false10.0.1.12-8000- 11241100x80000000000000003856371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d08ce3e22af1952021-12-22 11:49:23.233root 11241100x80000000000000003856372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c4f3d097d9bde82021-12-22 11:49:23.233root 11241100x80000000000000003856373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2039f1293f40a52e2021-12-22 11:49:23.233root 11241100x80000000000000003856374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edcae8fcd60c04b2021-12-22 11:49:23.233root 11241100x80000000000000003856375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60df9929db729d82021-12-22 11:49:23.234root 11241100x80000000000000003856376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ad292b4ba12a802021-12-22 11:49:23.234root 11241100x80000000000000003856377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb9ab701cf182e02021-12-22 11:49:23.234root 11241100x80000000000000003856378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d1a8acd25ac3682021-12-22 11:49:23.234root 11241100x80000000000000003856379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19fad9a5133e024c2021-12-22 11:49:23.234root 11241100x80000000000000003856380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d58b2a690321822021-12-22 11:49:23.234root 11241100x80000000000000003856381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c3000ad2aa0de62021-12-22 11:49:23.234root 11241100x80000000000000003856382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab9549d13e6393d2021-12-22 11:49:23.234root 11241100x80000000000000003856383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394792ac250843dd2021-12-22 11:49:23.234root 11241100x80000000000000003856384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9065d04610394ec2021-12-22 11:49:23.234root 11241100x80000000000000003856385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3040d97bd3d0572f2021-12-22 11:49:23.235root 11241100x80000000000000003856386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6ed651c4bdf6172021-12-22 11:49:23.235root 11241100x80000000000000003856387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f863bb946954332021-12-22 11:49:23.235root 11241100x80000000000000003856388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4456dea4b511e7d32021-12-22 11:49:23.235root 11241100x80000000000000003856389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c96a70d28da5c052021-12-22 11:49:23.235root 11241100x80000000000000003856390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782506275735e1a62021-12-22 11:49:23.235root 11241100x80000000000000003856391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0c04fe8b16bac92021-12-22 11:49:23.235root 11241100x80000000000000003856392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbfa1e75648aa682021-12-22 11:49:23.693root 11241100x80000000000000003856393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2178cd91a9d2c4d02021-12-22 11:49:23.693root 11241100x80000000000000003856394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd59f2de184c026b2021-12-22 11:49:23.693root 11241100x80000000000000003856395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6829e62bfd45a122021-12-22 11:49:23.694root 11241100x80000000000000003856396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4575b8e8536f51e2021-12-22 11:49:23.694root 11241100x80000000000000003856397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32459907edf0bde82021-12-22 11:49:23.694root 11241100x80000000000000003856398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e48fa4c88ee128d2021-12-22 11:49:23.694root 11241100x80000000000000003856399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985bcbb95738c2b02021-12-22 11:49:23.694root 11241100x80000000000000003856400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b935c69784352f002021-12-22 11:49:23.694root 11241100x80000000000000003856401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71117b75046355f22021-12-22 11:49:23.694root 11241100x80000000000000003856402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad4d41ae7e328cb2021-12-22 11:49:23.694root 11241100x80000000000000003856403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91332591cc53d3352021-12-22 11:49:23.694root 11241100x80000000000000003856404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38580309c1fb0b8a2021-12-22 11:49:23.694root 11241100x80000000000000003856405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d0309f8336ec8a2021-12-22 11:49:23.695root 11241100x80000000000000003856406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098649fb66c5b9462021-12-22 11:49:23.695root 11241100x80000000000000003856407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89a6b0bff8ce5802021-12-22 11:49:23.695root 11241100x80000000000000003856408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72af66ed515ef8172021-12-22 11:49:23.695root 11241100x80000000000000003856409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e360ca720937fd2021-12-22 11:49:23.695root 11241100x80000000000000003856410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd408b3cb1391ad2021-12-22 11:49:23.695root 11241100x80000000000000003856411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0005b2e52a16ccdb2021-12-22 11:49:23.695root 11241100x80000000000000003856412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c94998fa9d046b2021-12-22 11:49:23.695root 11241100x80000000000000003856413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf09154d1e3d67e92021-12-22 11:49:24.193root 11241100x80000000000000003856414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392c790e9f497c672021-12-22 11:49:24.193root 11241100x80000000000000003856415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c7db5b376da8c02021-12-22 11:49:24.194root 11241100x80000000000000003856416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b3bd1cb95be42f2021-12-22 11:49:24.194root 11241100x80000000000000003856417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a172edf2ed07f32021-12-22 11:49:24.194root 11241100x80000000000000003856418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9a39bdf43888b72021-12-22 11:49:24.194root 11241100x80000000000000003856419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1b0077d3610c442021-12-22 11:49:24.194root 11241100x80000000000000003856420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8494ec23a8cf8c2021-12-22 11:49:24.194root 11241100x80000000000000003856421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9e32f5aaeb37cf2021-12-22 11:49:24.194root 11241100x80000000000000003856422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c463293f4f03940f2021-12-22 11:49:24.194root 11241100x80000000000000003856423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbb409bf2683ed82021-12-22 11:49:24.194root 11241100x80000000000000003856424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa427b54296c35ac2021-12-22 11:49:24.194root 11241100x80000000000000003856425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb939d10993d40eb2021-12-22 11:49:24.195root 11241100x80000000000000003856426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24439e356728c29c2021-12-22 11:49:24.195root 11241100x80000000000000003856427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22825d9c7d3893292021-12-22 11:49:24.195root 11241100x80000000000000003856428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe1f21592f948ba2021-12-22 11:49:24.195root 11241100x80000000000000003856429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67353f98849bb73b2021-12-22 11:49:24.195root 11241100x80000000000000003856430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3628fe06f32b423d2021-12-22 11:49:24.195root 11241100x80000000000000003856431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72da146d3dcf38722021-12-22 11:49:24.195root 11241100x80000000000000003856432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc29c7688bd22c82021-12-22 11:49:24.195root 11241100x80000000000000003856433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e7a9d27eb979352021-12-22 11:49:24.195root 23542300x80000000000000003856434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.247{ec2b6afe-10bd-61c3-80b2-cf7664550000}19094ubuntu/bin/nano/home/ubuntu/./.dll_hook.sh.swp--- 534500x80000000000000003856435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.248{ec2b6afe-10bd-61c3-80b2-cf7664550000}19094/bin/nanoubuntu 11241100x80000000000000003856436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cabc879e1beaa432021-12-22 11:49:24.693root 11241100x80000000000000003856437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1acdfc11c1619f92021-12-22 11:49:24.693root 11241100x80000000000000003856438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1b804c47babf062021-12-22 11:49:24.694root 11241100x80000000000000003856439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a0bb74b56e9b462021-12-22 11:49:24.694root 11241100x80000000000000003856440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e0ad14755f45052021-12-22 11:49:24.694root 11241100x80000000000000003856441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b66081c2c576c82021-12-22 11:49:24.694root 11241100x80000000000000003856442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b4065071782ef42021-12-22 11:49:24.694root 11241100x80000000000000003856443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80519c2af11c05072021-12-22 11:49:24.694root 11241100x80000000000000003856444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b437437f8a54432021-12-22 11:49:24.694root 11241100x80000000000000003856445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d588ea1a57e1852021-12-22 11:49:24.694root 11241100x80000000000000003856446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba2c54b5041bef32021-12-22 11:49:24.694root 11241100x80000000000000003856447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3cfa64b910b1ee92021-12-22 11:49:24.694root 11241100x80000000000000003856448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7acd43b549f770e2021-12-22 11:49:24.694root 11241100x80000000000000003856449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666e5074248bf7d92021-12-22 11:49:24.695root 11241100x80000000000000003856450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73610dcd6497f0f2021-12-22 11:49:24.695root 11241100x80000000000000003856451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66ddfbdc9ad6fe12021-12-22 11:49:24.695root 11241100x80000000000000003856452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4729c3394daf3d62021-12-22 11:49:24.695root 11241100x80000000000000003856453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c303f1bcc54fc52021-12-22 11:49:24.695root 11241100x80000000000000003856454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054b17fbe57981932021-12-22 11:49:24.695root 11241100x80000000000000003856455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae5e0abd17ebcfa2021-12-22 11:49:24.695root 11241100x80000000000000003856456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a19be32261aeba2021-12-22 11:49:24.695root 11241100x80000000000000003856457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533da59ce819b2dd2021-12-22 11:49:24.696root 11241100x80000000000000003856458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:24.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258904ed4d09eb9c2021-12-22 11:49:24.696root 11241100x80000000000000003856459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095cb873f1f023492021-12-22 11:49:25.193root 11241100x80000000000000003856460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a0c8dca64709262021-12-22 11:49:25.193root 11241100x80000000000000003856461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446fed4f74a626ed2021-12-22 11:49:25.193root 11241100x80000000000000003856462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9dc13619af76352021-12-22 11:49:25.194root 11241100x80000000000000003856463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c884574e8f72a55d2021-12-22 11:49:25.194root 11241100x80000000000000003856464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0fc84f5367bfb6f2021-12-22 11:49:25.194root 11241100x80000000000000003856465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc120652c9671382021-12-22 11:49:25.194root 11241100x80000000000000003856466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09c64e84403ed5d2021-12-22 11:49:25.194root 11241100x80000000000000003856467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca57ac109ec67cce2021-12-22 11:49:25.194root 11241100x80000000000000003856468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0df9c4ff42078212021-12-22 11:49:25.194root 11241100x80000000000000003856469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60c322a4c9be6942021-12-22 11:49:25.194root 11241100x80000000000000003856470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2669fab392567e622021-12-22 11:49:25.194root 11241100x80000000000000003856471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c98d3792ed58232021-12-22 11:49:25.194root 11241100x80000000000000003856472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d185043aef0191a2021-12-22 11:49:25.195root 11241100x80000000000000003856473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83044a20c4dab1c32021-12-22 11:49:25.195root 11241100x80000000000000003856474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02da38dae4f686cb2021-12-22 11:49:25.195root 11241100x80000000000000003856475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d40dfd3f181ed12021-12-22 11:49:25.195root 11241100x80000000000000003856476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38df1c6945c95192021-12-22 11:49:25.195root 11241100x80000000000000003856477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6adce991261fcb42021-12-22 11:49:25.195root 11241100x80000000000000003856478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd217bd8acafe452021-12-22 11:49:25.195root 11241100x80000000000000003856479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd40464abf37a6e42021-12-22 11:49:25.195root 11241100x80000000000000003856480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ddf44c3ca6e3b82021-12-22 11:49:25.196root 11241100x80000000000000003856481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c747695f434a79832021-12-22 11:49:25.196root 11241100x80000000000000003856482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad6ffa1925af3df2021-12-22 11:49:25.693root 11241100x80000000000000003856483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683af8601546ccf42021-12-22 11:49:25.693root 11241100x80000000000000003856484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ee3795ac2b92c82021-12-22 11:49:25.694root 11241100x80000000000000003856485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97178f44b314e9cf2021-12-22 11:49:25.694root 11241100x80000000000000003856486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d18eb95e54beb62021-12-22 11:49:25.694root 11241100x80000000000000003856487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e8738098debf6f2021-12-22 11:49:25.694root 11241100x80000000000000003856488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b3d378e5bcce102021-12-22 11:49:25.694root 11241100x80000000000000003856489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aba1c2ba303405b2021-12-22 11:49:25.694root 11241100x80000000000000003856490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42f2edca52cd4432021-12-22 11:49:25.694root 11241100x80000000000000003856491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c944116d6132b1242021-12-22 11:49:25.694root 11241100x80000000000000003856492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c74200d75125122021-12-22 11:49:25.694root 11241100x80000000000000003856493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7382f7b614e67d2021-12-22 11:49:25.695root 11241100x80000000000000003856494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4af900e60fda882021-12-22 11:49:25.695root 11241100x80000000000000003856495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3dba27379e1dcc2021-12-22 11:49:25.695root 11241100x80000000000000003856496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29ba9794012b1e42021-12-22 11:49:25.695root 11241100x80000000000000003856497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701f94209f1327162021-12-22 11:49:25.695root 11241100x80000000000000003856498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a29a4c41bba54c2021-12-22 11:49:25.695root 11241100x80000000000000003856499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851270e05604dd592021-12-22 11:49:25.695root 11241100x80000000000000003856500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e323a4843af7372021-12-22 11:49:25.695root 11241100x80000000000000003856501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53435ad19d607532021-12-22 11:49:25.695root 11241100x80000000000000003856502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dab585de877ff2a2021-12-22 11:49:25.695root 11241100x80000000000000003856503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca3e431e033a1ad2021-12-22 11:49:25.696root 11241100x80000000000000003856504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af2dd48712072eb2021-12-22 11:49:25.696root 11241100x80000000000000003856505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc05528fef869e762021-12-22 11:49:26.193root 11241100x80000000000000003856506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30337b0eb7df7352021-12-22 11:49:26.193root 11241100x80000000000000003856507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ce986ed648935c2021-12-22 11:49:26.194root 11241100x80000000000000003856508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dab280a29f1ab192021-12-22 11:49:26.194root 11241100x80000000000000003856509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f76d40be8df53c2021-12-22 11:49:26.194root 11241100x80000000000000003856510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259b32ba49e3a8a52021-12-22 11:49:26.194root 11241100x80000000000000003856511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23080ff63345a2b42021-12-22 11:49:26.194root 11241100x80000000000000003856512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f310efa8198a0b02021-12-22 11:49:26.194root 11241100x80000000000000003856513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b3509a5797b1902021-12-22 11:49:26.194root 11241100x80000000000000003856514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25075a5c84be3c12021-12-22 11:49:26.194root 11241100x80000000000000003856515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725b3a05fb0e8d512021-12-22 11:49:26.195root 11241100x80000000000000003856516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3116dd08ca7c222021-12-22 11:49:26.195root 11241100x80000000000000003856517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1fc31357886c87c2021-12-22 11:49:26.195root 11241100x80000000000000003856518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d587d0750bd5232021-12-22 11:49:26.195root 11241100x80000000000000003856519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c96cb6857d75d202021-12-22 11:49:26.195root 11241100x80000000000000003856520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8be2d88eca58d052021-12-22 11:49:26.195root 11241100x80000000000000003856521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87094cdbf2dcd1412021-12-22 11:49:26.195root 11241100x80000000000000003856522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7778e040c8c79f932021-12-22 11:49:26.195root 11241100x80000000000000003856523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c22c1409486b8992021-12-22 11:49:26.196root 11241100x80000000000000003856524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17dff5cee220475b2021-12-22 11:49:26.196root 11241100x80000000000000003856525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd80998e91b1dc692021-12-22 11:49:26.196root 11241100x80000000000000003856526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f316e924bb050f2021-12-22 11:49:26.196root 11241100x80000000000000003856527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ff9904f97d78d12021-12-22 11:49:26.196root 11241100x80000000000000003856528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c25b28ba918a172021-12-22 11:49:26.693root 11241100x80000000000000003856529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a493e2499a08559b2021-12-22 11:49:26.693root 11241100x80000000000000003856530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.affd17bf0e430a142021-12-22 11:49:26.693root 11241100x80000000000000003856531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03389f82f5edd4792021-12-22 11:49:26.694root 11241100x80000000000000003856532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9407a5ac1910c0e12021-12-22 11:49:26.694root 11241100x80000000000000003856533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5786f8fea5b968d62021-12-22 11:49:26.694root 11241100x80000000000000003856534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f614455d763a0acb2021-12-22 11:49:26.694root 11241100x80000000000000003856535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a20579278619db82021-12-22 11:49:26.694root 11241100x80000000000000003856536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d557b16bc10994062021-12-22 11:49:26.694root 11241100x80000000000000003856537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8513e9a0918f457e2021-12-22 11:49:26.694root 11241100x80000000000000003856538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a7d5472af6397c2021-12-22 11:49:26.694root 11241100x80000000000000003856539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bdffc81a6c09012021-12-22 11:49:26.694root 11241100x80000000000000003856540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe3ac8b710804752021-12-22 11:49:26.695root 11241100x80000000000000003856541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30b0dbaa23b190f2021-12-22 11:49:26.695root 11241100x80000000000000003856542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20492523b595bec22021-12-22 11:49:26.695root 11241100x80000000000000003856543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1baaa470fdd898412021-12-22 11:49:26.695root 11241100x80000000000000003856544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd69c49dac5aca392021-12-22 11:49:26.695root 11241100x80000000000000003856545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4079962bb0009e02021-12-22 11:49:26.695root 11241100x80000000000000003856546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5206a7e42465e902021-12-22 11:49:26.695root 11241100x80000000000000003856547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f8094d608877f62021-12-22 11:49:26.695root 11241100x80000000000000003856548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ce5cca3085f8232021-12-22 11:49:26.696root 11241100x80000000000000003856549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bcd67b758ae48cc2021-12-22 11:49:26.696root 11241100x80000000000000003856550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ad5a3afa15f5bf2021-12-22 11:49:26.696root 11241100x80000000000000003856551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62fa8cc7b59d7e52021-12-22 11:49:27.193root 11241100x80000000000000003856552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77383ae220b54fa2021-12-22 11:49:27.193root 11241100x80000000000000003856553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39bde7297bf72962021-12-22 11:49:27.193root 11241100x80000000000000003856554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e04ccc83995dd82021-12-22 11:49:27.194root 11241100x80000000000000003856555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707812232530bfad2021-12-22 11:49:27.194root 11241100x80000000000000003856556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33619443eb7204e2021-12-22 11:49:27.194root 11241100x80000000000000003856557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54630426e9597f582021-12-22 11:49:27.194root 11241100x80000000000000003856558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537ef64864869ceb2021-12-22 11:49:27.194root 11241100x80000000000000003856559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91cab16bf7d6e8e2021-12-22 11:49:27.194root 11241100x80000000000000003856560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af64b1d6c483f5682021-12-22 11:49:27.194root 11241100x80000000000000003856561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4caffe76509f360e2021-12-22 11:49:27.194root 11241100x80000000000000003856562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18333555825b5adb2021-12-22 11:49:27.194root 11241100x80000000000000003856563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693d90c984019e922021-12-22 11:49:27.195root 11241100x80000000000000003856564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f3a24fc16c83e62021-12-22 11:49:27.195root 11241100x80000000000000003856565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee908d86ca8c4a12021-12-22 11:49:27.195root 11241100x80000000000000003856566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc41b7079dfd37cf2021-12-22 11:49:27.195root 11241100x80000000000000003856567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42d16a5fa0c91ce2021-12-22 11:49:27.195root 11241100x80000000000000003856568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98e282e85dba61d2021-12-22 11:49:27.195root 11241100x80000000000000003856569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac948c712b79bede2021-12-22 11:49:27.195root 11241100x80000000000000003856570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344c0e1ced7375fb2021-12-22 11:49:27.195root 11241100x80000000000000003856571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8728163abf38a782021-12-22 11:49:27.196root 11241100x80000000000000003856572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ecbb858899b5ffc2021-12-22 11:49:27.196root 11241100x80000000000000003856573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b686d2aefaf63ab32021-12-22 11:49:27.196root 11241100x80000000000000003856574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca84a35fa9883f92021-12-22 11:49:27.694root 11241100x80000000000000003856575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73872e2a5735fa7f2021-12-22 11:49:27.694root 11241100x80000000000000003856576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f406c09d47d2a0692021-12-22 11:49:27.694root 11241100x80000000000000003856577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67afb8e9f3ed4f32021-12-22 11:49:27.694root 11241100x80000000000000003856578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831694f09f5e963c2021-12-22 11:49:27.694root 11241100x80000000000000003856579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a81f1bf5d94fd72021-12-22 11:49:27.694root 11241100x80000000000000003856580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d35648246717e5a2021-12-22 11:49:27.695root 11241100x80000000000000003856581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7cbb0f4bd949452021-12-22 11:49:27.695root 11241100x80000000000000003856582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66a416c566aa6a22021-12-22 11:49:27.695root 11241100x80000000000000003856583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44815dfb5eddc9e2021-12-22 11:49:27.695root 11241100x80000000000000003856584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15620dfb34d9fe582021-12-22 11:49:27.695root 11241100x80000000000000003856585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b97b5d833046582021-12-22 11:49:27.695root 11241100x80000000000000003856586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7886e9023ade922021-12-22 11:49:27.695root 11241100x80000000000000003856587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2868a009c2ed808d2021-12-22 11:49:27.695root 11241100x80000000000000003856588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920c3256344e34552021-12-22 11:49:27.695root 11241100x80000000000000003856589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd12a7cf878c2652021-12-22 11:49:27.695root 11241100x80000000000000003856590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29e31f806d6d3342021-12-22 11:49:27.696root 11241100x80000000000000003856591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c2e04bfbed50ea2021-12-22 11:49:27.696root 11241100x80000000000000003856592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c6bf16409b23552021-12-22 11:49:27.696root 11241100x80000000000000003856593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b627419af605da2021-12-22 11:49:27.696root 11241100x80000000000000003856594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e2904bcccd16ac2021-12-22 11:49:27.696root 11241100x80000000000000003856595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0eb546e78c384a52021-12-22 11:49:27.696root 11241100x80000000000000003856596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff76c038013a9322021-12-22 11:49:27.696root 11241100x80000000000000003856597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a907f6b7fbc7ff2021-12-22 11:49:28.193root 11241100x80000000000000003856598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbb02b63b80acb22021-12-22 11:49:28.193root 11241100x80000000000000003856599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1ccfb48ebffc342021-12-22 11:49:28.194root 11241100x80000000000000003856600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128db4dbf3c3453d2021-12-22 11:49:28.194root 11241100x80000000000000003856601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cacade36513657f2021-12-22 11:49:28.194root 11241100x80000000000000003856602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589754e2d1e4090d2021-12-22 11:49:28.194root 11241100x80000000000000003856603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ba69fed78722d32021-12-22 11:49:28.194root 11241100x80000000000000003856604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b604d4842ed70072021-12-22 11:49:28.194root 11241100x80000000000000003856605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b47230e530b30502021-12-22 11:49:28.194root 11241100x80000000000000003856606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc170a82f6854cd2021-12-22 11:49:28.194root 11241100x80000000000000003856607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3118c90b70f897b52021-12-22 11:49:28.195root 11241100x80000000000000003856608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42233e5ac2eb033e2021-12-22 11:49:28.195root 11241100x80000000000000003856609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe39554f41c228d2021-12-22 11:49:28.195root 11241100x80000000000000003856610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59f2c95eeae6bdc2021-12-22 11:49:28.195root 11241100x80000000000000003856611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a35022e56c95ea2021-12-22 11:49:28.195root 11241100x80000000000000003856612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e169f71ac000e8d72021-12-22 11:49:28.195root 11241100x80000000000000003856613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0da2c4340b3fe22021-12-22 11:49:28.195root 11241100x80000000000000003856614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77a1fe0034590d92021-12-22 11:49:28.195root 11241100x80000000000000003856615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed5cb2b9e02179f2021-12-22 11:49:28.196root 11241100x80000000000000003856616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e57c114a00680072021-12-22 11:49:28.196root 11241100x80000000000000003856617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a54bb59523ba0c2021-12-22 11:49:28.196root 11241100x80000000000000003856618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74b7519a03d38762021-12-22 11:49:28.196root 11241100x80000000000000003856619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e9b0f21a1cc50b2021-12-22 11:49:28.196root 11241100x80000000000000003856620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837c3b7208c79db22021-12-22 11:49:28.693root 11241100x80000000000000003856621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21628fec2aca07af2021-12-22 11:49:28.694root 11241100x80000000000000003856622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8faa169590da97e82021-12-22 11:49:28.694root 11241100x80000000000000003856623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326a03c596ae95092021-12-22 11:49:28.694root 11241100x80000000000000003856624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349d3b00cce3ffad2021-12-22 11:49:28.694root 11241100x80000000000000003856625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5de7bfde0f76242021-12-22 11:49:28.694root 11241100x80000000000000003856626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8ea6ac9fa33c852021-12-22 11:49:28.694root 11241100x80000000000000003856627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aae152e5fd486502021-12-22 11:49:28.694root 11241100x80000000000000003856628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fec2d8e3368631c2021-12-22 11:49:28.694root 11241100x80000000000000003856629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747f0f8b3542dae92021-12-22 11:49:28.694root 11241100x80000000000000003856630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d5113a8e879a522021-12-22 11:49:28.694root 11241100x80000000000000003856631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655ab66b23f7ecce2021-12-22 11:49:28.695root 11241100x80000000000000003856632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720981c655b651822021-12-22 11:49:28.695root 11241100x80000000000000003856633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ec1ac99a3222ae2021-12-22 11:49:28.695root 11241100x80000000000000003856634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a997944a63988362021-12-22 11:49:28.695root 11241100x80000000000000003856635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6f29763919fbbc2021-12-22 11:49:28.695root 11241100x80000000000000003856636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e82fc56a8b9b552021-12-22 11:49:28.695root 11241100x80000000000000003856637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1afbedd8a76ab932021-12-22 11:49:28.695root 11241100x80000000000000003856638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d7efc41784489b2021-12-22 11:49:28.695root 11241100x80000000000000003856639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616ed8e37de66d6e2021-12-22 11:49:28.695root 11241100x80000000000000003856640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8f04a9844f3e1e2021-12-22 11:49:28.695root 11241100x80000000000000003856641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff0cf092c05a18f2021-12-22 11:49:28.696root 11241100x80000000000000003856642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2507d8fc9fb8a72021-12-22 11:49:28.696root 354300x80000000000000003856643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.136{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55504-false10.0.1.12-8000- 11241100x80000000000000003856644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a798e397dfcf27e92021-12-22 11:49:29.137root 11241100x80000000000000003856645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a03aa8735de6ba2021-12-22 11:49:29.137root 11241100x80000000000000003856646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e843a91c2cbc9af2021-12-22 11:49:29.137root 11241100x80000000000000003856647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6083b798cd6e5b2021-12-22 11:49:29.137root 11241100x80000000000000003856648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40029d34283318012021-12-22 11:49:29.137root 11241100x80000000000000003856649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd3adf0b53db8ea2021-12-22 11:49:29.138root 11241100x80000000000000003856650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b847e43c160a31ff2021-12-22 11:49:29.138root 11241100x80000000000000003856651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d95e6c291dae9f22021-12-22 11:49:29.138root 11241100x80000000000000003856652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0f844e6202bba42021-12-22 11:49:29.138root 11241100x80000000000000003856653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b01aee0f45c4cf82021-12-22 11:49:29.138root 11241100x80000000000000003856654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573d6ae0e34ebc662021-12-22 11:49:29.138root 11241100x80000000000000003856655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3fbdabd9985d0d2021-12-22 11:49:29.138root 11241100x80000000000000003856656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2797971a3fcb4d72021-12-22 11:49:29.138root 11241100x80000000000000003856657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e478322d0da5f2c2021-12-22 11:49:29.138root 11241100x80000000000000003856658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253d05f0294bcbac2021-12-22 11:49:29.138root 11241100x80000000000000003856659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0c685eb05796692021-12-22 11:49:29.138root 11241100x80000000000000003856660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbfbaba594f9850e2021-12-22 11:49:29.138root 11241100x80000000000000003856661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3f6f81a75cc19d2021-12-22 11:49:29.139root 11241100x80000000000000003856662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2a86e832a9d38d2021-12-22 11:49:29.139root 11241100x80000000000000003856663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7779436996deadb2021-12-22 11:49:29.139root 11241100x80000000000000003856664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862d01993b4fd8282021-12-22 11:49:29.139root 11241100x80000000000000003856665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7323bef9416b5502021-12-22 11:49:29.139root 11241100x80000000000000003856666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e513767510854e4f2021-12-22 11:49:29.139root 11241100x80000000000000003856667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76e99c266aeebc42021-12-22 11:49:29.140root 11241100x80000000000000003856668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d29dbdc859c4e82021-12-22 11:49:29.140root 11241100x80000000000000003856669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4eec4abcd17e002021-12-22 11:49:29.140root 11241100x80000000000000003856670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20ba2230fbfb8282021-12-22 11:49:29.140root 11241100x80000000000000003856671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee7c97a8e98bc622021-12-22 11:49:29.140root 11241100x80000000000000003856672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93bc9361219b18f2021-12-22 11:49:29.140root 11241100x80000000000000003856673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8502d518cf650382021-12-22 11:49:29.140root 11241100x80000000000000003856674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d8187f2e869c152021-12-22 11:49:29.141root 11241100x80000000000000003856675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad169f9235abf6cc2021-12-22 11:49:29.141root 11241100x80000000000000003856676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573f91edc1ae6d072021-12-22 11:49:29.141root 11241100x80000000000000003856677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4d138e5dce3aa92021-12-22 11:49:29.141root 11241100x80000000000000003856678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec6321d210033762021-12-22 11:49:29.141root 11241100x80000000000000003856679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbf964db35e308c2021-12-22 11:49:29.141root 11241100x80000000000000003856680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee7d24005375d902021-12-22 11:49:29.142root 11241100x80000000000000003856681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0c2359c830563d2021-12-22 11:49:29.142root 11241100x80000000000000003856682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2178f26c84ac0e342021-12-22 11:49:29.142root 11241100x80000000000000003856683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313a1b59a43a19902021-12-22 11:49:29.142root 11241100x80000000000000003856684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a1c7e82481aac52021-12-22 11:49:29.142root 11241100x80000000000000003856685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e525a3ba1a0e91f42021-12-22 11:49:29.142root 11241100x80000000000000003856686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c97b055f6129fc2021-12-22 11:49:29.142root 11241100x80000000000000003856687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3d3b0f4d0cf3192021-12-22 11:49:29.142root 11241100x80000000000000003856688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09781cc7bf4207a12021-12-22 11:49:29.143root 11241100x80000000000000003856689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ea42431bcfc3612021-12-22 11:49:29.143root 11241100x80000000000000003856690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7d3827056b27cb2021-12-22 11:49:29.143root 11241100x80000000000000003856691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e01f81da78b0fce2021-12-22 11:49:29.143root 11241100x80000000000000003856692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94a2f7be4dc8e0f2021-12-22 11:49:29.143root 11241100x80000000000000003856693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216975a0f98b04942021-12-22 11:49:29.143root 11241100x80000000000000003856694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d97bf48c41a8842021-12-22 11:49:29.143root 11241100x80000000000000003856695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f255e39dd28503fd2021-12-22 11:49:29.143root 11241100x80000000000000003856696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3881f25e81b901432021-12-22 11:49:29.143root 11241100x80000000000000003856697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3879c937c50873792021-12-22 11:49:29.443root 11241100x80000000000000003856698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682b183618994a4c2021-12-22 11:49:29.443root 11241100x80000000000000003856699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af7eeb270a568cc2021-12-22 11:49:29.443root 11241100x80000000000000003856700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3a64dc2062f1932021-12-22 11:49:29.443root 11241100x80000000000000003856701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66aeb40d010ca1032021-12-22 11:49:29.444root 11241100x80000000000000003856702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d9cd42e36e86c72021-12-22 11:49:29.444root 11241100x80000000000000003856703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333fbafa4b95d2ac2021-12-22 11:49:29.444root 11241100x80000000000000003856704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1857c0e091deb7892021-12-22 11:49:29.444root 11241100x80000000000000003856705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3c582dcedc93de2021-12-22 11:49:29.444root 11241100x80000000000000003856706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc991685f3b70072021-12-22 11:49:29.444root 11241100x80000000000000003856707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345144dc1aa3c8962021-12-22 11:49:29.444root 11241100x80000000000000003856708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390431d6bd47f3c52021-12-22 11:49:29.444root 11241100x80000000000000003856709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0ad6035e43b47c2021-12-22 11:49:29.444root 11241100x80000000000000003856710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3d21259c6be0062021-12-22 11:49:29.444root 11241100x80000000000000003856711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a17dc498e222a612021-12-22 11:49:29.444root 11241100x80000000000000003856712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba1db42832e3d232021-12-22 11:49:29.444root 11241100x80000000000000003856713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce77622a773d82022021-12-22 11:49:29.444root 11241100x80000000000000003856714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c04a208cb2046d2021-12-22 11:49:29.444root 11241100x80000000000000003856715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4751ba38e04ce7052021-12-22 11:49:29.444root 11241100x80000000000000003856716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583cfe2d5c95b1452021-12-22 11:49:29.445root 11241100x80000000000000003856717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db43c08a1e6b8f6e2021-12-22 11:49:29.445root 11241100x80000000000000003856718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcda33d06a5edef52021-12-22 11:49:29.445root 11241100x80000000000000003856719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854130ac2ae8096e2021-12-22 11:49:29.445root 11241100x80000000000000003856720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffc9dc36e9c66952021-12-22 11:49:29.445root 11241100x80000000000000003856721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890d52e5075048aa2021-12-22 11:49:29.446root 11241100x80000000000000003856722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506191f9f9baf66e2021-12-22 11:49:29.446root 11241100x80000000000000003856723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67d65f81b1b4a542021-12-22 11:49:29.446root 11241100x80000000000000003856724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5445ede827583bbf2021-12-22 11:49:29.446root 11241100x80000000000000003856725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db839a014ef5f0b02021-12-22 11:49:29.447root 11241100x80000000000000003856726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4089f431dc373122021-12-22 11:49:29.447root 11241100x80000000000000003856727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf57941be2086802021-12-22 11:49:29.447root 11241100x80000000000000003856728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4afd072e818809982021-12-22 11:49:29.447root 11241100x80000000000000003856729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d9fbbe9650b1072021-12-22 11:49:29.447root 11241100x80000000000000003856730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a56d20bb5fad86c2021-12-22 11:49:29.448root 11241100x80000000000000003856731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cabc7269e38c7032021-12-22 11:49:29.448root 11241100x80000000000000003856732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e733b05977bc08a2021-12-22 11:49:29.448root 11241100x80000000000000003856733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3341d4f3b8250562021-12-22 11:49:29.448root 11241100x80000000000000003856734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08241af33124bca12021-12-22 11:49:29.943root 11241100x80000000000000003856735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28bb01213838ae752021-12-22 11:49:29.943root 11241100x80000000000000003856736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b236672406aed42021-12-22 11:49:29.944root 11241100x80000000000000003856737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60316dc195e47cd22021-12-22 11:49:29.944root 11241100x80000000000000003856738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4b7ece883ce8572021-12-22 11:49:29.944root 11241100x80000000000000003856739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942aa2e81b1e401f2021-12-22 11:49:29.944root 11241100x80000000000000003856740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a8bede2fa6391f22021-12-22 11:49:29.944root 11241100x80000000000000003856741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6c5219de0a04be2021-12-22 11:49:29.944root 11241100x80000000000000003856742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc6076ae32965462021-12-22 11:49:29.945root 11241100x80000000000000003856743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f3d8e5e85df3da2021-12-22 11:49:29.945root 11241100x80000000000000003856744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e155461a587e0e2021-12-22 11:49:29.945root 11241100x80000000000000003856745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0e3e18bdd907912021-12-22 11:49:29.945root 11241100x80000000000000003856746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab0459b3ebdcbeb2021-12-22 11:49:29.945root 11241100x80000000000000003856747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039bc2d44c1e08302021-12-22 11:49:29.945root 11241100x80000000000000003856748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66840a513701c9432021-12-22 11:49:29.945root 11241100x80000000000000003856749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8f8afff82b36f52021-12-22 11:49:29.945root 11241100x80000000000000003856750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab14187e703a03c2021-12-22 11:49:29.945root 11241100x80000000000000003856751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5706b41ca95a9222021-12-22 11:49:29.945root 11241100x80000000000000003856752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee59fed70f70a66a2021-12-22 11:49:29.945root 11241100x80000000000000003856753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23efc5416a012ddf2021-12-22 11:49:29.945root 11241100x80000000000000003856754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa77693f8db6a05c2021-12-22 11:49:29.945root 11241100x80000000000000003856755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81334f329be2a532021-12-22 11:49:29.945root 11241100x80000000000000003856756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b267ff4a2f332c12021-12-22 11:49:29.945root 11241100x80000000000000003856757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1c55a6d9cd41a02021-12-22 11:49:29.946root 534500x80000000000000003856758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.166{00000000-0000-0000-0000-000000000000}19095<unknown process>ubuntu 534500x80000000000000003856759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.168{ec2b6afe-10bc-61c3-0000-000000000000}19096-ubuntu 11241100x80000000000000003856760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.168{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash/tmp/sh-thd.alR33v2021-12-22 11:49:30.168ubuntu 23542300x80000000000000003856761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.168{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702ubuntu/bin/bash/tmp/sh-thd.alR33v--- 11241100x80000000000000003856762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3108da6da485fc7e2021-12-22 11:49:30.443root 11241100x80000000000000003856763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41f793529ffad2a2021-12-22 11:49:30.443root 11241100x80000000000000003856764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fae52d96ab383c22021-12-22 11:49:30.443root 11241100x80000000000000003856765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9cddc972efe3c52021-12-22 11:49:30.443root 11241100x80000000000000003856766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5f866c5b5d2dea2021-12-22 11:49:30.444root 11241100x80000000000000003856767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f2f5f2b98a2cd22021-12-22 11:49:30.444root 11241100x80000000000000003856768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562582f4f03f557a2021-12-22 11:49:30.444root 11241100x80000000000000003856769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df33b14ad14320702021-12-22 11:49:30.444root 11241100x80000000000000003856770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4dd641ba3cdcf992021-12-22 11:49:30.444root 11241100x80000000000000003856771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d38c4f69dc1f782021-12-22 11:49:30.444root 11241100x80000000000000003856772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa99ad8e4196c8e12021-12-22 11:49:30.444root 11241100x80000000000000003856773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef5818bf6305fe02021-12-22 11:49:30.444root 11241100x80000000000000003856774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c869da13da0289fb2021-12-22 11:49:30.444root 11241100x80000000000000003856775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9768ade896a311e2021-12-22 11:49:30.444root 11241100x80000000000000003856776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88289c1ead65b4c2021-12-22 11:49:30.444root 11241100x80000000000000003856777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06e1cf3065c9c2b2021-12-22 11:49:30.444root 11241100x80000000000000003856778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1cb0a067675d7e2021-12-22 11:49:30.444root 11241100x80000000000000003856779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cbdd15afd11132f2021-12-22 11:49:30.444root 11241100x80000000000000003856780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677bf98a92c758de2021-12-22 11:49:30.444root 11241100x80000000000000003856781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1f969c806052e22021-12-22 11:49:30.445root 11241100x80000000000000003856782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d7414d946287762021-12-22 11:49:30.445root 11241100x80000000000000003856783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34607b39174fca02021-12-22 11:49:30.445root 11241100x80000000000000003856784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9cec4db2cce1372021-12-22 11:49:30.445root 11241100x80000000000000003856785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c54d7edd46c8b92021-12-22 11:49:30.445root 11241100x80000000000000003856786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8b5b8fc10221592021-12-22 11:49:30.445root 11241100x80000000000000003856787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653394479a6aa7092021-12-22 11:49:30.445root 11241100x80000000000000003856788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba765d842efa9712021-12-22 11:49:30.445root 11241100x80000000000000003856789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722fd693a0d3b8ed2021-12-22 11:49:30.445root 154100x80000000000000003856790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.564{ec2b6afe-10ca-61c3-e021-0581f2550000}19097/bin/chmod-----chmod 777 dll_hook.sh/home/ubuntuubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 534500x80000000000000003856791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.565{ec2b6afe-10ca-61c3-e021-0581f2550000}19097/bin/chmodubuntu 11241100x80000000000000003856792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1447d7a78e5cf8d2021-12-22 11:49:30.943root 11241100x80000000000000003856793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3668b6ebeb2409e2021-12-22 11:49:30.944root 11241100x80000000000000003856794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1fcd485a98631322021-12-22 11:49:30.944root 11241100x80000000000000003856795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c563164de23fbd2021-12-22 11:49:30.944root 11241100x80000000000000003856796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288ccbcc37c491c72021-12-22 11:49:30.945root 11241100x80000000000000003856797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2435967dbffbdc8d2021-12-22 11:49:30.945root 11241100x80000000000000003856798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68bc55f160232add2021-12-22 11:49:30.945root 11241100x80000000000000003856799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b8dccf452a37b52021-12-22 11:49:30.945root 11241100x80000000000000003856800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e9f12ccbd144352021-12-22 11:49:30.945root 11241100x80000000000000003856801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30bee04397ae83782021-12-22 11:49:30.945root 11241100x80000000000000003856802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647e422bd7ce1bc62021-12-22 11:49:30.945root 11241100x80000000000000003856803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e6cbe0f500359b2021-12-22 11:49:30.945root 11241100x80000000000000003856804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6d91376db21a7d2021-12-22 11:49:30.945root 11241100x80000000000000003856805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c21e440e58560b2021-12-22 11:49:30.945root 11241100x80000000000000003856806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98063d4237371c832021-12-22 11:49:30.945root 11241100x80000000000000003856807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46975b72f163af642021-12-22 11:49:30.945root 11241100x80000000000000003856808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cbebedfebbfca162021-12-22 11:49:30.945root 11241100x80000000000000003856809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccca1510141daa212021-12-22 11:49:30.945root 11241100x80000000000000003856810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf56293f9df19d6c2021-12-22 11:49:30.946root 11241100x80000000000000003856811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2434b04be0d90e2021-12-22 11:49:30.946root 11241100x80000000000000003856812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74a6e31aa4044fd2021-12-22 11:49:30.946root 11241100x80000000000000003856813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897c1bfa328b076b2021-12-22 11:49:30.946root 11241100x80000000000000003856814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106190aeeff5dc882021-12-22 11:49:30.946root 11241100x80000000000000003856815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf095dccb8f656f02021-12-22 11:49:30.946root 11241100x80000000000000003856816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50710f2a7b37942a2021-12-22 11:49:30.946root 11241100x80000000000000003856817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c887a24105cebca2021-12-22 11:49:30.946root 11241100x80000000000000003856818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9294558127fa22962021-12-22 11:49:30.946root 11241100x80000000000000003856819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6093fbcff8aefd42021-12-22 11:49:30.946root 11241100x80000000000000003856820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed57f195ebd5b112021-12-22 11:49:30.946root 11241100x80000000000000003856821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9505459d3afba4e2021-12-22 11:49:30.946root 11241100x80000000000000003856822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7acb5cf25cc61dc32021-12-22 11:49:30.946root 11241100x80000000000000003856823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03432f2bf86f98252021-12-22 11:49:31.443root 11241100x80000000000000003856824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775adc82519da76a2021-12-22 11:49:31.443root 11241100x80000000000000003856825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fe3bd6f52415852021-12-22 11:49:31.443root 11241100x80000000000000003856826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4219e3724992aea02021-12-22 11:49:31.443root 11241100x80000000000000003856827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e576106d1366406d2021-12-22 11:49:31.443root 11241100x80000000000000003856828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4c4036310e5b0f2021-12-22 11:49:31.444root 11241100x80000000000000003856829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2fde4386a8d3e712021-12-22 11:49:31.444root 11241100x80000000000000003856830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a309f83dfa2c51df2021-12-22 11:49:31.444root 11241100x80000000000000003856831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e798d0accf6b71382021-12-22 11:49:31.444root 11241100x80000000000000003856832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48921985ceede2672021-12-22 11:49:31.444root 11241100x80000000000000003856833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10a6a8204821d5c2021-12-22 11:49:31.444root 11241100x80000000000000003856834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6119b2d79e2022bd2021-12-22 11:49:31.444root 11241100x80000000000000003856835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ed60cf1b1a08d22021-12-22 11:49:31.444root 11241100x80000000000000003856836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cbe1eb1eca906b2021-12-22 11:49:31.444root 11241100x80000000000000003856837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b880eb0ce51fad532021-12-22 11:49:31.444root 11241100x80000000000000003856838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1e36d7454850332021-12-22 11:49:31.445root 11241100x80000000000000003856839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f767135f6aa7f0a2021-12-22 11:49:31.445root 11241100x80000000000000003856840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a07592d6ac1225e2021-12-22 11:49:31.445root 11241100x80000000000000003856841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a78cfbc29c83332021-12-22 11:49:31.445root 11241100x80000000000000003856842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055742c199e4b77c2021-12-22 11:49:31.445root 11241100x80000000000000003856843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5fa08d0bcb403292021-12-22 11:49:31.445root 11241100x80000000000000003856844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7452153f4d8b4132021-12-22 11:49:31.445root 11241100x80000000000000003856845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cce5306c610a7d2021-12-22 11:49:31.445root 11241100x80000000000000003856846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f730a7f216cdcf02021-12-22 11:49:31.446root 11241100x80000000000000003856847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b26e066bc36ad802021-12-22 11:49:31.446root 11241100x80000000000000003856848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889e64b904e56e092021-12-22 11:49:31.446root 11241100x80000000000000003856849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660b60a480b1c2a82021-12-22 11:49:31.446root 11241100x80000000000000003856850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28fb2e1fbca552c62021-12-22 11:49:31.446root 11241100x80000000000000003856851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9d8bf98b6359052021-12-22 11:49:31.446root 11241100x80000000000000003856852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9caf0d1bc3d93f042021-12-22 11:49:31.446root 11241100x80000000000000003856853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0893fb4de3009812021-12-22 11:49:31.446root 11241100x80000000000000003856854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a98aa7135d763e2021-12-22 11:49:31.446root 11241100x80000000000000003856855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb9ad9aadd75e772021-12-22 11:49:31.447root 11241100x80000000000000003856856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2d069ae9f927262021-12-22 11:49:31.447root 11241100x80000000000000003856857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed0461ba8a5b1e72021-12-22 11:49:31.447root 11241100x80000000000000003856858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73957f64729623792021-12-22 11:49:31.448root 11241100x80000000000000003856859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed601bc1c7d669aa2021-12-22 11:49:31.448root 11241100x80000000000000003856860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60639b6bb49037712021-12-22 11:49:31.448root 11241100x80000000000000003856861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82bd07523cbda1712021-12-22 11:49:31.448root 11241100x80000000000000003856862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57bb4f82328ea31e2021-12-22 11:49:31.448root 11241100x80000000000000003856863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b15226cc50a07e2021-12-22 11:49:31.943root 11241100x80000000000000003856864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c893ca99031c99122021-12-22 11:49:31.943root 11241100x80000000000000003856865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ff8f8972cfc9872021-12-22 11:49:31.943root 11241100x80000000000000003856866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf095f27883dea812021-12-22 11:49:31.943root 11241100x80000000000000003856867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c93b3858f2c3c22021-12-22 11:49:31.943root 11241100x80000000000000003856868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9dc2cc4adadf0b2021-12-22 11:49:31.943root 11241100x80000000000000003856869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d07273c903b4c82021-12-22 11:49:31.944root 11241100x80000000000000003856870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca58b7154d264572021-12-22 11:49:31.944root 11241100x80000000000000003856871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47500bf876db75252021-12-22 11:49:31.944root 11241100x80000000000000003856872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b5429c493ab1822021-12-22 11:49:31.945root 11241100x80000000000000003856873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3f1f0e25a86e832021-12-22 11:49:31.945root 11241100x80000000000000003856874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633e09099f5e7c8b2021-12-22 11:49:31.945root 11241100x80000000000000003856875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ef382e18cbae802021-12-22 11:49:31.945root 11241100x80000000000000003856876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb071909d3a76af2021-12-22 11:49:31.946root 11241100x80000000000000003856877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28422f41b63b08f02021-12-22 11:49:31.946root 11241100x80000000000000003856878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c75ae3c5d4a3232021-12-22 11:49:31.946root 11241100x80000000000000003856879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6810bd2260076902021-12-22 11:49:31.946root 11241100x80000000000000003856880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1394ea6a642eb8b02021-12-22 11:49:31.946root 11241100x80000000000000003856881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73087d3b2fbb2152021-12-22 11:49:31.947root 11241100x80000000000000003856882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a5ab566396d3762021-12-22 11:49:31.947root 11241100x80000000000000003856883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9dec94ac984ca5d2021-12-22 11:49:31.947root 11241100x80000000000000003856884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0bc7ce28ca0274e2021-12-22 11:49:31.947root 11241100x80000000000000003856885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf477d6a346d2da62021-12-22 11:49:31.948root 11241100x80000000000000003856886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3ad9f759e9a0c72021-12-22 11:49:31.948root 11241100x80000000000000003856887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ada7f3d4b2950512021-12-22 11:49:31.948root 11241100x80000000000000003856888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de34643711a711202021-12-22 11:49:31.948root 11241100x80000000000000003856889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a9028ae7f3472c2021-12-22 11:49:31.948root 11241100x80000000000000003856890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d43939eaa7b90ba2021-12-22 11:49:31.949root 11241100x80000000000000003856891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254452d2461ec81e2021-12-22 11:49:31.949root 11241100x80000000000000003856892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b3128c74e78c2e2021-12-22 11:49:31.949root 11241100x80000000000000003856893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b772d8b0d5f7dc852021-12-22 11:49:31.950root 11241100x80000000000000003856894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dabc962807ff2aff2021-12-22 11:49:31.950root 11241100x80000000000000003856895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a72a89b45fa18b52021-12-22 11:49:31.950root 11241100x80000000000000003856896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ebb4258a9e1d0f2021-12-22 11:49:31.950root 11241100x80000000000000003856897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4a95ee7ffc80282021-12-22 11:49:31.951root 11241100x80000000000000003856898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474deabbc8d9336e2021-12-22 11:49:31.951root 11241100x80000000000000003856899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61102d5e14df66b2021-12-22 11:49:31.951root 11241100x80000000000000003856900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7458663d9605d52021-12-22 11:49:31.952root 11241100x80000000000000003856901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:31.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3867f154a24536c32021-12-22 11:49:31.952root 11241100x80000000000000003856902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8058f1879a7581192021-12-22 11:49:32.443root 11241100x80000000000000003856903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f53beee7843bce2021-12-22 11:49:32.443root 11241100x80000000000000003856904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbe49a5990a60192021-12-22 11:49:32.443root 11241100x80000000000000003856905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057665ef1308560f2021-12-22 11:49:32.443root 11241100x80000000000000003856906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9504493760d4d932021-12-22 11:49:32.443root 11241100x80000000000000003856907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41995c1636c8def62021-12-22 11:49:32.443root 11241100x80000000000000003856908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dbc56c5119b2ef02021-12-22 11:49:32.444root 11241100x80000000000000003856909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda8d4f447aae5942021-12-22 11:49:32.444root 11241100x80000000000000003856910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190c617a1c76eb802021-12-22 11:49:32.444root 11241100x80000000000000003856911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec83b59550b8e9fa2021-12-22 11:49:32.444root 11241100x80000000000000003856912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b7d94d0af123912021-12-22 11:49:32.444root 11241100x80000000000000003856913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebb38efd2ed2c6f2021-12-22 11:49:32.444root 11241100x80000000000000003856914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab41762a883994162021-12-22 11:49:32.444root 11241100x80000000000000003856915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01aaf75b9ba82372021-12-22 11:49:32.444root 11241100x80000000000000003856916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c196415f972435da2021-12-22 11:49:32.444root 11241100x80000000000000003856917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5827a846a34c21512021-12-22 11:49:32.445root 11241100x80000000000000003856918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0709dc6b3973d57e2021-12-22 11:49:32.445root 11241100x80000000000000003856919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af4947b3c9e78e52021-12-22 11:49:32.445root 11241100x80000000000000003856920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34a65ff8550681e2021-12-22 11:49:32.445root 11241100x80000000000000003856921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ed20b008b462382021-12-22 11:49:32.445root 11241100x80000000000000003856922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed439eedf84c0a02021-12-22 11:49:32.446root 11241100x80000000000000003856923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1614527041d66bfe2021-12-22 11:49:32.446root 11241100x80000000000000003856924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f526d2867663e4d2021-12-22 11:49:32.446root 11241100x80000000000000003856925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c1bb64c3bee3e02021-12-22 11:49:32.446root 11241100x80000000000000003856926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d263c022ba101762021-12-22 11:49:32.447root 11241100x80000000000000003856927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a376426d97d17f9b2021-12-22 11:49:32.447root 11241100x80000000000000003856928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25687338d9d61b62021-12-22 11:49:32.447root 11241100x80000000000000003856929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5a951269856ccf2021-12-22 11:49:32.447root 11241100x80000000000000003856930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9898e8891f36d22021-12-22 11:49:32.447root 11241100x80000000000000003856931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36fed645bbc0d482021-12-22 11:49:32.447root 11241100x80000000000000003856932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9ef04adb71d18c2021-12-22 11:49:32.447root 11241100x80000000000000003856933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114c0d81c936e3d02021-12-22 11:49:32.447root 11241100x80000000000000003856934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e8facfa950c2c92021-12-22 11:49:32.448root 11241100x80000000000000003856935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b53c354c7d62c412021-12-22 11:49:32.448root 11241100x80000000000000003856936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7a562bc64078ba2021-12-22 11:49:32.448root 11241100x80000000000000003856937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13f4d114f3784eb2021-12-22 11:49:32.448root 11241100x80000000000000003856938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc0abcd0edbefed2021-12-22 11:49:32.448root 11241100x80000000000000003856939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef17a7f5cc3b6082021-12-22 11:49:32.448root 11241100x80000000000000003856940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4802332f691b27ef2021-12-22 11:49:32.448root 11241100x80000000000000003856941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97650166c4f26e2b2021-12-22 11:49:32.448root 11241100x80000000000000003856942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbcbaf8c70ad4062021-12-22 11:49:32.449root 11241100x80000000000000003856943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88e14d177264e6c2021-12-22 11:49:32.449root 11241100x80000000000000003856944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229af15bca7096052021-12-22 11:49:32.449root 11241100x80000000000000003856945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8a1e668535a1612021-12-22 11:49:32.449root 11241100x80000000000000003856946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3709b68be951a72021-12-22 11:49:32.449root 11241100x80000000000000003856947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6593a99be864d4ea2021-12-22 11:49:32.449root 11241100x80000000000000003856948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a042ae56c8ae0fcf2021-12-22 11:49:32.449root 11241100x80000000000000003856949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02276b20ae277092021-12-22 11:49:32.449root 11241100x80000000000000003856950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4302296ed361007c2021-12-22 11:49:32.450root 11241100x80000000000000003856951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca473b3ab679981b2021-12-22 11:49:32.943root 11241100x80000000000000003856952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3395902500385972021-12-22 11:49:32.943root 11241100x80000000000000003856953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d21f27da8ee869c2021-12-22 11:49:32.943root 11241100x80000000000000003856954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b6d6175bc7fa3f2021-12-22 11:49:32.944root 11241100x80000000000000003856955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725683d24a4279112021-12-22 11:49:32.944root 11241100x80000000000000003856956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb1444cc4e745552021-12-22 11:49:32.944root 11241100x80000000000000003856957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3764824c17f002f92021-12-22 11:49:32.944root 11241100x80000000000000003856958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6cd9c702a2fe9152021-12-22 11:49:32.944root 11241100x80000000000000003856959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d12b12dd34dda02021-12-22 11:49:32.944root 11241100x80000000000000003856960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec629b4c4d383282021-12-22 11:49:32.944root 11241100x80000000000000003856961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcb1d45fdeab3382021-12-22 11:49:32.944root 11241100x80000000000000003856962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d91b714ac0a47012021-12-22 11:49:32.944root 11241100x80000000000000003856963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da1caf832b1946b2021-12-22 11:49:32.944root 11241100x80000000000000003856964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a1f5b897116a052021-12-22 11:49:32.944root 11241100x80000000000000003856965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973ebaa339876ebe2021-12-22 11:49:32.945root 11241100x80000000000000003856966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a6e27a2bbc73d92021-12-22 11:49:32.945root 11241100x80000000000000003856967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714fa5477fe25b792021-12-22 11:49:32.945root 11241100x80000000000000003856968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93df92a9bee36b762021-12-22 11:49:32.945root 11241100x80000000000000003856969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c0a004130bcb1a2021-12-22 11:49:32.945root 11241100x80000000000000003856970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b200e0fbd28bc132021-12-22 11:49:32.945root 11241100x80000000000000003856971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682b24047dbdc3cf2021-12-22 11:49:32.945root 11241100x80000000000000003856972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4887468037df7b322021-12-22 11:49:32.946root 11241100x80000000000000003856973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ca71415df151322021-12-22 11:49:32.946root 11241100x80000000000000003856974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d152219c0579b04a2021-12-22 11:49:32.946root 11241100x80000000000000003856975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396446ff85989c042021-12-22 11:49:32.946root 11241100x80000000000000003856976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c950d8a847b0282021-12-22 11:49:32.946root 11241100x80000000000000003856977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6387621774bfd692021-12-22 11:49:32.946root 11241100x80000000000000003856978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef7fa0ecb7e2eb72021-12-22 11:49:32.946root 11241100x80000000000000003856979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a44b04a9da1793f2021-12-22 11:49:32.946root 11241100x80000000000000003856980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d22c3babdac3382021-12-22 11:49:32.946root 11241100x80000000000000003856981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea2cf80be90f80f2021-12-22 11:49:32.946root 11241100x80000000000000003856982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3099e6298c52d6c12021-12-22 11:49:32.947root 11241100x80000000000000003856983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee09009084f4b652021-12-22 11:49:32.947root 11241100x80000000000000003856984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff562461c65050a02021-12-22 11:49:32.947root 11241100x80000000000000003856985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e41e8cc066af7f2021-12-22 11:49:32.947root 11241100x80000000000000003856986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36fde56c5a7eb9a2021-12-22 11:49:32.947root 11241100x80000000000000003856987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ccdd226145b28222021-12-22 11:49:32.947root 11241100x80000000000000003856988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:32.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177537589c998f8d2021-12-22 11:49:32.947root 11241100x80000000000000003856989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.142{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-22 11:49:33.142root 11241100x80000000000000003856990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba58d4ade7d53d1e2021-12-22 11:49:33.443root 11241100x80000000000000003856991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e010ee99db17a442021-12-22 11:49:33.443root 11241100x80000000000000003856992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37cf4f40305566fd2021-12-22 11:49:33.443root 11241100x80000000000000003856993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a581096d204ad32021-12-22 11:49:33.443root 11241100x80000000000000003856994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51fea8e2ed8c0252021-12-22 11:49:33.444root 11241100x80000000000000003856995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b1895c5e942a242021-12-22 11:49:33.444root 11241100x80000000000000003856996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd878ce5fc555e92021-12-22 11:49:33.444root 11241100x80000000000000003856997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d027148baf16c232021-12-22 11:49:33.444root 11241100x80000000000000003856998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff746bdd8d91ad952021-12-22 11:49:33.444root 11241100x80000000000000003856999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1798b99c1ab29c22021-12-22 11:49:33.444root 11241100x80000000000000003857000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed8e12eda73b4fd2021-12-22 11:49:33.444root 11241100x80000000000000003857001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a38aa64ce62a3632021-12-22 11:49:33.444root 11241100x80000000000000003857002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aeb12da0d4626352021-12-22 11:49:33.445root 11241100x80000000000000003857003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288324e449f0b8712021-12-22 11:49:33.445root 11241100x80000000000000003857004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d180ab8e0ea616132021-12-22 11:49:33.445root 11241100x80000000000000003857005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24493fcf73e7d1282021-12-22 11:49:33.445root 11241100x80000000000000003857006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5268dbd3fae7f6c2021-12-22 11:49:33.445root 11241100x80000000000000003857007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78960831bc9f5482021-12-22 11:49:33.445root 11241100x80000000000000003857008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39a4f6837f10bf12021-12-22 11:49:33.446root 11241100x80000000000000003857009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c93761d3550f3172021-12-22 11:49:33.446root 11241100x80000000000000003857010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0932a646fbca41302021-12-22 11:49:33.446root 11241100x80000000000000003857011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c841b26d3eadb82021-12-22 11:49:33.446root 11241100x80000000000000003857012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0d748bb4411d142021-12-22 11:49:33.446root 11241100x80000000000000003857013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f1d2455d3c10142021-12-22 11:49:33.446root 11241100x80000000000000003857014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641f1c4e828edd2e2021-12-22 11:49:33.446root 11241100x80000000000000003857015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1d078806315d162021-12-22 11:49:33.447root 11241100x80000000000000003857016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5e1ab36d44cdf32021-12-22 11:49:33.447root 11241100x80000000000000003857017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7293267c86e8432021-12-22 11:49:33.447root 11241100x80000000000000003857018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07225d21746c53212021-12-22 11:49:33.447root 11241100x80000000000000003857019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810bc4274f5bf8e32021-12-22 11:49:33.447root 11241100x80000000000000003857020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0d56d8ed94b8a32021-12-22 11:49:33.447root 11241100x80000000000000003857021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de1960514aa34162021-12-22 11:49:33.447root 11241100x80000000000000003857022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aec03f1b9e9e0892021-12-22 11:49:33.447root 11241100x80000000000000003857023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d66e8602c0896c02021-12-22 11:49:33.448root 11241100x80000000000000003857024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fca72be8f1ae3a2021-12-22 11:49:33.448root 11241100x80000000000000003857025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b085bdf899118112021-12-22 11:49:33.448root 11241100x80000000000000003857026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632af5162a2fdb8d2021-12-22 11:49:33.448root 11241100x80000000000000003857027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600f83e8302cc7c72021-12-22 11:49:33.448root 11241100x80000000000000003857028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a8fdd340c745332021-12-22 11:49:33.448root 11241100x80000000000000003857029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791820aebb10e1d72021-12-22 11:49:33.448root 11241100x80000000000000003857030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1ae9a7ea5567a12021-12-22 11:49:33.448root 11241100x80000000000000003857031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfc1121a209bb3e2021-12-22 11:49:33.448root 11241100x80000000000000003857032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b7332b6efb19d52021-12-22 11:49:33.448root 11241100x80000000000000003857033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200ee8e99080b8b22021-12-22 11:49:33.449root 11241100x80000000000000003857034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34982a57f741efa2021-12-22 11:49:33.449root 11241100x80000000000000003857035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f38357e43b9acc2021-12-22 11:49:33.449root 11241100x80000000000000003857036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1786375ba3f27b2021-12-22 11:49:33.449root 11241100x80000000000000003857037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2655fff283a4326c2021-12-22 11:49:33.449root 11241100x80000000000000003857038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a5b82633e9283a2021-12-22 11:49:33.449root 11241100x80000000000000003857039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb680e2d00c60642021-12-22 11:49:33.450root 11241100x80000000000000003857040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c640529e112f882021-12-22 11:49:33.450root 11241100x80000000000000003857041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6856ae6174b9257e2021-12-22 11:49:33.450root 11241100x80000000000000003857042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73cca6d66557d91a2021-12-22 11:49:33.450root 11241100x80000000000000003857043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f321ae374096ff02021-12-22 11:49:33.450root 11241100x80000000000000003857044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ee59ae520b19452021-12-22 11:49:33.450root 154100x80000000000000003857045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.633{ec2b6afe-10cd-61c3-68f4-9b89a0550000}19098/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x80000000000000003857046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.648{ec2b6afe-10cd-61c3-68f4-9b89a0550000}19098/bin/psroot 11241100x80000000000000003857047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888845a6b38ed1552021-12-22 11:49:33.943root 11241100x80000000000000003857048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebdcafcf687d5e652021-12-22 11:49:33.943root 11241100x80000000000000003857049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ad64149f2282492021-12-22 11:49:33.943root 11241100x80000000000000003857050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c8639678ae08ae2021-12-22 11:49:33.943root 11241100x80000000000000003857051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4601f94249bfc16a2021-12-22 11:49:33.943root 11241100x80000000000000003857052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8987b41099e052a2021-12-22 11:49:33.943root 11241100x80000000000000003857053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcedb05157ef094f2021-12-22 11:49:33.944root 11241100x80000000000000003857054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfead5024dc2a072021-12-22 11:49:33.944root 11241100x80000000000000003857055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef43f201a1049ae32021-12-22 11:49:33.944root 11241100x80000000000000003857056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3e649a9c2130822021-12-22 11:49:33.944root 11241100x80000000000000003857057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc96a219248bde62021-12-22 11:49:33.944root 11241100x80000000000000003857058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5bc85ac884bd5f12021-12-22 11:49:33.944root 11241100x80000000000000003857059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09473c6b878eac012021-12-22 11:49:33.945root 11241100x80000000000000003857060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908e56332cf339952021-12-22 11:49:33.945root 11241100x80000000000000003857061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77ac8d770354e902021-12-22 11:49:33.945root 11241100x80000000000000003857062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba43564adf3d563a2021-12-22 11:49:33.945root 11241100x80000000000000003857063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de616bd37b8d823e2021-12-22 11:49:33.946root 11241100x80000000000000003857064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5a1890b66217cf2021-12-22 11:49:33.946root 11241100x80000000000000003857065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4c034da8dbcd992021-12-22 11:49:33.946root 11241100x80000000000000003857066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4bd6eb6b244b1b2021-12-22 11:49:33.946root 11241100x80000000000000003857067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ac0eab2d6ae0fc2021-12-22 11:49:33.947root 11241100x80000000000000003857068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbf6c5d2a4d38be2021-12-22 11:49:33.947root 11241100x80000000000000003857069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e184827a180bcdb62021-12-22 11:49:33.947root 11241100x80000000000000003857070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10ad4ffda04cf6c2021-12-22 11:49:33.947root 11241100x80000000000000003857071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc970b8e7a39352d2021-12-22 11:49:33.948root 11241100x80000000000000003857072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e177afebc1423e52021-12-22 11:49:33.948root 11241100x80000000000000003857073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9014851bbe19e62021-12-22 11:49:33.948root 11241100x80000000000000003857074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007f942ff0bbfd1a2021-12-22 11:49:33.948root 11241100x80000000000000003857075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6255a3d372cfd9b62021-12-22 11:49:33.948root 11241100x80000000000000003857076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42023a443f016c062021-12-22 11:49:33.949root 11241100x80000000000000003857077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14ee45024b6130e2021-12-22 11:49:33.949root 11241100x80000000000000003857078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51aa25eed2db3be52021-12-22 11:49:33.949root 11241100x80000000000000003857079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46065c25440bab272021-12-22 11:49:33.949root 11241100x80000000000000003857080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5cf36b9b5898682021-12-22 11:49:33.949root 11241100x80000000000000003857081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ad54016f9ea77f2021-12-22 11:49:33.949root 11241100x80000000000000003857082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6c579bf7d9fc3f2021-12-22 11:49:33.950root 11241100x80000000000000003857083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a325425701dd08852021-12-22 11:49:33.950root 11241100x80000000000000003857084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431ae418d1d5c3552021-12-22 11:49:33.950root 11241100x80000000000000003857085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58be27c56c302cae2021-12-22 11:49:33.950root 11241100x80000000000000003857086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce32d7b1d0cfa7c2021-12-22 11:49:33.950root 11241100x80000000000000003857087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc80cbfc7f0bcf02021-12-22 11:49:33.950root 11241100x80000000000000003857088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a835cb38758b4d2021-12-22 11:49:33.951root 11241100x80000000000000003857089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a958cd0bd90fd14c2021-12-22 11:49:33.951root 11241100x80000000000000003857090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4965a62605f89d82021-12-22 11:49:33.951root 11241100x80000000000000003857091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c6a8ae42dae3972021-12-22 11:49:33.951root 11241100x80000000000000003857092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7b92e47bfcc8152021-12-22 11:49:33.951root 11241100x80000000000000003857093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8253a7874871b62021-12-22 11:49:33.952root 11241100x80000000000000003857094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96b7ab0666fbfd82021-12-22 11:49:33.952root 354300x80000000000000003857095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:33.973{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-42570-false10.0.1.12-8089- 11241100x80000000000000003857096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e28dbfcf41d05342021-12-22 11:49:34.443root 11241100x80000000000000003857097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1ef57c056314b02021-12-22 11:49:34.443root 11241100x80000000000000003857098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03f4fa2591505a22021-12-22 11:49:34.444root 11241100x80000000000000003857099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d0ab1cf62c9d1b2021-12-22 11:49:34.444root 11241100x80000000000000003857100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68f2385ba2955082021-12-22 11:49:34.444root 11241100x80000000000000003857101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c63f966800ad642021-12-22 11:49:34.444root 11241100x80000000000000003857102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69548390e81cb4f2021-12-22 11:49:34.444root 11241100x80000000000000003857103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900fa76bd3f385122021-12-22 11:49:34.444root 11241100x80000000000000003857104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a4d079d63f09a62021-12-22 11:49:34.444root 11241100x80000000000000003857105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8825e6b36251a92021-12-22 11:49:34.444root 11241100x80000000000000003857106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3105e05c9945a6cf2021-12-22 11:49:34.444root 11241100x80000000000000003857107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8389a7d8c40e2e912021-12-22 11:49:34.444root 11241100x80000000000000003857108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f48324f1e8fb702021-12-22 11:49:34.444root 11241100x80000000000000003857109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14e20be759328b72021-12-22 11:49:34.444root 11241100x80000000000000003857110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2be703d0528fb692021-12-22 11:49:34.444root 11241100x80000000000000003857111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438abfc81767ed3b2021-12-22 11:49:34.445root 11241100x80000000000000003857112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78767605fd1136f02021-12-22 11:49:34.445root 11241100x80000000000000003857113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f21c6e8b56efb72021-12-22 11:49:34.445root 11241100x80000000000000003857114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca526e087e8dcc62021-12-22 11:49:34.445root 11241100x80000000000000003857115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eefd858ebcf105b92021-12-22 11:49:34.445root 11241100x80000000000000003857116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e91a2ac8ee492d2021-12-22 11:49:34.445root 11241100x80000000000000003857117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53871833b5dd1da32021-12-22 11:49:34.445root 11241100x80000000000000003857118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580042c055fce4af2021-12-22 11:49:34.445root 11241100x80000000000000003857119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba2749be7aa48d72021-12-22 11:49:34.445root 11241100x80000000000000003857120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99fc46fb997672e82021-12-22 11:49:34.445root 11241100x80000000000000003857121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4588e6f6b34b5a982021-12-22 11:49:34.445root 11241100x80000000000000003857122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbdb4254f3eeab42021-12-22 11:49:34.445root 11241100x80000000000000003857123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd250df75927f342021-12-22 11:49:34.445root 11241100x80000000000000003857124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76eefe31248f78f32021-12-22 11:49:34.445root 11241100x80000000000000003857125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab516c3ae01d35b2021-12-22 11:49:34.445root 11241100x80000000000000003857126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122c3cca03bf91892021-12-22 11:49:34.446root 11241100x80000000000000003857127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e834ed4e2256b02021-12-22 11:49:34.446root 11241100x80000000000000003857128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89dd03436b68f3142021-12-22 11:49:34.446root 11241100x80000000000000003857129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51e34b1940e3c0d2021-12-22 11:49:34.446root 11241100x80000000000000003857130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e3f7948beef0f22021-12-22 11:49:34.943root 11241100x80000000000000003857131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d39e3c1a65172e22021-12-22 11:49:34.943root 11241100x80000000000000003857132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca48a3f748ac44932021-12-22 11:49:34.943root 11241100x80000000000000003857133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b5a8a8c480a4c22021-12-22 11:49:34.944root 11241100x80000000000000003857134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1b2b95bcc7cedf2021-12-22 11:49:34.944root 11241100x80000000000000003857135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0185a03724d6a27e2021-12-22 11:49:34.944root 11241100x80000000000000003857136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b0fdf0570b5c0d2021-12-22 11:49:34.944root 11241100x80000000000000003857137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8a9423804d4fa42021-12-22 11:49:34.944root 11241100x80000000000000003857138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c677f828867cbf742021-12-22 11:49:34.944root 11241100x80000000000000003857139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e248d8d654ad3e22021-12-22 11:49:34.944root 11241100x80000000000000003857140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0cc130c76da494f2021-12-22 11:49:34.944root 11241100x80000000000000003857141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b466e200c41dc2f22021-12-22 11:49:34.944root 11241100x80000000000000003857142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bc5f9c30fa0f6f2021-12-22 11:49:34.945root 11241100x80000000000000003857143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7fee1f426549ee22021-12-22 11:49:34.945root 11241100x80000000000000003857144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3345a69bfd2eba2021-12-22 11:49:34.945root 11241100x80000000000000003857145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f98cccac5f66002021-12-22 11:49:34.945root 11241100x80000000000000003857146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec33af0109f7f532021-12-22 11:49:34.945root 11241100x80000000000000003857147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafdfa9e98feb5b02021-12-22 11:49:34.945root 11241100x80000000000000003857148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0ad65611af65102021-12-22 11:49:34.945root 11241100x80000000000000003857149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523b7cff8b11efe22021-12-22 11:49:34.945root 11241100x80000000000000003857150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5b1202922a21102021-12-22 11:49:34.945root 11241100x80000000000000003857151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a6a8a86034a8c72021-12-22 11:49:34.945root 11241100x80000000000000003857152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ba0ddf18d1cd412021-12-22 11:49:34.946root 11241100x80000000000000003857153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4675ae35f905f4a22021-12-22 11:49:34.946root 11241100x80000000000000003857154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483cc109bc7062d02021-12-22 11:49:34.946root 11241100x80000000000000003857155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3426e44a2848f152021-12-22 11:49:34.946root 11241100x80000000000000003857156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b4d6ce101e27532021-12-22 11:49:34.946root 11241100x80000000000000003857157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e222c40224a65352021-12-22 11:49:34.946root 11241100x80000000000000003857158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6089f393d3d52afc2021-12-22 11:49:34.946root 11241100x80000000000000003857159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e237315653fcbc2021-12-22 11:49:34.946root 11241100x80000000000000003857160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8260495da07014cd2021-12-22 11:49:34.946root 11241100x80000000000000003857161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a8643822a801202021-12-22 11:49:34.947root 11241100x80000000000000003857162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e1ad7065b17af92021-12-22 11:49:34.947root 11241100x80000000000000003857163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46596fc7e827e20b2021-12-22 11:49:34.947root 11241100x80000000000000003857164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e92ac191f9c5552021-12-22 11:49:34.947root 11241100x80000000000000003857165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ef0fcb136ef0502021-12-22 11:49:34.947root 11241100x80000000000000003857166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cbc088be231512b2021-12-22 11:49:34.947root 11241100x80000000000000003857167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe2eb54097af0932021-12-22 11:49:34.947root 11241100x80000000000000003857168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885d8848b2f6f4412021-12-22 11:49:34.947root 354300x80000000000000003857169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.019{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55508-false10.0.1.12-8000- 11241100x80000000000000003857170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27350e2a650f1cc2021-12-22 11:49:35.443root 11241100x80000000000000003857171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07f66089568b6052021-12-22 11:49:35.443root 11241100x80000000000000003857172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65aa83c6b571d3052021-12-22 11:49:35.443root 11241100x80000000000000003857173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057e868f22a50b762021-12-22 11:49:35.443root 11241100x80000000000000003857174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132f3ac3e32f86ba2021-12-22 11:49:35.444root 11241100x80000000000000003857175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141456418779aa4f2021-12-22 11:49:35.444root 11241100x80000000000000003857176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b7f920458c44f32021-12-22 11:49:35.444root 11241100x80000000000000003857177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa69e81e5b982cc62021-12-22 11:49:35.444root 11241100x80000000000000003857178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0080c5334e0b7a2021-12-22 11:49:35.444root 11241100x80000000000000003857179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.151761361d4f3b672021-12-22 11:49:35.444root 11241100x80000000000000003857180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7da2968c6b787ce2021-12-22 11:49:35.444root 11241100x80000000000000003857181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f74277de6c0eda02021-12-22 11:49:35.444root 11241100x80000000000000003857182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55debfe518b41472021-12-22 11:49:35.444root 11241100x80000000000000003857183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50bc90fec61c8a92021-12-22 11:49:35.444root 11241100x80000000000000003857184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d98f57a56672832021-12-22 11:49:35.444root 11241100x80000000000000003857185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1498c04466fa56412021-12-22 11:49:35.444root 11241100x80000000000000003857186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3f2cb6323ad0a72021-12-22 11:49:35.444root 11241100x80000000000000003857187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4782c5b0a2a939a32021-12-22 11:49:35.444root 11241100x80000000000000003857188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449552add5f30b152021-12-22 11:49:35.444root 11241100x80000000000000003857189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd581c5bca2ad1c2021-12-22 11:49:35.444root 11241100x80000000000000003857190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc34ad315345b4ea2021-12-22 11:49:35.444root 11241100x80000000000000003857191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2e408b752adfa52021-12-22 11:49:35.445root 11241100x80000000000000003857192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c11d999b9999cff2021-12-22 11:49:35.445root 11241100x80000000000000003857193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b05af0a1fd64a152021-12-22 11:49:35.445root 11241100x80000000000000003857194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611b5dbca8905e1e2021-12-22 11:49:35.445root 11241100x80000000000000003857195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb96334568fbacb12021-12-22 11:49:35.445root 11241100x80000000000000003857196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f04f5be2b280b1d2021-12-22 11:49:35.445root 11241100x80000000000000003857197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f083840c1d31da82021-12-22 11:49:35.445root 11241100x80000000000000003857198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1490b431922c9d9f2021-12-22 11:49:35.445root 11241100x80000000000000003857199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1842f8b5546d25a2021-12-22 11:49:35.445root 11241100x80000000000000003857200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b40927055e31ec2021-12-22 11:49:35.445root 11241100x80000000000000003857201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d924d42fb95af02021-12-22 11:49:35.445root 11241100x80000000000000003857202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.becd5c2f9370848f2021-12-22 11:49:35.445root 11241100x80000000000000003857203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf338ec8a33be0f2021-12-22 11:49:35.445root 11241100x80000000000000003857204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28eca0751a431cc2021-12-22 11:49:35.445root 11241100x80000000000000003857205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab20e0057c5993f2021-12-22 11:49:35.445root 11241100x80000000000000003857206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5cef71c5278da62021-12-22 11:49:35.445root 11241100x80000000000000003857207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7ed600a4c59e422021-12-22 11:49:35.446root 11241100x80000000000000003857208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc71ba5d059d6dfc2021-12-22 11:49:35.446root 11241100x80000000000000003857209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693c3fa6ff8b6eb32021-12-22 11:49:35.446root 11241100x80000000000000003857210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff850fd08a9b86a2021-12-22 11:49:35.446root 11241100x80000000000000003857211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a75b722345e024a2021-12-22 11:49:35.446root 11241100x80000000000000003857212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398a4890fd0ca0ac2021-12-22 11:49:35.446root 11241100x80000000000000003857213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0994166463fbd2922021-12-22 11:49:35.446root 11241100x80000000000000003857214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433b5fe832e050ab2021-12-22 11:49:35.446root 11241100x80000000000000003857215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed424900cab92d02021-12-22 11:49:35.446root 11241100x80000000000000003857216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a53474057ca99c2021-12-22 11:49:35.446root 11241100x80000000000000003857217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeeea93fdb81d3a32021-12-22 11:49:35.446root 11241100x80000000000000003857218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42895bce8ae0f6c2021-12-22 11:49:35.446root 11241100x80000000000000003857219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f7c58564bd2cb42021-12-22 11:49:35.446root 11241100x80000000000000003857220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525cb9ffcab54c392021-12-22 11:49:35.446root 11241100x80000000000000003857221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9edacaff0e96b6392021-12-22 11:49:35.446root 11241100x80000000000000003857222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569400723fd3f2d52021-12-22 11:49:35.446root 11241100x80000000000000003857223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b62b9095ac905c2021-12-22 11:49:35.447root 11241100x80000000000000003857224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908d2a3f72382b442021-12-22 11:49:35.447root 11241100x80000000000000003857225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80495f61e0fb4ccc2021-12-22 11:49:35.447root 11241100x80000000000000003857226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576d3ba61fcb77c02021-12-22 11:49:35.447root 11241100x80000000000000003857227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6346064de18d822021-12-22 11:49:35.447root 11241100x80000000000000003857228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a034d5758a3ad1fb2021-12-22 11:49:35.447root 11241100x80000000000000003857229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e5a5a1082aef032021-12-22 11:49:35.447root 11241100x80000000000000003857230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d953da2a13517d332021-12-22 11:49:35.447root 11241100x80000000000000003857231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a37db96d43b93a22021-12-22 11:49:35.447root 11241100x80000000000000003857232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952656e2fc812d882021-12-22 11:49:35.447root 11241100x80000000000000003857233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165cae1d92785ceb2021-12-22 11:49:35.447root 11241100x80000000000000003857234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526abcffc6b4eabf2021-12-22 11:49:35.447root 11241100x80000000000000003857235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b846e63c4d135772021-12-22 11:49:35.447root 11241100x80000000000000003857236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dcd4a323bfc08c32021-12-22 11:49:35.448root 11241100x80000000000000003857237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d335da724990b9b2021-12-22 11:49:35.448root 11241100x80000000000000003857238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd980c9c4d4bb4522021-12-22 11:49:35.448root 11241100x80000000000000003857239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced6c7ddfa64cf842021-12-22 11:49:35.448root 11241100x80000000000000003857240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2564f6dbed2e3aa2021-12-22 11:49:35.448root 11241100x80000000000000003857241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea7b1b9ab6c9e2c2021-12-22 11:49:35.448root 11241100x80000000000000003857242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e1325428e5a4d72021-12-22 11:49:35.448root 11241100x80000000000000003857243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4d96678df6c7152021-12-22 11:49:35.448root 11241100x80000000000000003857244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ec2796754a9ef42021-12-22 11:49:35.449root 11241100x80000000000000003857245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227f1aea42b446552021-12-22 11:49:35.449root 11241100x80000000000000003857246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eac9741cdb445a32021-12-22 11:49:35.449root 11241100x80000000000000003857247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15983868fd1cf4332021-12-22 11:49:35.449root 11241100x80000000000000003857248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9766ff39a17b652021-12-22 11:49:35.449root 11241100x80000000000000003857249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31e3f1c4fb2a0a62021-12-22 11:49:35.449root 11241100x80000000000000003857250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1294b38ffbf1a912021-12-22 11:49:35.943root 11241100x80000000000000003857251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da066c778d8006c82021-12-22 11:49:35.943root 11241100x80000000000000003857252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b1e5e92ab910262021-12-22 11:49:35.943root 11241100x80000000000000003857253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a1de9512d2d8c62021-12-22 11:49:35.944root 11241100x80000000000000003857254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c80cdfed997ec82021-12-22 11:49:35.944root 11241100x80000000000000003857255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98f8b58b7d135802021-12-22 11:49:35.944root 11241100x80000000000000003857256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba386561ebf8dd502021-12-22 11:49:35.944root 11241100x80000000000000003857257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abacda5d90fb5452021-12-22 11:49:35.944root 11241100x80000000000000003857258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e63ad0220d27cec2021-12-22 11:49:35.944root 11241100x80000000000000003857259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac0b9e5af3c405f2021-12-22 11:49:35.944root 11241100x80000000000000003857260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d189789a94386e2021-12-22 11:49:35.944root 11241100x80000000000000003857261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9696f9b4c40a112021-12-22 11:49:35.944root 11241100x80000000000000003857262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba8b92ee5ca1a5e2021-12-22 11:49:35.944root 11241100x80000000000000003857263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f25f7288fa5c60f2021-12-22 11:49:35.944root 11241100x80000000000000003857264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdadb42d9d319b712021-12-22 11:49:35.945root 11241100x80000000000000003857265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d39dbffa4d2df0e2021-12-22 11:49:35.945root 11241100x80000000000000003857266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83b00fa6284250f2021-12-22 11:49:35.945root 11241100x80000000000000003857267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411c387435cc686c2021-12-22 11:49:35.945root 11241100x80000000000000003857268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad5881250d897142021-12-22 11:49:35.945root 11241100x80000000000000003857269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d6f3586e6662ac2021-12-22 11:49:35.945root 11241100x80000000000000003857270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77d9d2b2fc44ad52021-12-22 11:49:35.945root 11241100x80000000000000003857271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f7a4eb6126aa142021-12-22 11:49:35.945root 11241100x80000000000000003857272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96cd8fc5d08e09a52021-12-22 11:49:35.945root 11241100x80000000000000003857273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82bf436ae2acd8572021-12-22 11:49:35.945root 11241100x80000000000000003857274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d722415d31353c002021-12-22 11:49:35.945root 11241100x80000000000000003857275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8276d03f3073a152021-12-22 11:49:35.945root 11241100x80000000000000003857276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf069f24c9464f2b2021-12-22 11:49:35.945root 11241100x80000000000000003857277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85aa9c7a64a02f6f2021-12-22 11:49:35.945root 11241100x80000000000000003857278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd03404612add1a42021-12-22 11:49:35.945root 11241100x80000000000000003857279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33439885238c0eb2021-12-22 11:49:35.946root 11241100x80000000000000003857280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7515f4de97767c2021-12-22 11:49:35.946root 11241100x80000000000000003857281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a640bb338da123f12021-12-22 11:49:35.946root 11241100x80000000000000003857282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a498bc227a9c4f2021-12-22 11:49:35.947root 11241100x80000000000000003857283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3f55cc5d9b63482021-12-22 11:49:35.947root 11241100x80000000000000003857284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31090975a22873d42021-12-22 11:49:35.947root 11241100x80000000000000003857285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84372a2387883e32021-12-22 11:49:35.947root 11241100x80000000000000003857286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a0e7c277236d822021-12-22 11:49:35.947root 11241100x80000000000000003857287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3f53c60b1445d92021-12-22 11:49:35.947root 11241100x80000000000000003857288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac94e86a8eb39b22021-12-22 11:49:35.947root 11241100x80000000000000003857289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab9d76097474b362021-12-22 11:49:35.947root 11241100x80000000000000003857290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc7cae45008d2612021-12-22 11:49:35.947root 11241100x80000000000000003857291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ea5a633b5ef9b42021-12-22 11:49:35.947root 11241100x80000000000000003857292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:35.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469756b6fb2a6fef2021-12-22 11:49:35.948root 23542300x80000000000000003857293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.143{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000003857294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87980504aa46b5332021-12-22 11:49:36.443root 11241100x80000000000000003857295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c6ae793a4796c82021-12-22 11:49:36.443root 11241100x80000000000000003857296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74462b59be84af362021-12-22 11:49:36.443root 11241100x80000000000000003857297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f415e2143ee3022021-12-22 11:49:36.443root 11241100x80000000000000003857298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2b24802738b7a92021-12-22 11:49:36.444root 11241100x80000000000000003857299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d699a1bc84769d2021-12-22 11:49:36.444root 11241100x80000000000000003857300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3297f6fa283527a42021-12-22 11:49:36.444root 11241100x80000000000000003857301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204edd548122f0f72021-12-22 11:49:36.444root 11241100x80000000000000003857302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad8e9daa48873e42021-12-22 11:49:36.444root 11241100x80000000000000003857303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d34fb1da7daabc2021-12-22 11:49:36.444root 11241100x80000000000000003857304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0dd373eee8af9f62021-12-22 11:49:36.444root 11241100x80000000000000003857305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d9ec574eaae5232021-12-22 11:49:36.444root 11241100x80000000000000003857306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c219d619764147ba2021-12-22 11:49:36.444root 11241100x80000000000000003857307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c10e3a75d6ce652021-12-22 11:49:36.444root 11241100x80000000000000003857308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255c86237db9acaa2021-12-22 11:49:36.444root 11241100x80000000000000003857309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1cbface417588a2021-12-22 11:49:36.444root 11241100x80000000000000003857310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2b301aa84c963b2021-12-22 11:49:36.444root 11241100x80000000000000003857311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2366d77496f96a2021-12-22 11:49:36.444root 11241100x80000000000000003857312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b748e56ba42082e2021-12-22 11:49:36.444root 11241100x80000000000000003857313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251226fe20df259b2021-12-22 11:49:36.445root 11241100x80000000000000003857314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54e047ce1ccedf82021-12-22 11:49:36.445root 11241100x80000000000000003857315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c25ab21b51247e12021-12-22 11:49:36.445root 11241100x80000000000000003857316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6867fa12c37a86172021-12-22 11:49:36.445root 11241100x80000000000000003857317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3e3c99889b83ca2021-12-22 11:49:36.445root 11241100x80000000000000003857318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8cbb8a6664b9982021-12-22 11:49:36.445root 11241100x80000000000000003857319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03eabeeada3bf3772021-12-22 11:49:36.445root 11241100x80000000000000003857320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd3b7a1f678693d2021-12-22 11:49:36.445root 11241100x80000000000000003857321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f2797935dad04b2021-12-22 11:49:36.445root 11241100x80000000000000003857322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deca7dd6e18c15b62021-12-22 11:49:36.445root 11241100x80000000000000003857323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f482ea5b1079e12021-12-22 11:49:36.445root 11241100x80000000000000003857324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468520de0c3602032021-12-22 11:49:36.445root 11241100x80000000000000003857325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d39e4d27c7189982021-12-22 11:49:36.445root 11241100x80000000000000003857326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c0ea656ca41d512021-12-22 11:49:36.445root 11241100x80000000000000003857327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde4d03c6fb2c8be2021-12-22 11:49:36.445root 11241100x80000000000000003857328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3858302f2769201f2021-12-22 11:49:36.445root 11241100x80000000000000003857329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d811417943322a392021-12-22 11:49:36.446root 11241100x80000000000000003857330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.827eeed22372df192021-12-22 11:49:36.446root 11241100x80000000000000003857331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464b50f2ad6dd31f2021-12-22 11:49:36.446root 11241100x80000000000000003857332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f541d729b57357032021-12-22 11:49:36.446root 11241100x80000000000000003857333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a3f384e26ca38e2021-12-22 11:49:36.446root 11241100x80000000000000003857334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8eba3bc4d31eca22021-12-22 11:49:36.446root 11241100x80000000000000003857335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc6cf01992d9d3f2021-12-22 11:49:36.446root 11241100x80000000000000003857336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d4c7f74c3c1c902021-12-22 11:49:36.446root 11241100x80000000000000003857337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db989a57bbbebf72021-12-22 11:49:36.446root 11241100x80000000000000003857338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d08c0cc2d2ae5e2021-12-22 11:49:36.446root 11241100x80000000000000003857339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5cfcb49e320b8f2021-12-22 11:49:36.446root 11241100x80000000000000003857340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3909f30c7afed4062021-12-22 11:49:36.446root 11241100x80000000000000003857341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576c1831124953622021-12-22 11:49:36.446root 11241100x80000000000000003857342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96263db2835fd812021-12-22 11:49:36.446root 11241100x80000000000000003857343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf46dd3867024d32021-12-22 11:49:36.447root 11241100x80000000000000003857344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce1dbfcded389952021-12-22 11:49:36.447root 11241100x80000000000000003857345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb05c0bdb3ce691b2021-12-22 11:49:36.447root 11241100x80000000000000003857346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23c61ee8f952c2c2021-12-22 11:49:36.447root 11241100x80000000000000003857347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79092562c1be5712021-12-22 11:49:36.447root 11241100x80000000000000003857348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6621d742b981646c2021-12-22 11:49:36.447root 11241100x80000000000000003857349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694c0e4fe0de82042021-12-22 11:49:36.943root 11241100x80000000000000003857350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfa0711e38d34ec2021-12-22 11:49:36.943root 11241100x80000000000000003857351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef214a8391b9c3e2021-12-22 11:49:36.943root 11241100x80000000000000003857352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3c3670d93d15992021-12-22 11:49:36.943root 11241100x80000000000000003857353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89de7e87da8d3db2021-12-22 11:49:36.943root 11241100x80000000000000003857354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bfa82f6c26fd4592021-12-22 11:49:36.943root 11241100x80000000000000003857355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3985ad3cc81ddbc2021-12-22 11:49:36.944root 11241100x80000000000000003857356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff2469b119e39ad2021-12-22 11:49:36.944root 11241100x80000000000000003857357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340d1d15b3ff12792021-12-22 11:49:36.944root 11241100x80000000000000003857358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05e130d2ef24b372021-12-22 11:49:36.944root 11241100x80000000000000003857359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d08f539bd7b72032021-12-22 11:49:36.944root 11241100x80000000000000003857360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ae112fee46072b2021-12-22 11:49:36.944root 11241100x80000000000000003857361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5005698dace4a92021-12-22 11:49:36.944root 11241100x80000000000000003857362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37d38ef125b3f702021-12-22 11:49:36.944root 11241100x80000000000000003857363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ec4e3fffbde1412021-12-22 11:49:36.944root 11241100x80000000000000003857364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dcdda0f1904ea252021-12-22 11:49:36.944root 11241100x80000000000000003857365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b304f2c438b37b2021-12-22 11:49:36.944root 11241100x80000000000000003857366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649f2a2b4f49d12f2021-12-22 11:49:36.945root 11241100x80000000000000003857367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1dcd64c486c10ee2021-12-22 11:49:36.945root 11241100x80000000000000003857368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ef02dd94466bcd2021-12-22 11:49:36.945root 11241100x80000000000000003857369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4bc50d394a19942021-12-22 11:49:36.945root 11241100x80000000000000003857370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4718a565c91f932021-12-22 11:49:36.945root 11241100x80000000000000003857371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6d33fce4b0f05c2021-12-22 11:49:36.945root 11241100x80000000000000003857372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d76dfc45bb58c22021-12-22 11:49:36.945root 11241100x80000000000000003857373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae6d2dc20f871ee2021-12-22 11:49:36.945root 11241100x80000000000000003857374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3697adc64f6f052021-12-22 11:49:36.945root 11241100x80000000000000003857375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a90cabb1369d6a32021-12-22 11:49:36.945root 11241100x80000000000000003857376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6729a38a0b8ea1e2021-12-22 11:49:36.946root 11241100x80000000000000003857377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1671b30928c089042021-12-22 11:49:36.946root 11241100x80000000000000003857378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3124dee0eba78e272021-12-22 11:49:36.946root 11241100x80000000000000003857379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32569120ab1094152021-12-22 11:49:36.946root 11241100x80000000000000003857380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508db21f367cb7f22021-12-22 11:49:36.946root 11241100x80000000000000003857381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3ca523999cdabe2021-12-22 11:49:36.946root 11241100x80000000000000003857382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173feef3e0fa9a1d2021-12-22 11:49:36.946root 11241100x80000000000000003857383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d97d8206931a3852021-12-22 11:49:36.946root 11241100x80000000000000003857384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f50332707b716832021-12-22 11:49:36.947root 11241100x80000000000000003857385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccda2b1094338d282021-12-22 11:49:36.947root 11241100x80000000000000003857386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b5061648c38e1d2021-12-22 11:49:36.947root 11241100x80000000000000003857387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4301d6e0b864812021-12-22 11:49:36.947root 11241100x80000000000000003857388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b75c6d765b9ad52021-12-22 11:49:36.947root 11241100x80000000000000003857389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcb57414d210d932021-12-22 11:49:36.947root 11241100x80000000000000003857390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d491924d9c5827212021-12-22 11:49:36.947root 11241100x80000000000000003857391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef91c6695efa4eb22021-12-22 11:49:36.947root 11241100x80000000000000003857392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96735f257048f8e02021-12-22 11:49:36.947root 11241100x80000000000000003857393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c670c5c5e4fe6a72021-12-22 11:49:36.948root 11241100x80000000000000003857394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981ea6d7ab3b46482021-12-22 11:49:36.948root 11241100x80000000000000003857395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6bc0b48bfd46292021-12-22 11:49:36.948root 11241100x80000000000000003857396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd1c48fed33111b2021-12-22 11:49:36.948root 11241100x80000000000000003857397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d6af17eaf7310b2021-12-22 11:49:36.948root 11241100x80000000000000003857398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1d77f349d6cd432021-12-22 11:49:36.948root 11241100x80000000000000003857399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec99dfe4a1f02bea2021-12-22 11:49:36.948root 11241100x80000000000000003857400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acdb8bacd5d97d022021-12-22 11:49:36.948root 11241100x80000000000000003857401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7746361d8acdaebf2021-12-22 11:49:36.949root 11241100x80000000000000003857402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ec48477345f6422021-12-22 11:49:36.949root 11241100x80000000000000003857403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cdc8fbddb66543c2021-12-22 11:49:36.949root 11241100x80000000000000003857404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87c6bec1187b0b42021-12-22 11:49:36.949root 11241100x80000000000000003857405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0645acba262dc49b2021-12-22 11:49:36.949root 11241100x80000000000000003857406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce692ffd0b707da2021-12-22 11:49:36.949root 11241100x80000000000000003857407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653a58127a3b9c152021-12-22 11:49:36.949root 11241100x80000000000000003857408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b87ee4cded227d02021-12-22 11:49:36.949root 11241100x80000000000000003857409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31df1e3e0dc750d02021-12-22 11:49:36.949root 11241100x80000000000000003857410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c433553fc724051c2021-12-22 11:49:36.949root 11241100x80000000000000003857411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5ed35815c283802021-12-22 11:49:36.950root 11241100x80000000000000003857412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cdd10bcc6ebf8742021-12-22 11:49:36.950root 11241100x80000000000000003857413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb58ef8a48cc5622021-12-22 11:49:36.950root 11241100x80000000000000003857414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373f852e7e323d972021-12-22 11:49:36.950root 11241100x80000000000000003857415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9a23899ce7188f2021-12-22 11:49:36.950root 11241100x80000000000000003857416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42cde2e39362cae2021-12-22 11:49:36.950root 11241100x80000000000000003857417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bffc6f2017c10ca2021-12-22 11:49:36.950root 11241100x80000000000000003857418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9fd9301588e4b32021-12-22 11:49:36.950root 11241100x80000000000000003857419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7519ead8cace50c52021-12-22 11:49:36.950root 11241100x80000000000000003857420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7881d100df933a392021-12-22 11:49:36.950root 11241100x80000000000000003857421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c8fa517bf53dd42021-12-22 11:49:36.951root 11241100x80000000000000003857422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab14857dc7d0b69c2021-12-22 11:49:36.951root 11241100x80000000000000003857423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfc3370569acffa2021-12-22 11:49:36.951root 11241100x80000000000000003857424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09c09d7a058dfa02021-12-22 11:49:36.951root 11241100x80000000000000003857425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a8890759396d782021-12-22 11:49:36.951root 11241100x80000000000000003857426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb0bd11301706582021-12-22 11:49:36.951root 11241100x80000000000000003857427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186dc89b3926d2802021-12-22 11:49:36.951root 11241100x80000000000000003857428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998933a07aacb1ab2021-12-22 11:49:36.952root 11241100x80000000000000003857429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27dd0ec1bac484432021-12-22 11:49:36.952root 11241100x80000000000000003857430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17addf5ebc816032021-12-22 11:49:36.952root 11241100x80000000000000003857431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c28f0e97555fe282021-12-22 11:49:36.952root 11241100x80000000000000003857432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d02bf2504058802021-12-22 11:49:36.952root 11241100x80000000000000003857433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9179b0389ed039342021-12-22 11:49:36.952root 11241100x80000000000000003857434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f161387e1e786bd2021-12-22 11:49:36.952root 11241100x80000000000000003857435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0f034631724b602021-12-22 11:49:36.952root 11241100x80000000000000003857436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8bbf614272b4c92021-12-22 11:49:36.953root 11241100x80000000000000003857437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e709fd9edf8f371f2021-12-22 11:49:36.953root 11241100x80000000000000003857438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75737737ccd9ccda2021-12-22 11:49:36.953root 11241100x80000000000000003857439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56a72c3d17677062021-12-22 11:49:36.953root 11241100x80000000000000003857440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5ae9ce31c0c84a2021-12-22 11:49:36.953root 11241100x80000000000000003857441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81afba69d3347a12021-12-22 11:49:36.953root 11241100x80000000000000003857442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f3eb4d07eac42a2021-12-22 11:49:36.953root 11241100x80000000000000003857443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba83ec3d0ba32ac2021-12-22 11:49:36.953root 11241100x80000000000000003857444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ed43b50b5e4fe62021-12-22 11:49:36.953root 11241100x80000000000000003857445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46de6afdec96399c2021-12-22 11:49:36.953root 11241100x80000000000000003857446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aadef2d542c86da2021-12-22 11:49:36.954root 11241100x80000000000000003857447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:36.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253a9b64cc44ae502021-12-22 11:49:36.954root 11241100x80000000000000003857448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1b0dfd0e8be5fd2021-12-22 11:49:37.443root 11241100x80000000000000003857449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a669fba4e7e2ce2021-12-22 11:49:37.443root 11241100x80000000000000003857450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad8a20c20e21c632021-12-22 11:49:37.443root 11241100x80000000000000003857451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b06ef0a99d5ed642021-12-22 11:49:37.444root 11241100x80000000000000003857452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35869d5682eaee1d2021-12-22 11:49:37.444root 11241100x80000000000000003857453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0c869a326c7f0f2021-12-22 11:49:37.444root 11241100x80000000000000003857454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69bf147c21e965132021-12-22 11:49:37.444root 11241100x80000000000000003857455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4cff9495def3afb2021-12-22 11:49:37.444root 11241100x80000000000000003857456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c353eb64be217752021-12-22 11:49:37.444root 11241100x80000000000000003857457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e554694ba2d84ef52021-12-22 11:49:37.444root 11241100x80000000000000003857458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948940ca9119055f2021-12-22 11:49:37.444root 11241100x80000000000000003857459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38143ce5de71299f2021-12-22 11:49:37.444root 11241100x80000000000000003857460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a576975df4fa972021-12-22 11:49:37.444root 11241100x80000000000000003857461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef92cab7a75baad02021-12-22 11:49:37.444root 11241100x80000000000000003857462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d72d92d79942e22021-12-22 11:49:37.444root 11241100x80000000000000003857463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1327b1c97eec8f62021-12-22 11:49:37.444root 11241100x80000000000000003857464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83030bb83cb870732021-12-22 11:49:37.444root 11241100x80000000000000003857465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7890debe00b486bd2021-12-22 11:49:37.444root 11241100x80000000000000003857466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c72b59fc6b4e1c2021-12-22 11:49:37.445root 11241100x80000000000000003857467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c216b40fad985b12021-12-22 11:49:37.445root 11241100x80000000000000003857468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5c162cbd0935a22021-12-22 11:49:37.445root 11241100x80000000000000003857469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58175e19c170f4f2021-12-22 11:49:37.445root 11241100x80000000000000003857470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682233ea1ccaca542021-12-22 11:49:37.445root 11241100x80000000000000003857471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655b31c43c3ca6f32021-12-22 11:49:37.445root 11241100x80000000000000003857472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f27aa87185755912021-12-22 11:49:37.445root 11241100x80000000000000003857473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695d76c94c07ad942021-12-22 11:49:37.445root 11241100x80000000000000003857474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e8afb7d0bb27592021-12-22 11:49:37.445root 11241100x80000000000000003857475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5219e51d510ba3d2021-12-22 11:49:37.445root 11241100x80000000000000003857476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da824e6acdd4a712021-12-22 11:49:37.445root 11241100x80000000000000003857477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b7cf8269ee93182021-12-22 11:49:37.445root 11241100x80000000000000003857478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd629d7be211f4e2021-12-22 11:49:37.445root 11241100x80000000000000003857479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7998bee838d6398e2021-12-22 11:49:37.445root 11241100x80000000000000003857480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df22088203331cd2021-12-22 11:49:37.445root 11241100x80000000000000003857481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c9ce630db70af82021-12-22 11:49:37.445root 11241100x80000000000000003857482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e45217317282a52021-12-22 11:49:37.446root 11241100x80000000000000003857483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a153c35db3980fc02021-12-22 11:49:37.446root 11241100x80000000000000003857484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed157076ca05d9ab2021-12-22 11:49:37.446root 11241100x80000000000000003857485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0deb4e79e31b54822021-12-22 11:49:37.446root 11241100x80000000000000003857486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5a0d6adf606b622021-12-22 11:49:37.446root 11241100x80000000000000003857487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d65c50f4da464082021-12-22 11:49:37.446root 11241100x80000000000000003857488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6454ada61d7b9d5a2021-12-22 11:49:37.446root 11241100x80000000000000003857489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a1ea348c86d2cb2021-12-22 11:49:37.446root 11241100x80000000000000003857490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8644b7401a077362021-12-22 11:49:37.446root 11241100x80000000000000003857491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4628182031ad4d2021-12-22 11:49:37.446root 11241100x80000000000000003857492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb08422f01d47412021-12-22 11:49:37.446root 11241100x80000000000000003857493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be3ae0f5aa204fb2021-12-22 11:49:37.943root 11241100x80000000000000003857494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d9cf61f11c2e812021-12-22 11:49:37.943root 11241100x80000000000000003857495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d273dc363d04fbc2021-12-22 11:49:37.943root 11241100x80000000000000003857496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1eb9abde33b61d2021-12-22 11:49:37.943root 11241100x80000000000000003857497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2849e560943bd71f2021-12-22 11:49:37.943root 11241100x80000000000000003857498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49748af4dfcd4eea2021-12-22 11:49:37.943root 11241100x80000000000000003857499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d2dbfcc08a99d42021-12-22 11:49:37.944root 11241100x80000000000000003857500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a0bcecca7b4a8d2021-12-22 11:49:37.944root 11241100x80000000000000003857501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990f0d06a5baa3d22021-12-22 11:49:37.944root 11241100x80000000000000003857502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae68e3b535c5aea22021-12-22 11:49:37.944root 11241100x80000000000000003857503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19561d652b11ef0b2021-12-22 11:49:37.944root 11241100x80000000000000003857504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576cff8bf26749a22021-12-22 11:49:37.944root 11241100x80000000000000003857505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86210e529315e73b2021-12-22 11:49:37.944root 11241100x80000000000000003857506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938826c674e449f72021-12-22 11:49:37.944root 11241100x80000000000000003857507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10cd24ddbb557932021-12-22 11:49:37.944root 11241100x80000000000000003857508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1b2e2f79fa1fae2021-12-22 11:49:37.944root 11241100x80000000000000003857509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0876f0fbffe491c82021-12-22 11:49:37.944root 11241100x80000000000000003857510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6df31821a368322021-12-22 11:49:37.945root 11241100x80000000000000003857511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a68ef39aea5b4692021-12-22 11:49:37.945root 11241100x80000000000000003857512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa8426f81517a2a2021-12-22 11:49:37.945root 11241100x80000000000000003857513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93b969fbe906bdf2021-12-22 11:49:37.945root 11241100x80000000000000003857514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc19f02cece135f12021-12-22 11:49:37.945root 11241100x80000000000000003857515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338792e6be039a9b2021-12-22 11:49:37.945root 11241100x80000000000000003857516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46b09f8a21cb5782021-12-22 11:49:37.945root 11241100x80000000000000003857517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0503d7a104804e52021-12-22 11:49:37.945root 11241100x80000000000000003857518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5e2760af8ea2e02021-12-22 11:49:37.945root 11241100x80000000000000003857519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f5ce85593dced42021-12-22 11:49:37.945root 11241100x80000000000000003857520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1510351c4793c92021-12-22 11:49:37.945root 11241100x80000000000000003857521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36efd5c261a9c5c02021-12-22 11:49:37.946root 11241100x80000000000000003857522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010c0a436c6edd932021-12-22 11:49:37.946root 11241100x80000000000000003857523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6a24ff298676992021-12-22 11:49:37.946root 11241100x80000000000000003857524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b79a88d0eb37df2021-12-22 11:49:37.946root 11241100x80000000000000003857525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede5cb4960ce23092021-12-22 11:49:37.946root 11241100x80000000000000003857526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e92674d3ef97cf2021-12-22 11:49:37.946root 11241100x80000000000000003857527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073b41a08d7af9502021-12-22 11:49:37.946root 11241100x80000000000000003857528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed88303241db3d12021-12-22 11:49:37.946root 11241100x80000000000000003857529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac79c6c58333c092021-12-22 11:49:37.946root 11241100x80000000000000003857530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078d5e940624f9022021-12-22 11:49:37.946root 11241100x80000000000000003857531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5cc518c2ebd1fd2021-12-22 11:49:37.946root 11241100x80000000000000003857532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f21d39780557832021-12-22 11:49:37.947root 11241100x80000000000000003857533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0f0bd2245376de2021-12-22 11:49:37.947root 11241100x80000000000000003857534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6fdf81437f9fa8a2021-12-22 11:49:37.947root 11241100x80000000000000003857535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a29a68c92435052021-12-22 11:49:37.947root 11241100x80000000000000003857536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74209dabbde52f752021-12-22 11:49:37.947root 11241100x80000000000000003857537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6954068072b2b8702021-12-22 11:49:37.947root 11241100x80000000000000003857538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f461e6bba9aa2ce22021-12-22 11:49:37.947root 11241100x80000000000000003857539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39ea6bc8c380c7e2021-12-22 11:49:37.947root 11241100x80000000000000003857540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f799cc341ac2556f2021-12-22 11:49:37.947root 11241100x80000000000000003857541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f315fdebb0e9b82021-12-22 11:49:37.947root 11241100x80000000000000003857542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a0a83fd226b6ca2021-12-22 11:49:37.947root 11241100x80000000000000003857543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc85cd201d8807132021-12-22 11:49:37.947root 11241100x80000000000000003857544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a3b6b5dc847f412021-12-22 11:49:37.948root 11241100x80000000000000003857545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f301ccd68b379c3b2021-12-22 11:49:37.948root 11241100x80000000000000003857546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06514f35aec142032021-12-22 11:49:37.948root 11241100x80000000000000003857547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6880052989881e2021-12-22 11:49:37.948root 11241100x80000000000000003857548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:37.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457a46300457368a2021-12-22 11:49:37.948root 11241100x80000000000000003857549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3535084d3226d3bf2021-12-22 11:49:38.443root 11241100x80000000000000003857550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a06fd1116d5f462021-12-22 11:49:38.443root 11241100x80000000000000003857551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605b18ba780caa7a2021-12-22 11:49:38.443root 11241100x80000000000000003857552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5828c5ac3e2b09d82021-12-22 11:49:38.443root 11241100x80000000000000003857553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1dd9b993f036abb2021-12-22 11:49:38.444root 11241100x80000000000000003857554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac904f65299bff3d2021-12-22 11:49:38.444root 11241100x80000000000000003857555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2035a2242891a1b2021-12-22 11:49:38.444root 11241100x80000000000000003857556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9584637d6fcfaf42021-12-22 11:49:38.444root 11241100x80000000000000003857557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9ad9e13dea73a42021-12-22 11:49:38.444root 11241100x80000000000000003857558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e1a322dc5a5b372021-12-22 11:49:38.444root 11241100x80000000000000003857559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f612dc7d6a1ee1ea2021-12-22 11:49:38.444root 11241100x80000000000000003857560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0123e5d4884de3d2021-12-22 11:49:38.444root 11241100x80000000000000003857561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6609d486597dd32021-12-22 11:49:38.444root 11241100x80000000000000003857562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20df97a55fdfe032021-12-22 11:49:38.445root 11241100x80000000000000003857563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47e7f76b20782882021-12-22 11:49:38.445root 11241100x80000000000000003857564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c24397f66a46cd2021-12-22 11:49:38.445root 11241100x80000000000000003857565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f64da8e48dcdf22021-12-22 11:49:38.445root 11241100x80000000000000003857566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4432f2f072706fcf2021-12-22 11:49:38.445root 11241100x80000000000000003857567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b63090ab0c23522021-12-22 11:49:38.445root 11241100x80000000000000003857568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1b57fbff90d2592021-12-22 11:49:38.445root 11241100x80000000000000003857569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2feca3cb7a3207962021-12-22 11:49:38.446root 11241100x80000000000000003857570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1955f698df39df302021-12-22 11:49:38.446root 11241100x80000000000000003857571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496e0f45ec7882b92021-12-22 11:49:38.446root 11241100x80000000000000003857572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3bd3a9ae58a39df2021-12-22 11:49:38.446root 11241100x80000000000000003857573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d577579b6db7382021-12-22 11:49:38.446root 11241100x80000000000000003857574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54515fabb44cc9b2021-12-22 11:49:38.446root 11241100x80000000000000003857575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12da0eb106a004f32021-12-22 11:49:38.450root 11241100x80000000000000003857576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abc48180d0355bd2021-12-22 11:49:38.450root 11241100x80000000000000003857577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f0979728b0beb42021-12-22 11:49:38.450root 11241100x80000000000000003857578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26f0ce6c362b02d2021-12-22 11:49:38.451root 11241100x80000000000000003857579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464d988f33f04f7f2021-12-22 11:49:38.451root 11241100x80000000000000003857580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0eb465e4d2bdb9c2021-12-22 11:49:38.451root 11241100x80000000000000003857581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d364183e9de53f2021-12-22 11:49:38.451root 11241100x80000000000000003857582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ba585aec75ef012021-12-22 11:49:38.451root 11241100x80000000000000003857583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45f9b680ccab1632021-12-22 11:49:38.451root 11241100x80000000000000003857584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e00a6e062baeada2021-12-22 11:49:38.451root 11241100x80000000000000003857585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a746660a2b5bde3a2021-12-22 11:49:38.451root 11241100x80000000000000003857586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9ac87883b7a03b2021-12-22 11:49:38.451root 11241100x80000000000000003857587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf8be361ec602e92021-12-22 11:49:38.451root 11241100x80000000000000003857588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c87026ad8f6a632021-12-22 11:49:38.451root 11241100x80000000000000003857589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562d3692c5f53d9e2021-12-22 11:49:38.451root 11241100x80000000000000003857590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec75b93279cdc2002021-12-22 11:49:38.451root 11241100x80000000000000003857591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c8fff2664f68442021-12-22 11:49:38.452root 11241100x80000000000000003857592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be00b39bd67eb30d2021-12-22 11:49:38.452root 11241100x80000000000000003857593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e09b9d04a9218422021-12-22 11:49:38.452root 11241100x80000000000000003857594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0eafa89fae1a312021-12-22 11:49:38.452root 11241100x80000000000000003857595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39583aece4231772021-12-22 11:49:38.452root 11241100x80000000000000003857596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76bf68f5963c6a372021-12-22 11:49:38.452root 11241100x80000000000000003857597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88b563fb125bb492021-12-22 11:49:38.453root 11241100x80000000000000003857598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c6025b3598762d2021-12-22 11:49:38.453root 11241100x80000000000000003857599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d080e32b714994ab2021-12-22 11:49:38.453root 11241100x80000000000000003857600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a3693cb11076762021-12-22 11:49:38.943root 11241100x80000000000000003857601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d5484ff75172882021-12-22 11:49:38.943root 11241100x80000000000000003857602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60aeaa0606d98fa2021-12-22 11:49:38.943root 11241100x80000000000000003857603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a13825c8e13b722021-12-22 11:49:38.943root 11241100x80000000000000003857604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9cacfd937b43b0e2021-12-22 11:49:38.944root 11241100x80000000000000003857605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae468a337f799c4e2021-12-22 11:49:38.944root 11241100x80000000000000003857606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0a324b5171f6ff2021-12-22 11:49:38.944root 11241100x80000000000000003857607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a50e2a13b489c282021-12-22 11:49:38.944root 11241100x80000000000000003857608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b907acc55b4db4e12021-12-22 11:49:38.944root 11241100x80000000000000003857609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e9bafc511f66e42021-12-22 11:49:38.944root 11241100x80000000000000003857610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaec9f22ec73c1302021-12-22 11:49:38.944root 11241100x80000000000000003857611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98a2bb8115131542021-12-22 11:49:38.944root 11241100x80000000000000003857612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ecd522e455589d32021-12-22 11:49:38.944root 11241100x80000000000000003857613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9956afc4a467cdfb2021-12-22 11:49:38.944root 11241100x80000000000000003857614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3eab0a5ccd1d67b2021-12-22 11:49:38.945root 11241100x80000000000000003857615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb316ba75ebdc0ee2021-12-22 11:49:38.945root 11241100x80000000000000003857616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f858452433647c42021-12-22 11:49:38.945root 11241100x80000000000000003857617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8682c990884f069f2021-12-22 11:49:38.945root 11241100x80000000000000003857618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5f5d75a70efd4e2021-12-22 11:49:38.945root 11241100x80000000000000003857619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c63cedd303f9cef2021-12-22 11:49:38.945root 11241100x80000000000000003857620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb683e0abad422022021-12-22 11:49:38.946root 11241100x80000000000000003857621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a10a26f43ed0d82021-12-22 11:49:38.946root 11241100x80000000000000003857622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80118ffcbbb123202021-12-22 11:49:38.946root 11241100x80000000000000003857623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458d3da3421d4e4b2021-12-22 11:49:38.946root 11241100x80000000000000003857624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe45a740d24c4c102021-12-22 11:49:38.946root 11241100x80000000000000003857625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a648f343595bc8f2021-12-22 11:49:38.946root 11241100x80000000000000003857626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc14e05a283b23372021-12-22 11:49:38.946root 11241100x80000000000000003857627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14eb1c669a73c01a2021-12-22 11:49:38.946root 11241100x80000000000000003857628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c364491d9fb61422021-12-22 11:49:38.946root 11241100x80000000000000003857629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be58534201f55ad12021-12-22 11:49:38.946root 11241100x80000000000000003857630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c964af70e303c42021-12-22 11:49:38.946root 11241100x80000000000000003857631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ccb3905b2c222d2021-12-22 11:49:38.946root 11241100x80000000000000003857632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba215c539eadedc92021-12-22 11:49:38.946root 11241100x80000000000000003857633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eec8e0ff929b1742021-12-22 11:49:38.946root 11241100x80000000000000003857634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2cdb27c036a0952021-12-22 11:49:38.946root 11241100x80000000000000003857635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21b54f740324b232021-12-22 11:49:38.947root 11241100x80000000000000003857636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1f4bb781b6a8af2021-12-22 11:49:39.443root 11241100x80000000000000003857637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e6f5fdeb965f8c2021-12-22 11:49:39.443root 11241100x80000000000000003857638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311c3545a23a85c32021-12-22 11:49:39.444root 11241100x80000000000000003857639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1cb3e6e531817ff2021-12-22 11:49:39.444root 11241100x80000000000000003857640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2344b357c6cecca92021-12-22 11:49:39.444root 11241100x80000000000000003857641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48df4d2031dc4fa62021-12-22 11:49:39.445root 11241100x80000000000000003857642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84aeda59c13957042021-12-22 11:49:39.445root 11241100x80000000000000003857643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba033fb8b02dd56b2021-12-22 11:49:39.445root 11241100x80000000000000003857644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428d002b80e42a9a2021-12-22 11:49:39.445root 11241100x80000000000000003857645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439a93754e84767c2021-12-22 11:49:39.446root 11241100x80000000000000003857646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f08ba2f0ba99cd42021-12-22 11:49:39.446root 11241100x80000000000000003857647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2295f38a3e5dca2021-12-22 11:49:39.446root 11241100x80000000000000003857648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b4f1801ef03a3c2021-12-22 11:49:39.446root 11241100x80000000000000003857649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1024c238c4eacd6d2021-12-22 11:49:39.446root 11241100x80000000000000003857650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6c9c8b3ca8d2e82021-12-22 11:49:39.446root 11241100x80000000000000003857651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad8367a46413d292021-12-22 11:49:39.446root 11241100x80000000000000003857652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b2f5f0d5337ae22021-12-22 11:49:39.446root 11241100x80000000000000003857653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab5c06e384f6c0c2021-12-22 11:49:39.447root 11241100x80000000000000003857654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef2567708fa170b2021-12-22 11:49:39.447root 11241100x80000000000000003857655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf49dfb2f79af4162021-12-22 11:49:39.447root 11241100x80000000000000003857656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6831e98e018bfc2021-12-22 11:49:39.447root 11241100x80000000000000003857657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791b1c0b0253eb4e2021-12-22 11:49:39.447root 11241100x80000000000000003857658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f533e4e17613a672021-12-22 11:49:39.447root 11241100x80000000000000003857659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9503c6c234c57fc2021-12-22 11:49:39.447root 11241100x80000000000000003857660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd99f2bfe497b7f2021-12-22 11:49:39.447root 11241100x80000000000000003857661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51776686e8a525d22021-12-22 11:49:39.447root 11241100x80000000000000003857662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e765119a2538a622021-12-22 11:49:39.448root 11241100x80000000000000003857663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0642cc875f82cdec2021-12-22 11:49:39.448root 11241100x80000000000000003857664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5067374662faf82021-12-22 11:49:39.448root 11241100x80000000000000003857665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ae446ccc9a82f12021-12-22 11:49:39.448root 11241100x80000000000000003857666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36eb1870fe5682092021-12-22 11:49:39.448root 11241100x80000000000000003857667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38917b2c8462d5732021-12-22 11:49:39.448root 11241100x80000000000000003857668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300349e02e805db02021-12-22 11:49:39.448root 11241100x80000000000000003857669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70864127aee8b6832021-12-22 11:49:39.448root 11241100x80000000000000003857670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08992bece3f8ee9e2021-12-22 11:49:39.448root 11241100x80000000000000003857671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e79da92af59d91b2021-12-22 11:49:39.448root 11241100x80000000000000003857672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf5b5c2da5e2bca2021-12-22 11:49:39.449root 11241100x80000000000000003857673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794d416d3d2e93c62021-12-22 11:49:39.449root 11241100x80000000000000003857674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4bf491879b216c2021-12-22 11:49:39.449root 11241100x80000000000000003857675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569b1d40d02a84612021-12-22 11:49:39.449root 11241100x80000000000000003857676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077caa2a45111a782021-12-22 11:49:39.943root 11241100x80000000000000003857677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ab752fe8d4ede22021-12-22 11:49:39.943root 11241100x80000000000000003857678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c830d5a5e28f4ec62021-12-22 11:49:39.943root 11241100x80000000000000003857679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c39128541e38722021-12-22 11:49:39.943root 11241100x80000000000000003857680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2808602e85bb7f2021-12-22 11:49:39.944root 11241100x80000000000000003857681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54e78a5a3b6ad172021-12-22 11:49:39.944root 11241100x80000000000000003857682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d39b6f9736cbd542021-12-22 11:49:39.944root 11241100x80000000000000003857683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a5fd267dc396d22021-12-22 11:49:39.944root 11241100x80000000000000003857684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2be36f36aeeb5012021-12-22 11:49:39.944root 11241100x80000000000000003857685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4415ade0d93f498c2021-12-22 11:49:39.944root 11241100x80000000000000003857686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0683c7ac0511b2bb2021-12-22 11:49:39.945root 11241100x80000000000000003857687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5035c4471206ee02021-12-22 11:49:39.945root 11241100x80000000000000003857688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff3fed01ce7ce092021-12-22 11:49:39.945root 11241100x80000000000000003857689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be22d1694ae7d4852021-12-22 11:49:39.945root 11241100x80000000000000003857690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecb7854c085dbb92021-12-22 11:49:39.945root 11241100x80000000000000003857691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f38c571c53a45632021-12-22 11:49:39.946root 11241100x80000000000000003857692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65718062f32c109e2021-12-22 11:49:39.946root 11241100x80000000000000003857693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f96a16f831fe42c2021-12-22 11:49:39.946root 11241100x80000000000000003857694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811b3a3f25e54c1c2021-12-22 11:49:39.946root 11241100x80000000000000003857695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e75fdf44db7a2e2021-12-22 11:49:39.946root 11241100x80000000000000003857696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b024fab13a6b53a2021-12-22 11:49:39.946root 11241100x80000000000000003857697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfdc7fe02bcfeaff2021-12-22 11:49:39.946root 11241100x80000000000000003857698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10d098b485c355e2021-12-22 11:49:39.946root 11241100x80000000000000003857699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25837af120b47d92021-12-22 11:49:39.946root 11241100x80000000000000003857700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b29daaef5e56ac2021-12-22 11:49:39.946root 11241100x80000000000000003857701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949dd3bb9879733d2021-12-22 11:49:39.946root 11241100x80000000000000003857702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4fefca7c29f9e122021-12-22 11:49:39.946root 11241100x80000000000000003857703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff03a0c8346d4c452021-12-22 11:49:39.947root 11241100x80000000000000003857704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70018a38e6cd52782021-12-22 11:49:39.947root 11241100x80000000000000003857705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4198191026ee9ec2021-12-22 11:49:39.947root 11241100x80000000000000003857706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a66cc379219eff72021-12-22 11:49:39.947root 11241100x80000000000000003857707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98ac9dba0a340c52021-12-22 11:49:39.947root 11241100x80000000000000003857708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53306a5106fcd6822021-12-22 11:49:39.947root 11241100x80000000000000003857709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4935adfa3c922f2b2021-12-22 11:49:39.947root 11241100x80000000000000003857710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef23d2079bb0df3c2021-12-22 11:49:39.948root 11241100x80000000000000003857711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb08467f3e232b2e2021-12-22 11:49:39.948root 11241100x80000000000000003857712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459a33e9e2cc3df82021-12-22 11:49:39.948root 11241100x80000000000000003857713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd38a552f704a2452021-12-22 11:49:39.948root 11241100x80000000000000003857714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6dbe7f3ee439752021-12-22 11:49:39.948root 11241100x80000000000000003857715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6977bf659e0b10f2021-12-22 11:49:39.948root 11241100x80000000000000003857716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b98ed1e23cbd782021-12-22 11:49:39.948root 11241100x80000000000000003857717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a089cf830a5381612021-12-22 11:49:39.948root 11241100x80000000000000003857718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d92a8c10f61cad2021-12-22 11:49:39.948root 11241100x80000000000000003857719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8519f7c4f4fda92021-12-22 11:49:39.949root 11241100x80000000000000003857720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7569d7658efc83a92021-12-22 11:49:39.949root 11241100x80000000000000003857721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c96c99e7b4d8382021-12-22 11:49:39.949root 11241100x80000000000000003857722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85050e7056662f6f2021-12-22 11:49:39.949root 11241100x80000000000000003857723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:39.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f558b415455a382021-12-22 11:49:39.949root 354300x80000000000000003857724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.046{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55510-false10.0.1.12-8000- 11241100x80000000000000003857725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3637c43053bc9b6a2021-12-22 11:49:40.443root 11241100x80000000000000003857726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2f1674120622212021-12-22 11:49:40.443root 11241100x80000000000000003857727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4526125628ab40ce2021-12-22 11:49:40.443root 11241100x80000000000000003857728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60980a465223900a2021-12-22 11:49:40.444root 11241100x80000000000000003857729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5cab9fd9266b3f2021-12-22 11:49:40.444root 11241100x80000000000000003857730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc46c7375b0729ff2021-12-22 11:49:40.444root 11241100x80000000000000003857731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3504f5bc35311db2021-12-22 11:49:40.444root 11241100x80000000000000003857732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff560847080d7b42021-12-22 11:49:40.444root 11241100x80000000000000003857733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47a22c05c61518b2021-12-22 11:49:40.444root 11241100x80000000000000003857734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3abb965ea02bd92021-12-22 11:49:40.444root 11241100x80000000000000003857735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd4b002b976ea7f2021-12-22 11:49:40.444root 11241100x80000000000000003857736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b8a9940dc001702021-12-22 11:49:40.444root 11241100x80000000000000003857737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8e2ef72fb857d32021-12-22 11:49:40.445root 11241100x80000000000000003857738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49bd750ed7093a762021-12-22 11:49:40.445root 11241100x80000000000000003857739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a318c51c564e7e182021-12-22 11:49:40.445root 11241100x80000000000000003857740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5b6916a7e147012021-12-22 11:49:40.445root 11241100x80000000000000003857741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9aae9ed3de97252021-12-22 11:49:40.445root 11241100x80000000000000003857742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666793fda2a4a4842021-12-22 11:49:40.445root 11241100x80000000000000003857743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878710bdb9a5d8882021-12-22 11:49:40.445root 11241100x80000000000000003857744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2fb46019ac9f39c2021-12-22 11:49:40.445root 11241100x80000000000000003857745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68404121cf0cfdd2021-12-22 11:49:40.445root 11241100x80000000000000003857746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e475214c24f622e2021-12-22 11:49:40.445root 11241100x80000000000000003857747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8629f0059c7254da2021-12-22 11:49:40.446root 11241100x80000000000000003857748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c2f6f8c7fc93812021-12-22 11:49:40.446root 11241100x80000000000000003857749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d44711e849f528b2021-12-22 11:49:40.446root 11241100x80000000000000003857750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4aeac3d214d8dd2021-12-22 11:49:40.446root 11241100x80000000000000003857751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90acbf35cb271ad2021-12-22 11:49:40.446root 11241100x80000000000000003857752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d12c035e795680a2021-12-22 11:49:40.446root 11241100x80000000000000003857753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634d7139ffe867a62021-12-22 11:49:40.446root 11241100x80000000000000003857754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640f2fb22faa21a92021-12-22 11:49:40.446root 11241100x80000000000000003857755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de701a4d469ae25e2021-12-22 11:49:40.446root 11241100x80000000000000003857756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc5d16ca85cd52c2021-12-22 11:49:40.446root 11241100x80000000000000003857757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099597c9addd7cac2021-12-22 11:49:40.446root 11241100x80000000000000003857758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141562e7a4ddd8792021-12-22 11:49:40.447root 11241100x80000000000000003857759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c40ccf40acf13df2021-12-22 11:49:40.447root 11241100x80000000000000003857760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc8267aa383861b2021-12-22 11:49:40.447root 11241100x80000000000000003857761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c86f6895cc6262d2021-12-22 11:49:40.447root 11241100x80000000000000003857762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee94951d69c92b52021-12-22 11:49:40.447root 11241100x80000000000000003857763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039b6919fd89f4212021-12-22 11:49:40.447root 11241100x80000000000000003857764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09d36de17973c632021-12-22 11:49:40.447root 11241100x80000000000000003857765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3398fc559473bd162021-12-22 11:49:40.447root 11241100x80000000000000003857766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5028739bb47279382021-12-22 11:49:40.447root 11241100x80000000000000003857767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9388c1bf1c51d53c2021-12-22 11:49:40.447root 11241100x80000000000000003857768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a594096c21a6d7c2021-12-22 11:49:40.447root 11241100x80000000000000003857769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b96f0b7f5a62bc2021-12-22 11:49:40.448root 11241100x80000000000000003857770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b05d9b724365a182021-12-22 11:49:40.448root 11241100x80000000000000003857771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f670bbb59312112021-12-22 11:49:40.448root 11241100x80000000000000003857772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13217a6e02c244212021-12-22 11:49:40.448root 11241100x80000000000000003857773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027747aa13d679062021-12-22 11:49:40.448root 11241100x80000000000000003857774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c0a2d6cdb0a4b52021-12-22 11:49:40.448root 11241100x80000000000000003857775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f27d81aca8207e2021-12-22 11:49:40.448root 11241100x80000000000000003857776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4989b1330e9299fd2021-12-22 11:49:40.448root 11241100x80000000000000003857777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620ddd50c38725132021-12-22 11:49:40.448root 11241100x80000000000000003857778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca0c42001a8873a2021-12-22 11:49:40.448root 11241100x80000000000000003857779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0958c688fc96c632021-12-22 11:49:40.448root 11241100x80000000000000003857780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4d6693e357d03a2021-12-22 11:49:40.449root 11241100x80000000000000003857781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1afb1b6ba4ae60042021-12-22 11:49:40.449root 11241100x80000000000000003857782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78260c5a3645d7d22021-12-22 11:49:40.449root 11241100x80000000000000003857783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9678417dffa98a2021-12-22 11:49:40.449root 11241100x80000000000000003857784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e1281da0e0e9012021-12-22 11:49:40.449root 11241100x80000000000000003857785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa6d4af205934812021-12-22 11:49:40.449root 11241100x80000000000000003857786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449aecd3e963d2682021-12-22 11:49:40.449root 11241100x80000000000000003857787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48faa81b338eec22021-12-22 11:49:40.449root 11241100x80000000000000003857788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c9a685dfffca712021-12-22 11:49:40.449root 11241100x80000000000000003857789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f58f937ac4c0eb62021-12-22 11:49:40.450root 11241100x80000000000000003857790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756aeeb2194d4ce22021-12-22 11:49:40.450root 11241100x80000000000000003857791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0f1c8ec65030ea2021-12-22 11:49:40.450root 11241100x80000000000000003857792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e71debe7d1f4672021-12-22 11:49:40.450root 11241100x80000000000000003857793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d161ad7f0f92b8952021-12-22 11:49:40.450root 11241100x80000000000000003857794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b6ad2ef179fdb32021-12-22 11:49:40.450root 11241100x80000000000000003857795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86fd8ca7d0e6c0a82021-12-22 11:49:40.450root 11241100x80000000000000003857796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ce9df6bfb7155a2021-12-22 11:49:40.450root 11241100x80000000000000003857797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e71964b42701cb2021-12-22 11:49:40.450root 11241100x80000000000000003857798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee854990c25d4bd2021-12-22 11:49:40.450root 11241100x80000000000000003857799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2c7d4ce97b98f52021-12-22 11:49:40.450root 11241100x80000000000000003857800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5075897d00613212021-12-22 11:49:40.451root 11241100x80000000000000003857801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc48390d77b6537c2021-12-22 11:49:40.451root 11241100x80000000000000003857802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5774848f336c3e852021-12-22 11:49:40.451root 11241100x80000000000000003857803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eea54b51df1e4742021-12-22 11:49:40.451root 11241100x80000000000000003857804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66734a198bb38b8e2021-12-22 11:49:40.451root 11241100x80000000000000003857805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd805010adfe2f42021-12-22 11:49:40.451root 11241100x80000000000000003857806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2285b545667c9b72021-12-22 11:49:40.452root 11241100x80000000000000003857807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259f7146e078746d2021-12-22 11:49:40.452root 11241100x80000000000000003857808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d32c89b288261d2021-12-22 11:49:40.452root 11241100x80000000000000003857809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffdeb593c41e05d42021-12-22 11:49:40.452root 11241100x80000000000000003857810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b54a204b51690952021-12-22 11:49:40.452root 11241100x80000000000000003857811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e010d6824df77352021-12-22 11:49:40.452root 11241100x80000000000000003857812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362d3f4a82b1db342021-12-22 11:49:40.452root 11241100x80000000000000003857813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95139855fddc6bd2021-12-22 11:49:40.452root 11241100x80000000000000003857814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244be51d982d28872021-12-22 11:49:40.452root 154100x80000000000000003857815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.807{ec2b6afe-10d4-61c3-10c0-3f2087550000}19099/bin/touch-----touch run_hook.sh/home/ubuntuubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 11241100x80000000000000003857816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.808{ec2b6afe-10d4-61c3-10c0-3f2087550000}19099/bin/touch/home/ubuntu/run_hook.sh2021-12-22 11:49:40.808ubuntu 534500x80000000000000003857817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.808{ec2b6afe-10d4-61c3-10c0-3f2087550000}19099/bin/touchubuntu 11241100x80000000000000003857818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.808{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae706b546572b732021-12-22 11:49:40.808root 11241100x80000000000000003857819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.808{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba57296c37185372021-12-22 11:49:40.808root 11241100x80000000000000003857820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.808{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c83f7c72271d382021-12-22 11:49:40.808root 11241100x80000000000000003857821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.808{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e30f894c3a2413e2021-12-22 11:49:40.808root 11241100x80000000000000003857822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.809{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ed679d7515736b2021-12-22 11:49:40.809root 11241100x80000000000000003857823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.809{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9c70c3484c556d2021-12-22 11:49:40.809root 11241100x80000000000000003857824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.809{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a508888af625ff2021-12-22 11:49:40.809root 11241100x80000000000000003857825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.809{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab01219068e4e91c2021-12-22 11:49:40.809root 11241100x80000000000000003857826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.809{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ce9187a55d44ab2021-12-22 11:49:40.809root 11241100x80000000000000003857827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.810{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b0683f3be2b4d02021-12-22 11:49:40.810root 11241100x80000000000000003857828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.810{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0b57776dc013622021-12-22 11:49:40.810root 11241100x80000000000000003857829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.810{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df578b86d10b30012021-12-22 11:49:40.810root 11241100x80000000000000003857830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.810{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483a63c2a18245e42021-12-22 11:49:40.810root 11241100x80000000000000003857831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.810{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7461fb49f43bbeec2021-12-22 11:49:40.810root 11241100x80000000000000003857832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.810{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd135a9c9f645ec2021-12-22 11:49:40.810root 11241100x80000000000000003857833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.810{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47397f1d075006512021-12-22 11:49:40.810root 11241100x80000000000000003857834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.810{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c088b54b01baf02021-12-22 11:49:40.810root 11241100x80000000000000003857835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.811{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2cbb92d0a4e9332021-12-22 11:49:40.811root 11241100x80000000000000003857836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.811{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253ecb69bfe461e82021-12-22 11:49:40.811root 11241100x80000000000000003857837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.811{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2b65fdfbab586c2021-12-22 11:49:40.811root 11241100x80000000000000003857838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.811{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7821d68fd7a507f92021-12-22 11:49:40.811root 11241100x80000000000000003857839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.811{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b619efead7b518f2021-12-22 11:49:40.811root 11241100x80000000000000003857840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.811{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b31110ddedca6a72021-12-22 11:49:40.811root 11241100x80000000000000003857841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.811{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f577562b03a334642021-12-22 11:49:40.811root 11241100x80000000000000003857842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.812{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4330bb4a2836452b2021-12-22 11:49:40.812root 11241100x80000000000000003857843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.812{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779192820cc828602021-12-22 11:49:40.812root 11241100x80000000000000003857844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.812{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d97ba9c0f4ea7772021-12-22 11:49:40.812root 11241100x80000000000000003857845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.812{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b923983075891fb2021-12-22 11:49:40.812root 11241100x80000000000000003857846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.812{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43d8ee0827adc2a2021-12-22 11:49:40.812root 11241100x80000000000000003857847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.812{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111affadcf28c6bb2021-12-22 11:49:40.812root 11241100x80000000000000003857848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.813{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84256d85e4f3b4d2021-12-22 11:49:40.813root 11241100x80000000000000003857849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.813{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d0564eb2f7050e2021-12-22 11:49:40.813root 11241100x80000000000000003857850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.813{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0421bd043e14c0372021-12-22 11:49:40.813root 11241100x80000000000000003857851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.813{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78648d94b48adbd32021-12-22 11:49:40.813root 11241100x80000000000000003857852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.813{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dced1a119c41de52021-12-22 11:49:40.813root 11241100x80000000000000003857853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.813{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef766c8a58310c02021-12-22 11:49:40.813root 11241100x80000000000000003857854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.813{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b39f6a8ece9e2372021-12-22 11:49:40.813root 11241100x80000000000000003857855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.814{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824e33a28cdaae6e2021-12-22 11:49:40.814root 11241100x80000000000000003857856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.814{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e11e312a0836a042021-12-22 11:49:40.814root 11241100x80000000000000003857857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.814{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1843c894a68501282021-12-22 11:49:40.814root 11241100x80000000000000003857858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.814{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6972256b7f63d92021-12-22 11:49:40.814root 11241100x80000000000000003857859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.814{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b586747c2e4bcae02021-12-22 11:49:40.814root 11241100x80000000000000003857860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.814{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52e6c1cfc8a7f9a2021-12-22 11:49:40.814root 11241100x80000000000000003857861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.815{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32fe4b6f25e6d4f62021-12-22 11:49:40.815root 11241100x80000000000000003857862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.815{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e043b6dfaeab8a72021-12-22 11:49:40.815root 11241100x80000000000000003857863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.815{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b19c27adfff519b2021-12-22 11:49:40.815root 11241100x80000000000000003857864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.815{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d867423e5ab3f4a42021-12-22 11:49:40.815root 11241100x80000000000000003857865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.815{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85be73b14e63c0412021-12-22 11:49:40.815root 11241100x80000000000000003857866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.815{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f67e07d682614b62021-12-22 11:49:40.815root 11241100x80000000000000003857867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.815{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7003d713b3bd1d92021-12-22 11:49:40.815root 11241100x80000000000000003857868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.816{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee7d229667822ec2021-12-22 11:49:40.816root 11241100x80000000000000003857869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.816{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c2dd164abc0c102021-12-22 11:49:40.816root 11241100x80000000000000003857870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.816{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3800c7f5d67ef22021-12-22 11:49:40.816root 11241100x80000000000000003857871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.816{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f419008c4b71a9952021-12-22 11:49:40.816root 11241100x80000000000000003857872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.816{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f4a7fb599122f82021-12-22 11:49:40.816root 11241100x80000000000000003857873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.816{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8420be39092ac482021-12-22 11:49:40.816root 11241100x80000000000000003857874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.817{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21d7ed60b4de3152021-12-22 11:49:40.817root 11241100x80000000000000003857875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.817{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d354deb424825712021-12-22 11:49:40.817root 11241100x80000000000000003857876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.817{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e97263a33d0d022021-12-22 11:49:40.817root 11241100x80000000000000003857877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.817{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3174a1b07c0152272021-12-22 11:49:40.817root 11241100x80000000000000003857878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.817{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2dce3ed30996862021-12-22 11:49:40.817root 11241100x80000000000000003857879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.817{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c706c7a58cc41be2021-12-22 11:49:40.817root 11241100x80000000000000003857880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.817{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3d9540174ef7b22021-12-22 11:49:40.817root 11241100x80000000000000003857881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.818{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a86df4f53c196f2021-12-22 11:49:40.818root 11241100x80000000000000003857882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.818{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2be670a34603bd32021-12-22 11:49:40.818root 11241100x80000000000000003857883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.818{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c9858d56ad8e582021-12-22 11:49:40.818root 11241100x80000000000000003857884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.818{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5bd6fd08e5951462021-12-22 11:49:40.818root 11241100x80000000000000003857885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.818{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8c85cebcdada182021-12-22 11:49:40.818root 11241100x80000000000000003857886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.818{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa7d6e2a2fadd752021-12-22 11:49:40.818root 11241100x80000000000000003857887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.819{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34fc62f2d9dad4f2021-12-22 11:49:40.819root 11241100x80000000000000003857888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.819{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2932599b747746362021-12-22 11:49:40.819root 11241100x80000000000000003857889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.819{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96130e935ed759dd2021-12-22 11:49:40.819root 11241100x80000000000000003857890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.819{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0142a474a290022021-12-22 11:49:40.819root 11241100x80000000000000003857891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.819{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e31cb8cb5ef4012021-12-22 11:49:40.819root 11241100x80000000000000003857892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.819{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca41b0f56026edb2021-12-22 11:49:40.819root 11241100x80000000000000003857893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.819{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cd2e3fce8ba1a92021-12-22 11:49:40.819root 11241100x80000000000000003857894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.819{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a490f7dec2a36db2021-12-22 11:49:40.819root 11241100x80000000000000003857895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.819{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0877c519c2889a5d2021-12-22 11:49:40.819root 11241100x80000000000000003857896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.819{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09250e5dc054ec372021-12-22 11:49:40.819root 11241100x80000000000000003857897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.819{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2a65ae4e8932332021-12-22 11:49:40.819root 11241100x80000000000000003857898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.820{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7c411810bba0ec2021-12-22 11:49:40.820root 11241100x80000000000000003857899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.820{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc16ae8ad3546a732021-12-22 11:49:40.820root 11241100x80000000000000003857900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.820{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6891c743850d3762021-12-22 11:49:40.820root 11241100x80000000000000003857901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.820{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e5d6fddc502a042021-12-22 11:49:40.820root 11241100x80000000000000003857902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.820{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c9bb660f1473de2021-12-22 11:49:40.820root 11241100x80000000000000003857903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.820{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d770999d68d385bd2021-12-22 11:49:40.820root 11241100x80000000000000003857904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.820{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6f98eba9b4f68d2021-12-22 11:49:40.820root 11241100x80000000000000003857905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.820{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366e14fb70e75f562021-12-22 11:49:40.820root 11241100x80000000000000003857906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.821{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869367d4a1f292d92021-12-22 11:49:40.821root 11241100x80000000000000003857907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.821{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0496e6119002382021-12-22 11:49:40.821root 11241100x80000000000000003857908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.821{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243c1373f16d607d2021-12-22 11:49:40.821root 11241100x80000000000000003857909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.821{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a70e3104a4f4b62021-12-22 11:49:40.821root 11241100x80000000000000003857910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.821{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c33e66db0bce622021-12-22 11:49:40.821root 11241100x80000000000000003857911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.821{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9799605d6205b9eb2021-12-22 11:49:40.821root 11241100x80000000000000003857912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.821{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413231fec729d4422021-12-22 11:49:40.821root 11241100x80000000000000003857913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.821{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6345a99aec05598f2021-12-22 11:49:40.821root 11241100x80000000000000003857914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.821{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d93e87f69b01222021-12-22 11:49:40.821root 11241100x80000000000000003857915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.821{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a3c140608e84722021-12-22 11:49:40.821root 11241100x80000000000000003857916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.821{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a770eba6d21f2e2021-12-22 11:49:40.821root 11241100x80000000000000003857917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.822{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c571cba86af27cb2021-12-22 11:49:40.822root 11241100x80000000000000003857918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.822{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856ef6411568b4c72021-12-22 11:49:40.822root 11241100x80000000000000003857919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.822{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da9305ab7d9e5df2021-12-22 11:49:40.822root 11241100x80000000000000003857920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.822{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff65a5e149603fc82021-12-22 11:49:40.822root 11241100x80000000000000003857921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.822{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca74a95c4d3dac22021-12-22 11:49:40.822root 11241100x80000000000000003857922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.822{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c906da024a7c15282021-12-22 11:49:40.822root 11241100x80000000000000003857923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:40.822{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c147950a41d0e202021-12-22 11:49:40.822root 11241100x80000000000000003857924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e69d9662c289f472021-12-22 11:49:41.192root 11241100x80000000000000003857925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04c2c971b0bb2d02021-12-22 11:49:41.193root 11241100x80000000000000003857926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23b727ed9a9a89e2021-12-22 11:49:41.193root 11241100x80000000000000003857927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca833244a3cdc882021-12-22 11:49:41.193root 11241100x80000000000000003857928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed8b98e62c803342021-12-22 11:49:41.193root 11241100x80000000000000003857929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6ae192231f22912021-12-22 11:49:41.193root 11241100x80000000000000003857930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54464b7c60620402021-12-22 11:49:41.193root 11241100x80000000000000003857931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ec4c01988465262021-12-22 11:49:41.193root 11241100x80000000000000003857932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3a6d9242c295dc2021-12-22 11:49:41.194root 11241100x80000000000000003857933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071d14d7862db6672021-12-22 11:49:41.194root 11241100x80000000000000003857934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a21c6b6478982d2021-12-22 11:49:41.194root 11241100x80000000000000003857935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46babe8e2fdd4bf82021-12-22 11:49:41.194root 11241100x80000000000000003857936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d0a575a8e1a29e2021-12-22 11:49:41.194root 11241100x80000000000000003857937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e492e6bbf59446fd2021-12-22 11:49:41.194root 11241100x80000000000000003857938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d95201cef05b4c2021-12-22 11:49:41.194root 11241100x80000000000000003857939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6c7e099c8182702021-12-22 11:49:41.195root 11241100x80000000000000003857940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8303e9e8ee582252021-12-22 11:49:41.195root 11241100x80000000000000003857941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3641b2dc552e0dd2021-12-22 11:49:41.195root 11241100x80000000000000003857942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17138514b2b28b52021-12-22 11:49:41.195root 11241100x80000000000000003857943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7943b7b4ae5da32a2021-12-22 11:49:41.195root 11241100x80000000000000003857944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1954a8ac4934ac2021-12-22 11:49:41.195root 11241100x80000000000000003857945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a384d881dbb6405d2021-12-22 11:49:41.195root 11241100x80000000000000003857946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9766e9adea0feb542021-12-22 11:49:41.195root 11241100x80000000000000003857947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b02af2e2efa98b42021-12-22 11:49:41.195root 11241100x80000000000000003857948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9cc1e9bccd56cd2021-12-22 11:49:41.196root 11241100x80000000000000003857949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9892730670f253792021-12-22 11:49:41.196root 11241100x80000000000000003857950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8485f0ba6cf639aa2021-12-22 11:49:41.196root 11241100x80000000000000003857951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c962aee353a0022021-12-22 11:49:41.196root 11241100x80000000000000003857952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd2faef247fd9282021-12-22 11:49:41.196root 11241100x80000000000000003857953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916a822f02ba0a462021-12-22 11:49:41.196root 11241100x80000000000000003857954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51797cd3f280854b2021-12-22 11:49:41.196root 11241100x80000000000000003857955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c9b3ec2b835edf2021-12-22 11:49:41.196root 11241100x80000000000000003857956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd9aecd0e0972ed2021-12-22 11:49:41.196root 11241100x80000000000000003857957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327f90eb24c81f482021-12-22 11:49:41.197root 11241100x80000000000000003857958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e37241b4109a6c32021-12-22 11:49:41.197root 11241100x80000000000000003857959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2261bdf9f64d4f92021-12-22 11:49:41.197root 11241100x80000000000000003857960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd7d8b6dc8a78312021-12-22 11:49:41.197root 11241100x80000000000000003857961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce60554c3db20eb2021-12-22 11:49:41.197root 11241100x80000000000000003857962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbffade791eb9e762021-12-22 11:49:41.197root 11241100x80000000000000003857963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d00f178ed838072021-12-22 11:49:41.197root 11241100x80000000000000003857964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e723b166b38fca2f2021-12-22 11:49:41.197root 11241100x80000000000000003857965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4b44a9d6c9b5b22021-12-22 11:49:41.197root 11241100x80000000000000003857966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f2ec61599f89ba2021-12-22 11:49:41.197root 11241100x80000000000000003857967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14bf23fc1cfe91e2021-12-22 11:49:41.197root 11241100x80000000000000003857968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f98b40fddbb14f2021-12-22 11:49:41.197root 11241100x80000000000000003857969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50d48713f3c88082021-12-22 11:49:41.197root 11241100x80000000000000003857970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95041d6dfaf66ea22021-12-22 11:49:41.198root 11241100x80000000000000003857971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853fce1ddcc90fd72021-12-22 11:49:41.198root 11241100x80000000000000003857972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d8915f0dffafcf2021-12-22 11:49:41.198root 11241100x80000000000000003857973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9696ea23af63e2d22021-12-22 11:49:41.198root 11241100x80000000000000003857974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a6d6c5e941e2c32021-12-22 11:49:41.198root 11241100x80000000000000003857975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a1cbccb0111c682021-12-22 11:49:41.198root 11241100x80000000000000003857976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da629d7610ef24952021-12-22 11:49:41.198root 11241100x80000000000000003857977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507045ddf7e5a1ba2021-12-22 11:49:41.198root 11241100x80000000000000003857978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a573b016df3022242021-12-22 11:49:41.198root 11241100x80000000000000003857979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081d5b54609a10152021-12-22 11:49:41.198root 11241100x80000000000000003857980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516bc18abf3453082021-12-22 11:49:41.198root 11241100x80000000000000003857981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a8294095559de72021-12-22 11:49:41.198root 11241100x80000000000000003857982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d42f70d2ba251512021-12-22 11:49:41.198root 11241100x80000000000000003857983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e94d68ac9eb26052021-12-22 11:49:41.198root 11241100x80000000000000003857984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f77cb8c23bacaa72021-12-22 11:49:41.198root 11241100x80000000000000003857985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af60b01bdae15d362021-12-22 11:49:41.199root 11241100x80000000000000003857986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e214ff564e29f8dc2021-12-22 11:49:41.199root 11241100x80000000000000003857987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6faa595723f6e4b72021-12-22 11:49:41.199root 11241100x80000000000000003857988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b945bc1119c5bb2021-12-22 11:49:41.199root 11241100x80000000000000003857989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100ed77432d044212021-12-22 11:49:41.693root 11241100x80000000000000003857990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59abc260282770862021-12-22 11:49:41.693root 11241100x80000000000000003857991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8033f741445fc9dd2021-12-22 11:49:41.693root 11241100x80000000000000003857992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3a84bb188683942021-12-22 11:49:41.693root 11241100x80000000000000003857993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d195c911ca945c2021-12-22 11:49:41.694root 11241100x80000000000000003857994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb4aa97838cc13e2021-12-22 11:49:41.694root 11241100x80000000000000003857995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60cba18674b04eae2021-12-22 11:49:41.694root 11241100x80000000000000003857996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e091d34f1759812021-12-22 11:49:41.694root 11241100x80000000000000003857997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba54408498883592021-12-22 11:49:41.694root 11241100x80000000000000003857998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2664cec7823718d2021-12-22 11:49:41.694root 11241100x80000000000000003857999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28332fb3b03e9b12021-12-22 11:49:41.694root 11241100x80000000000000003858000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568721647e2b2bbd2021-12-22 11:49:41.694root 11241100x80000000000000003858001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c8c811a544ed192021-12-22 11:49:41.694root 11241100x80000000000000003858002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219d19d44337ab4b2021-12-22 11:49:41.694root 11241100x80000000000000003858003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3d93e6717e4af22021-12-22 11:49:41.694root 11241100x80000000000000003858004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8031186935b29d2021-12-22 11:49:41.695root 11241100x80000000000000003858005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a4a4043c4ac55a2021-12-22 11:49:41.695root 11241100x80000000000000003858006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f12cf4bf56b9ec72021-12-22 11:49:41.695root 11241100x80000000000000003858007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a39f0b041223142021-12-22 11:49:41.695root 11241100x80000000000000003858008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648f94fac9eeaaae2021-12-22 11:49:41.695root 11241100x80000000000000003858009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff7181684ab9a782021-12-22 11:49:41.695root 11241100x80000000000000003858010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c63cca18b1bc382021-12-22 11:49:41.695root 11241100x80000000000000003858011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d003cb2f400ff9c2021-12-22 11:49:41.695root 11241100x80000000000000003858012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b78bd98e3cd98d2021-12-22 11:49:41.695root 11241100x80000000000000003858013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ded00200dcc2c32021-12-22 11:49:41.696root 11241100x80000000000000003858014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8b88020dbce2152021-12-22 11:49:41.696root 11241100x80000000000000003858015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ba57be16716a3e2021-12-22 11:49:41.696root 11241100x80000000000000003858016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b58a956060aef12021-12-22 11:49:41.696root 11241100x80000000000000003858017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c550b430827d0f2021-12-22 11:49:41.696root 11241100x80000000000000003858018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be604ff4bf32e702021-12-22 11:49:41.696root 11241100x80000000000000003858019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e745caf759a61e582021-12-22 11:49:41.696root 11241100x80000000000000003858020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9e8bb2aa2892c42021-12-22 11:49:41.696root 11241100x80000000000000003858021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef54b9ba1cd6d0bc2021-12-22 11:49:41.696root 11241100x80000000000000003858022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab349d0e3da7116c2021-12-22 11:49:41.696root 11241100x80000000000000003858023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba4b5dd70bd516d2021-12-22 11:49:41.697root 11241100x80000000000000003858024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832b9d78b1104c722021-12-22 11:49:41.697root 11241100x80000000000000003858025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3acdb022e28471dd2021-12-22 11:49:41.697root 11241100x80000000000000003858026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa98dc755da5f4682021-12-22 11:49:41.697root 11241100x80000000000000003858027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4a9abaf6f97c4d2021-12-22 11:49:41.697root 11241100x80000000000000003858028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a1d6509e7b35c12021-12-22 11:49:41.697root 11241100x80000000000000003858029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d006ce2dbcbcab2021-12-22 11:49:42.193root 11241100x80000000000000003858030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898ebbcbe231391e2021-12-22 11:49:42.193root 11241100x80000000000000003858031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92106370fa2044b62021-12-22 11:49:42.193root 11241100x80000000000000003858032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e833c428fdc66c22021-12-22 11:49:42.193root 11241100x80000000000000003858033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc467f7cb674c4132021-12-22 11:49:42.193root 11241100x80000000000000003858034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c64beba129731ba2021-12-22 11:49:42.193root 11241100x80000000000000003858035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90878630c658c47a2021-12-22 11:49:42.193root 11241100x80000000000000003858036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a04f5453f1babe2021-12-22 11:49:42.193root 11241100x80000000000000003858037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc24622daeb19812021-12-22 11:49:42.193root 11241100x80000000000000003858038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d48e5574f4fd2fb2021-12-22 11:49:42.193root 11241100x80000000000000003858039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d2202cfa9c55382021-12-22 11:49:42.193root 11241100x80000000000000003858040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b33c5edd356c8312021-12-22 11:49:42.194root 11241100x80000000000000003858041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88014597297786a2021-12-22 11:49:42.194root 11241100x80000000000000003858042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97843d25ef92cc982021-12-22 11:49:42.194root 11241100x80000000000000003858043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de25f26d1e67820a2021-12-22 11:49:42.194root 11241100x80000000000000003858044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0e69010b990a992021-12-22 11:49:42.194root 11241100x80000000000000003858045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dec36ff6bc72af42021-12-22 11:49:42.194root 11241100x80000000000000003858046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fab611072aab79e2021-12-22 11:49:42.194root 11241100x80000000000000003858047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020cf229ba3db9fe2021-12-22 11:49:42.194root 11241100x80000000000000003858048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23443928b8a4fc442021-12-22 11:49:42.194root 11241100x80000000000000003858049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2e52d8f5571aba2021-12-22 11:49:42.195root 11241100x80000000000000003858050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc64c67be3311d932021-12-22 11:49:42.195root 11241100x80000000000000003858051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4909925aa9765ec2021-12-22 11:49:42.195root 11241100x80000000000000003858052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1284ee416fb097772021-12-22 11:49:42.195root 11241100x80000000000000003858053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a800c327da3ba1e52021-12-22 11:49:42.195root 11241100x80000000000000003858054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098ed06654d2f9fd2021-12-22 11:49:42.195root 11241100x80000000000000003858055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266e1da17e569e562021-12-22 11:49:42.196root 11241100x80000000000000003858056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c509e3f81f624f72021-12-22 11:49:42.196root 11241100x80000000000000003858057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef23e5376b1a8f012021-12-22 11:49:42.196root 11241100x80000000000000003858058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a838dfc356424d912021-12-22 11:49:42.196root 11241100x80000000000000003858059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b876f10345e8d52021-12-22 11:49:42.196root 11241100x80000000000000003858060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb139f46d1ae676b2021-12-22 11:49:42.196root 11241100x80000000000000003858061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650fce9daae5ce862021-12-22 11:49:42.196root 11241100x80000000000000003858062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb11549da6f5e002021-12-22 11:49:42.196root 11241100x80000000000000003858063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b871e606468a55922021-12-22 11:49:42.196root 11241100x80000000000000003858064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a9aa9a182d38d02021-12-22 11:49:42.197root 11241100x80000000000000003858065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d16a4c890c33f682021-12-22 11:49:42.197root 11241100x80000000000000003858066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5116b00c9a03b45b2021-12-22 11:49:42.197root 11241100x80000000000000003858067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb57d0828d12dfb2021-12-22 11:49:42.197root 11241100x80000000000000003858068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ee595b5557acd72021-12-22 11:49:42.197root 11241100x80000000000000003858069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc39398b61e44a32021-12-22 11:49:42.693root 11241100x80000000000000003858070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e1cd8b6bb031df2021-12-22 11:49:42.693root 11241100x80000000000000003858071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822dc4fbea4439162021-12-22 11:49:42.693root 11241100x80000000000000003858072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafac9c128e81dc42021-12-22 11:49:42.693root 11241100x80000000000000003858073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4624592e533a5cd2021-12-22 11:49:42.693root 11241100x80000000000000003858074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b2f7fde6f676742021-12-22 11:49:42.693root 11241100x80000000000000003858075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4014f3a92ddbd8492021-12-22 11:49:42.693root 11241100x80000000000000003858076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4cf97f34429f912021-12-22 11:49:42.693root 11241100x80000000000000003858077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee4d28fd3280f262021-12-22 11:49:42.694root 11241100x80000000000000003858078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c8dc48d428914e2021-12-22 11:49:42.694root 11241100x80000000000000003858079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14e227e826083542021-12-22 11:49:42.694root 11241100x80000000000000003858080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b18e73e91469482021-12-22 11:49:42.694root 11241100x80000000000000003858081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6efd4df2b7331b402021-12-22 11:49:42.694root 11241100x80000000000000003858082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c9bf81e92cf0572021-12-22 11:49:42.694root 11241100x80000000000000003858083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c4f6d47004be362021-12-22 11:49:42.694root 11241100x80000000000000003858084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8877f7d9fbd43aa2021-12-22 11:49:42.694root 11241100x80000000000000003858085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84826dd2d445520b2021-12-22 11:49:42.694root 11241100x80000000000000003858086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0041a1c3527592562021-12-22 11:49:42.694root 11241100x80000000000000003858087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92de89ccd7abe3392021-12-22 11:49:42.695root 11241100x80000000000000003858088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0aad27775849cea2021-12-22 11:49:42.695root 11241100x80000000000000003858089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9082f39e7f83248e2021-12-22 11:49:42.695root 11241100x80000000000000003858090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bcdd577e5be0f42021-12-22 11:49:42.695root 11241100x80000000000000003858091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51fd3a529822ad1f2021-12-22 11:49:42.695root 11241100x80000000000000003858092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc68245ed67e05d92021-12-22 11:49:42.695root 11241100x80000000000000003858093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5b7d538b31a31a2021-12-22 11:49:42.695root 11241100x80000000000000003858094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb22f10913041e0b2021-12-22 11:49:42.695root 11241100x80000000000000003858095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3772257431b0da112021-12-22 11:49:42.695root 11241100x80000000000000003858096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825399cfa79a19db2021-12-22 11:49:42.695root 11241100x80000000000000003858097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588667598b55e8402021-12-22 11:49:42.696root 11241100x80000000000000003858098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8fc175e929cb022021-12-22 11:49:42.696root 11241100x80000000000000003858099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70703246441c2032021-12-22 11:49:42.696root 11241100x80000000000000003858100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d5ca34e002429b2021-12-22 11:49:42.696root 11241100x80000000000000003858101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086deff3c3f1cd422021-12-22 11:49:42.696root 11241100x80000000000000003858102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb8ce35602c45c72021-12-22 11:49:42.696root 11241100x80000000000000003858103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb410774d0c41b292021-12-22 11:49:42.696root 11241100x80000000000000003858104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4f5621449d7ab42021-12-22 11:49:42.696root 11241100x80000000000000003858105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dbed501e13a88112021-12-22 11:49:42.696root 11241100x80000000000000003858106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9224a097af027b5d2021-12-22 11:49:42.696root 11241100x80000000000000003858107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51ac91d2119ebaf2021-12-22 11:49:42.697root 11241100x80000000000000003858108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:42.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca7c9fff0a2ac202021-12-22 11:49:42.697root 11241100x80000000000000003858109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113a5b521014f16a2021-12-22 11:49:43.193root 11241100x80000000000000003858110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4eed0648a4b7e32021-12-22 11:49:43.193root 11241100x80000000000000003858111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bbb934f99a2fe412021-12-22 11:49:43.193root 11241100x80000000000000003858112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409919c9412001ba2021-12-22 11:49:43.193root 11241100x80000000000000003858113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea503a06f844aeb2021-12-22 11:49:43.193root 11241100x80000000000000003858114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6dd63f4a168067d2021-12-22 11:49:43.193root 11241100x80000000000000003858115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf5b8b6eb19377e2021-12-22 11:49:43.194root 11241100x80000000000000003858116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e257f04ace8b2cf2021-12-22 11:49:43.194root 11241100x80000000000000003858117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c47c6b1d5f31f62021-12-22 11:49:43.194root 11241100x80000000000000003858118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8be45dfaf48d572021-12-22 11:49:43.194root 11241100x80000000000000003858119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316b36582bdde8ff2021-12-22 11:49:43.194root 11241100x80000000000000003858120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff5f9230953491d2021-12-22 11:49:43.194root 11241100x80000000000000003858121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bfbd625d5f247da2021-12-22 11:49:43.195root 11241100x80000000000000003858122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8acc80ecebcb1f932021-12-22 11:49:43.195root 11241100x80000000000000003858123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ae74132c84e28c2021-12-22 11:49:43.195root 11241100x80000000000000003858124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3479c8e6accbcac2021-12-22 11:49:43.195root 11241100x80000000000000003858125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c8fd7b08fe4d932021-12-22 11:49:43.195root 11241100x80000000000000003858126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ed82c049f52a652021-12-22 11:49:43.195root 11241100x80000000000000003858127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d5efe6ae2d75c62021-12-22 11:49:43.196root 11241100x80000000000000003858128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a86e0f77160e412021-12-22 11:49:43.196root 11241100x80000000000000003858129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6bc29b6337ff722021-12-22 11:49:43.196root 11241100x80000000000000003858130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1465716b46c541942021-12-22 11:49:43.196root 11241100x80000000000000003858131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7def97e7eb8cac12021-12-22 11:49:43.196root 11241100x80000000000000003858132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced2af8a5427161d2021-12-22 11:49:43.196root 11241100x80000000000000003858133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28521aab8548027e2021-12-22 11:49:43.196root 11241100x80000000000000003858134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24dda2741f594f52021-12-22 11:49:43.196root 11241100x80000000000000003858135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3316115517a46072021-12-22 11:49:43.196root 11241100x80000000000000003858136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e302cb3bf555552021-12-22 11:49:43.196root 11241100x80000000000000003858137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4be34b861cf7e2f2021-12-22 11:49:43.197root 11241100x80000000000000003858138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f506ca6ff0f0989b2021-12-22 11:49:43.197root 11241100x80000000000000003858139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de96fa957a64d39b2021-12-22 11:49:43.197root 11241100x80000000000000003858140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2145b69340ddf492021-12-22 11:49:43.197root 11241100x80000000000000003858141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c81c4ea37bf9d5a2021-12-22 11:49:43.197root 11241100x80000000000000003858142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc566cb3a7aa8952021-12-22 11:49:43.197root 11241100x80000000000000003858143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a23f9d9ea149282021-12-22 11:49:43.197root 11241100x80000000000000003858144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.febead1ecf03c8492021-12-22 11:49:43.197root 11241100x80000000000000003858145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2daad0bffddcff2021-12-22 11:49:43.197root 11241100x80000000000000003858146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5a499b4738cb342021-12-22 11:49:43.198root 11241100x80000000000000003858147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4933bee16804b32021-12-22 11:49:43.198root 11241100x80000000000000003858148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5ea4f35eb5fd872021-12-22 11:49:43.198root 11241100x80000000000000003858149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545098740fbd55ac2021-12-22 11:49:43.693root 11241100x80000000000000003858150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd36dd07094a3872021-12-22 11:49:43.693root 11241100x80000000000000003858151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6767c2b10b0f4b12021-12-22 11:49:43.693root 11241100x80000000000000003858152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27dc9fa58ff2fdb2021-12-22 11:49:43.693root 11241100x80000000000000003858153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c988d7ee9211c3ae2021-12-22 11:49:43.693root 11241100x80000000000000003858154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2695036b2405d332021-12-22 11:49:43.693root 11241100x80000000000000003858155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdec8bae161fbfb2021-12-22 11:49:43.694root 11241100x80000000000000003858156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad312b733fe94c62021-12-22 11:49:43.694root 11241100x80000000000000003858157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc05e93dab68b4ba2021-12-22 11:49:43.694root 11241100x80000000000000003858158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9124da6077056d272021-12-22 11:49:43.694root 11241100x80000000000000003858159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290c471d3404a39d2021-12-22 11:49:43.694root 11241100x80000000000000003858160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d544f22d07f0a5472021-12-22 11:49:43.694root 11241100x80000000000000003858161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da235381e24ea582021-12-22 11:49:43.695root 11241100x80000000000000003858162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8d04dd08de2e0d2021-12-22 11:49:43.695root 11241100x80000000000000003858163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65aa92e7074b54552021-12-22 11:49:43.695root 11241100x80000000000000003858164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0d442a8bbc0a532021-12-22 11:49:43.696root 11241100x80000000000000003858165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea76bf1891867a1d2021-12-22 11:49:43.696root 11241100x80000000000000003858166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0efad196ab7baccd2021-12-22 11:49:43.696root 11241100x80000000000000003858167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187b3d54a07099f62021-12-22 11:49:43.696root 11241100x80000000000000003858168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30683e4209a119f52021-12-22 11:49:43.696root 11241100x80000000000000003858169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d1359b0058f03c2021-12-22 11:49:43.696root 11241100x80000000000000003858170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13444a07ad13f6fe2021-12-22 11:49:43.697root 11241100x80000000000000003858171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68960f936321366d2021-12-22 11:49:43.697root 11241100x80000000000000003858172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13379a2b83081a212021-12-22 11:49:43.697root 11241100x80000000000000003858173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64d7af250e96e512021-12-22 11:49:43.697root 11241100x80000000000000003858174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8ffa800c098f212021-12-22 11:49:43.697root 11241100x80000000000000003858175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7c48ba48a30f102021-12-22 11:49:43.697root 11241100x80000000000000003858176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e276ea8d1a8800a22021-12-22 11:49:43.698root 11241100x80000000000000003858177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b9fbd2bbbf53da2021-12-22 11:49:43.698root 11241100x80000000000000003858178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0d09ea79527b622021-12-22 11:49:43.698root 11241100x80000000000000003858179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99835e2eda575242021-12-22 11:49:43.698root 11241100x80000000000000003858180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89eec8033ef8af3a2021-12-22 11:49:43.699root 11241100x80000000000000003858181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89cbce392f95e3152021-12-22 11:49:43.699root 11241100x80000000000000003858182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9f2bd8de24bb712021-12-22 11:49:43.699root 11241100x80000000000000003858183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39149dc0af5b6b8d2021-12-22 11:49:43.699root 11241100x80000000000000003858184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7826bb30c454d3122021-12-22 11:49:43.699root 11241100x80000000000000003858185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6615a25084e6c632021-12-22 11:49:43.699root 11241100x80000000000000003858186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee460813419b8dae2021-12-22 11:49:43.700root 11241100x80000000000000003858187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006fd406e2b180a82021-12-22 11:49:43.700root 11241100x80000000000000003858188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d243d4a3e2d946912021-12-22 11:49:43.700root 11241100x80000000000000003858189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba019bb96e2d02792021-12-22 11:49:43.700root 11241100x80000000000000003858190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b60012964671262021-12-22 11:49:43.700root 11241100x80000000000000003858191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42778fe9bda7f4442021-12-22 11:49:43.700root 11241100x80000000000000003858192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06058b10e6113fda2021-12-22 11:49:43.700root 11241100x80000000000000003858193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d4d97c1b864a852021-12-22 11:49:43.700root 11241100x80000000000000003858194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4eee8947a771ef62021-12-22 11:49:43.700root 11241100x80000000000000003858195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb1d0c8e52be2c22021-12-22 11:49:43.701root 11241100x80000000000000003858196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:43.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d192c3dba4b44a2021-12-22 11:49:43.701root 11241100x80000000000000003858197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883054e300402d702021-12-22 11:49:44.193root 11241100x80000000000000003858198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8b5a7f758a5c6d2021-12-22 11:49:44.193root 11241100x80000000000000003858199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33486f06ffa472582021-12-22 11:49:44.193root 11241100x80000000000000003858200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898c5f9dc78683772021-12-22 11:49:44.193root 11241100x80000000000000003858201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afebc13bb34cadf62021-12-22 11:49:44.194root 11241100x80000000000000003858202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53048a8568b087a2021-12-22 11:49:44.194root 11241100x80000000000000003858203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3f2734f296a4052021-12-22 11:49:44.194root 11241100x80000000000000003858204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ab19001767c0862021-12-22 11:49:44.194root 11241100x80000000000000003858205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550a53533599cca92021-12-22 11:49:44.194root 11241100x80000000000000003858206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45462fbd702d7cb22021-12-22 11:49:44.194root 11241100x80000000000000003858207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb56d0ef7e2748f22021-12-22 11:49:44.195root 11241100x80000000000000003858208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f89ef2aee840722021-12-22 11:49:44.195root 11241100x80000000000000003858209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e245dfc263485cc2021-12-22 11:49:44.195root 11241100x80000000000000003858210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb76549966048e242021-12-22 11:49:44.195root 11241100x80000000000000003858211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f027c1afb21a7d352021-12-22 11:49:44.195root 11241100x80000000000000003858212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a84de8a5631f1b22021-12-22 11:49:44.195root 11241100x80000000000000003858213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25933f1603d524e22021-12-22 11:49:44.195root 11241100x80000000000000003858214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444ef1fe0e06898d2021-12-22 11:49:44.195root 11241100x80000000000000003858215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9f0c63c988ff8c2021-12-22 11:49:44.196root 11241100x80000000000000003858216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4073bcc7d342f1ee2021-12-22 11:49:44.196root 11241100x80000000000000003858217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b484185cd0f147d82021-12-22 11:49:44.196root 11241100x80000000000000003858218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd164e8751a111c2021-12-22 11:49:44.196root 11241100x80000000000000003858219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2c18a69e4248b72021-12-22 11:49:44.196root 11241100x80000000000000003858220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f67e0e45dd747c2021-12-22 11:49:44.196root 11241100x80000000000000003858221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75cc23eb300d4982021-12-22 11:49:44.196root 11241100x80000000000000003858222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae38969095389f02021-12-22 11:49:44.196root 11241100x80000000000000003858223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb98c30d2b7b14ce2021-12-22 11:49:44.197root 11241100x80000000000000003858224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3495d344370d56f2021-12-22 11:49:44.197root 11241100x80000000000000003858225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed595970b7e0a652021-12-22 11:49:44.197root 11241100x80000000000000003858226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56323dc94f3b49b22021-12-22 11:49:44.197root 11241100x80000000000000003858227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e9d732dbfdf0b12021-12-22 11:49:44.197root 11241100x80000000000000003858228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a518ea9d9610a7e12021-12-22 11:49:44.197root 11241100x80000000000000003858229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b0133645daac1c2021-12-22 11:49:44.197root 11241100x80000000000000003858230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdc28e71186f9b72021-12-22 11:49:44.197root 11241100x80000000000000003858231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a8f30b7cfae7992021-12-22 11:49:44.197root 11241100x80000000000000003858232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f617ce469b78ff32021-12-22 11:49:44.198root 11241100x80000000000000003858233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6868c37194ace42021-12-22 11:49:44.198root 11241100x80000000000000003858234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ed80f252fdceaf2021-12-22 11:49:44.198root 11241100x80000000000000003858235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c47fe154aa66e42021-12-22 11:49:44.198root 11241100x80000000000000003858236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4f374c93d2945f2021-12-22 11:49:44.198root 11241100x80000000000000003858237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7bf432d9cf64a52021-12-22 11:49:44.198root 11241100x80000000000000003858238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ded9bca2d951552021-12-22 11:49:44.198root 11241100x80000000000000003858239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b1ae3f6be02aed2021-12-22 11:49:44.198root 11241100x80000000000000003858240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee9ac40cf9a18a02021-12-22 11:49:44.693root 11241100x80000000000000003858241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7257cd8dc93d33272021-12-22 11:49:44.693root 11241100x80000000000000003858242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f92c3ced70033562021-12-22 11:49:44.693root 11241100x80000000000000003858243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b943b6285ae24d52021-12-22 11:49:44.693root 11241100x80000000000000003858244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d529d0d0e53e40c12021-12-22 11:49:44.693root 11241100x80000000000000003858245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f43d9e554ffb052021-12-22 11:49:44.694root 11241100x80000000000000003858246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5807b2978dc687792021-12-22 11:49:44.694root 11241100x80000000000000003858247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0277fabe0102109a2021-12-22 11:49:44.694root 11241100x80000000000000003858248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0a6ec0652e59d52021-12-22 11:49:44.694root 11241100x80000000000000003858249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342a0607457a7bc82021-12-22 11:49:44.694root 11241100x80000000000000003858250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1527c9bebb50bcdc2021-12-22 11:49:44.694root 11241100x80000000000000003858251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3166a1f5c3ae9e2021-12-22 11:49:44.694root 11241100x80000000000000003858252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653dc9c5a2a56c172021-12-22 11:49:44.695root 11241100x80000000000000003858253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f867db24504c2872021-12-22 11:49:44.695root 11241100x80000000000000003858254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1945e214569e082021-12-22 11:49:44.695root 11241100x80000000000000003858255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24e2271274244fd2021-12-22 11:49:44.695root 11241100x80000000000000003858256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca181bd851aa8b02021-12-22 11:49:44.695root 11241100x80000000000000003858257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4bb73a8f924b30f2021-12-22 11:49:44.695root 11241100x80000000000000003858258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3fdf3574e173482021-12-22 11:49:44.696root 11241100x80000000000000003858259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578da1aab0c7aa5f2021-12-22 11:49:44.696root 11241100x80000000000000003858260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904510ca7a97ae702021-12-22 11:49:44.696root 11241100x80000000000000003858261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28aa338aa6b999bf2021-12-22 11:49:44.696root 11241100x80000000000000003858262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40af2b6e1c1e6fcc2021-12-22 11:49:44.696root 11241100x80000000000000003858263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7fca5064ccc609c2021-12-22 11:49:44.696root 11241100x80000000000000003858264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab706d1d521208e2021-12-22 11:49:44.696root 11241100x80000000000000003858265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37340c83199e39f2021-12-22 11:49:44.696root 11241100x80000000000000003858266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d5f88f512733472021-12-22 11:49:44.696root 11241100x80000000000000003858267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be24d366c6db1582021-12-22 11:49:44.697root 11241100x80000000000000003858268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a423ea8aa421d02021-12-22 11:49:44.697root 11241100x80000000000000003858269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b012d8b1631db12021-12-22 11:49:44.697root 11241100x80000000000000003858270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52fcc97eb6883992021-12-22 11:49:44.697root 11241100x80000000000000003858271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019665e1af22fd1e2021-12-22 11:49:44.697root 11241100x80000000000000003858272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f8401daa9d095f2021-12-22 11:49:44.697root 11241100x80000000000000003858273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8827149e166699322021-12-22 11:49:44.697root 11241100x80000000000000003858274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c25bfe91deda8512021-12-22 11:49:44.697root 11241100x80000000000000003858275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16e0d836e5ac6c92021-12-22 11:49:44.697root 11241100x80000000000000003858276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13cf6b6188599bf2021-12-22 11:49:44.697root 11241100x80000000000000003858277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3723ca6e531013d92021-12-22 11:49:44.697root 11241100x80000000000000003858278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e563ef4303877c352021-12-22 11:49:44.697root 11241100x80000000000000003858279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e3362a5a984d662021-12-22 11:49:44.698root 11241100x80000000000000003858280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f6274afa4e2d5c2021-12-22 11:49:44.698root 11241100x80000000000000003858281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097d1c3b5616f2572021-12-22 11:49:44.698root 11241100x80000000000000003858282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f476fdd269d01e282021-12-22 11:49:44.698root 11241100x80000000000000003858283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb41f1a140279ea72021-12-22 11:49:44.698root 11241100x80000000000000003858284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9b634d6f88299d2021-12-22 11:49:44.698root 11241100x80000000000000003858285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1a1a5a84c4b18d2021-12-22 11:49:44.698root 11241100x80000000000000003858286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531430eccb7921002021-12-22 11:49:44.698root 11241100x80000000000000003858287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:44.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97515467583eb91d2021-12-22 11:49:44.698root 354300x80000000000000003858288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.066{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55512-false10.0.1.12-8000- 11241100x80000000000000003858289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.067{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c539e96f9e04172021-12-22 11:49:45.067root 11241100x80000000000000003858290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.067{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac8581702a628522021-12-22 11:49:45.067root 11241100x80000000000000003858291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.067{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72394877844e8e762021-12-22 11:49:45.067root 11241100x80000000000000003858292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.067{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7ed4bb6cf979b32021-12-22 11:49:45.067root 11241100x80000000000000003858293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.067{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbb8c736a8b272c2021-12-22 11:49:45.067root 11241100x80000000000000003858294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.067{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef91082b5a200d32021-12-22 11:49:45.067root 11241100x80000000000000003858295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.067{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf21681bd79c79d2021-12-22 11:49:45.067root 11241100x80000000000000003858296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.067{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd65c221233412db2021-12-22 11:49:45.067root 11241100x80000000000000003858297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8244f6f831bfd3e22021-12-22 11:49:45.068root 11241100x80000000000000003858298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21d78075c26a2a02021-12-22 11:49:45.068root 11241100x80000000000000003858299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d639d850a4a767cd2021-12-22 11:49:45.068root 11241100x80000000000000003858300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f18adcf6fb6c8332021-12-22 11:49:45.068root 11241100x80000000000000003858301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff161fbb8da07a42021-12-22 11:49:45.068root 11241100x80000000000000003858302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9efe4a017500ccf42021-12-22 11:49:45.068root 11241100x80000000000000003858303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd928c1530592e152021-12-22 11:49:45.068root 11241100x80000000000000003858304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.069{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2404db89bc691d2021-12-22 11:49:45.069root 11241100x80000000000000003858305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.069{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8c8e2c2f1a03e92021-12-22 11:49:45.069root 11241100x80000000000000003858306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.069{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4955164f9e376e42021-12-22 11:49:45.069root 11241100x80000000000000003858307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.069{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81989d500b310012021-12-22 11:49:45.069root 11241100x80000000000000003858308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.070{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce897fafce43b6f2021-12-22 11:49:45.070root 11241100x80000000000000003858309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.070{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d695cd62436fa3b2021-12-22 11:49:45.070root 11241100x80000000000000003858310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.070{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480b1a4be06f62822021-12-22 11:49:45.070root 11241100x80000000000000003858311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.070{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd30d492c824ff82021-12-22 11:49:45.070root 11241100x80000000000000003858312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.070{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684bca28b350cbf62021-12-22 11:49:45.070root 11241100x80000000000000003858313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.070{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353c172e1e2511c32021-12-22 11:49:45.070root 11241100x80000000000000003858314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.070{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5212524dc95ff12021-12-22 11:49:45.070root 11241100x80000000000000003858315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.070{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a050358cc54abe02021-12-22 11:49:45.070root 11241100x80000000000000003858316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.070{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c48b99e8832208a2021-12-22 11:49:45.070root 11241100x80000000000000003858317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.071{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163969a42ac1b5bf2021-12-22 11:49:45.071root 11241100x80000000000000003858318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.071{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c569330eb050118f2021-12-22 11:49:45.071root 11241100x80000000000000003858319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.071{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771aa6c6ab1e14452021-12-22 11:49:45.071root 11241100x80000000000000003858320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.071{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3fae09ac3be976a2021-12-22 11:49:45.071root 11241100x80000000000000003858321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.071{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21cf2c26673044322021-12-22 11:49:45.071root 11241100x80000000000000003858322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.071{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f4c94aaef741db2021-12-22 11:49:45.071root 11241100x80000000000000003858323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.071{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa4c3ad0bb29de02021-12-22 11:49:45.071root 11241100x80000000000000003858324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.071{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a63c39658f954b92021-12-22 11:49:45.071root 11241100x80000000000000003858325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.071{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c62dbf1340d2f572021-12-22 11:49:45.071root 11241100x80000000000000003858326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.072{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0712e96424087ad12021-12-22 11:49:45.072root 11241100x80000000000000003858327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.072{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c71141e83867f22021-12-22 11:49:45.072root 11241100x80000000000000003858328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.072{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c774fa68bff36f2021-12-22 11:49:45.072root 11241100x80000000000000003858329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.072{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cba2af6ad2a06b52021-12-22 11:49:45.072root 11241100x80000000000000003858330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.072{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6207112bd483720c2021-12-22 11:49:45.072root 11241100x80000000000000003858331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.072{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70253f3f9c662d6f2021-12-22 11:49:45.072root 11241100x80000000000000003858332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.072{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49971509d92743852021-12-22 11:49:45.072root 11241100x80000000000000003858333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.072{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e433e4fca12a12e72021-12-22 11:49:45.072root 11241100x80000000000000003858334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.072{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c3249c59613ca32021-12-22 11:49:45.072root 11241100x80000000000000003858335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.072{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac8e45e8af65ee32021-12-22 11:49:45.072root 11241100x80000000000000003858336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.073{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553efd26799623662021-12-22 11:49:45.073root 11241100x80000000000000003858337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.073{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae8a889922788c12021-12-22 11:49:45.073root 11241100x80000000000000003858338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.073{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406f6634c8e48d022021-12-22 11:49:45.073root 11241100x80000000000000003858339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.073{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbfb28ecbeeaeb22021-12-22 11:49:45.073root 11241100x80000000000000003858340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.073{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8186ed61091a677b2021-12-22 11:49:45.073root 11241100x80000000000000003858341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.073{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea171412c7fa416b2021-12-22 11:49:45.073root 11241100x80000000000000003858342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.073{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52aea0be4092d46e2021-12-22 11:49:45.073root 11241100x80000000000000003858343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.073{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c989e3f7ba3e38d2021-12-22 11:49:45.073root 11241100x80000000000000003858344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.073{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a0df0a271d98252021-12-22 11:49:45.073root 11241100x80000000000000003858345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a23c4debe6a7e552021-12-22 11:49:45.443root 11241100x80000000000000003858346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0e3e0aa5f425812021-12-22 11:49:45.443root 11241100x80000000000000003858347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b61d1205d4ca94b2021-12-22 11:49:45.443root 11241100x80000000000000003858348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8635b545c5a4652021-12-22 11:49:45.443root 11241100x80000000000000003858349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f185de97efd38fc2021-12-22 11:49:45.444root 11241100x80000000000000003858350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f14c9ad401137632021-12-22 11:49:45.444root 11241100x80000000000000003858351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1abc39887a98bb2021-12-22 11:49:45.444root 11241100x80000000000000003858352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6adca82e3e7e6382021-12-22 11:49:45.444root 11241100x80000000000000003858353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d17388e831971e2021-12-22 11:49:45.444root 11241100x80000000000000003858354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972cdf25965076de2021-12-22 11:49:45.444root 11241100x80000000000000003858355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ebba0c7d26c51b2021-12-22 11:49:45.444root 11241100x80000000000000003858356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b66567a2ff2d342021-12-22 11:49:45.445root 11241100x80000000000000003858357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f84bed8160d88dd2021-12-22 11:49:45.445root 11241100x80000000000000003858358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0477d87c6a2c1bc42021-12-22 11:49:45.445root 11241100x80000000000000003858359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55995468b18b611a2021-12-22 11:49:45.445root 11241100x80000000000000003858360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab00d4a11a2027e2021-12-22 11:49:45.445root 11241100x80000000000000003858361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381ccf70ee188bb42021-12-22 11:49:45.446root 11241100x80000000000000003858362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d341fe628417454a2021-12-22 11:49:45.446root 11241100x80000000000000003858363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90565130897fdd7a2021-12-22 11:49:45.446root 11241100x80000000000000003858364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1416bd1f4ddbd3262021-12-22 11:49:45.446root 11241100x80000000000000003858365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6069170cd6990c2021-12-22 11:49:45.446root 11241100x80000000000000003858366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df1530d8bb5d8672021-12-22 11:49:45.446root 11241100x80000000000000003858367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6404326f3b462e852021-12-22 11:49:45.446root 11241100x80000000000000003858368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f466cb991da2a32021-12-22 11:49:45.446root 11241100x80000000000000003858369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1df233133ca26312021-12-22 11:49:45.446root 11241100x80000000000000003858370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479346d59ffd63ad2021-12-22 11:49:45.446root 11241100x80000000000000003858371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f281b7cf41c5d352021-12-22 11:49:45.446root 11241100x80000000000000003858372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158a9d0ccf9077922021-12-22 11:49:45.447root 11241100x80000000000000003858373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9aae5d927b218e82021-12-22 11:49:45.447root 11241100x80000000000000003858374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66ce81a789394c02021-12-22 11:49:45.447root 11241100x80000000000000003858375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c73844469f9dd1f2021-12-22 11:49:45.447root 11241100x80000000000000003858376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e6ae1b866b86b02021-12-22 11:49:45.447root 11241100x80000000000000003858377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d267528ceb591ab62021-12-22 11:49:45.447root 11241100x80000000000000003858378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ff173cfbcfa6082021-12-22 11:49:45.447root 11241100x80000000000000003858379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28b0b212ab653a02021-12-22 11:49:45.447root 11241100x80000000000000003858380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2cda7fc881fe6072021-12-22 11:49:45.448root 11241100x80000000000000003858381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c2fa69f2da6ec32021-12-22 11:49:45.448root 11241100x80000000000000003858382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4579d5b7235d5da2021-12-22 11:49:45.448root 11241100x80000000000000003858383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d3677fd18872a22021-12-22 11:49:45.448root 11241100x80000000000000003858384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e4d728343a36fc2021-12-22 11:49:45.448root 11241100x80000000000000003858385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7869feff2370dbf72021-12-22 11:49:45.448root 11241100x80000000000000003858386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9615908d7065a7e72021-12-22 11:49:45.448root 11241100x80000000000000003858387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38abd00350f5a4b2021-12-22 11:49:45.448root 11241100x80000000000000003858388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8c0808593eb25a2021-12-22 11:49:45.449root 11241100x80000000000000003858389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e68d259a42970f2021-12-22 11:49:45.449root 11241100x80000000000000003858390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9621c73d1e3ec46a2021-12-22 11:49:45.449root 11241100x80000000000000003858391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba33dc08b77559cb2021-12-22 11:49:45.449root 11241100x80000000000000003858392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596a4bb1aa106f8c2021-12-22 11:49:45.449root 11241100x80000000000000003858393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c469057ae874d4a2021-12-22 11:49:45.449root 11241100x80000000000000003858394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6001b7509d3a1d2021-12-22 11:49:45.449root 11241100x80000000000000003858395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308e13f3029d62502021-12-22 11:49:45.449root 11241100x80000000000000003858396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06f40d15b957dff2021-12-22 11:49:45.449root 11241100x80000000000000003858397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e5581a2dcc5b4c2021-12-22 11:49:45.942root 11241100x80000000000000003858398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebe6c3a59a13c3c2021-12-22 11:49:45.943root 11241100x80000000000000003858399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d81fa9d7d781c42021-12-22 11:49:45.943root 11241100x80000000000000003858400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f332c26173c879d62021-12-22 11:49:45.943root 11241100x80000000000000003858401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26fdf3cbcb4dd3e2021-12-22 11:49:45.944root 11241100x80000000000000003858402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515d16a7501151592021-12-22 11:49:45.944root 11241100x80000000000000003858403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ff90b9a4dd1c642021-12-22 11:49:45.944root 11241100x80000000000000003858404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45fbbbe70279875e2021-12-22 11:49:45.944root 11241100x80000000000000003858405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec1bc292231b5a82021-12-22 11:49:45.944root 11241100x80000000000000003858406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9445322c8670b462021-12-22 11:49:45.944root 11241100x80000000000000003858407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0703045ba01c476e2021-12-22 11:49:45.944root 11241100x80000000000000003858408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e304967fad9c1d2021-12-22 11:49:45.944root 11241100x80000000000000003858409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c7e89e3464971a2021-12-22 11:49:45.944root 11241100x80000000000000003858410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b40788370dadd32021-12-22 11:49:45.945root 11241100x80000000000000003858411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8f9d19177ee7662021-12-22 11:49:45.945root 11241100x80000000000000003858412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1607ea3ac50a6d292021-12-22 11:49:45.945root 11241100x80000000000000003858413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37cae7354b1de37f2021-12-22 11:49:45.945root 11241100x80000000000000003858414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c0cdc2c52a64912021-12-22 11:49:45.945root 11241100x80000000000000003858415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35100aacf92834a12021-12-22 11:49:45.945root 11241100x80000000000000003858416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5638a44695f3febb2021-12-22 11:49:45.945root 11241100x80000000000000003858417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48abd4bb6c57250f2021-12-22 11:49:45.946root 11241100x80000000000000003858418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe0be2ed98fc3f52021-12-22 11:49:45.946root 11241100x80000000000000003858419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9484cb80e7f0b5da2021-12-22 11:49:45.946root 11241100x80000000000000003858420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5a1238c08ff6bc2021-12-22 11:49:45.947root 11241100x80000000000000003858421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4566520f1c5cc3e2021-12-22 11:49:45.947root 11241100x80000000000000003858422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c7a6c2a2ea24cf2021-12-22 11:49:45.947root 11241100x80000000000000003858423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fda40f2cb9888c42021-12-22 11:49:45.948root 11241100x80000000000000003858424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e8b98427ba46752021-12-22 11:49:45.948root 11241100x80000000000000003858425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2b77d08f7d8c392021-12-22 11:49:45.948root 11241100x80000000000000003858426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c9826828facc7d2021-12-22 11:49:45.948root 11241100x80000000000000003858427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8153121fcabda222021-12-22 11:49:45.948root 11241100x80000000000000003858428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ea1c890f3308752021-12-22 11:49:45.948root 11241100x80000000000000003858429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c646416b284f6532021-12-22 11:49:45.948root 11241100x80000000000000003858430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b1269b5f00487c2021-12-22 11:49:45.949root 11241100x80000000000000003858431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bdd6f02d9b44bd22021-12-22 11:49:45.949root 11241100x80000000000000003858432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88448f34e8766bde2021-12-22 11:49:45.949root 11241100x80000000000000003858433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53197fca03001d52021-12-22 11:49:45.949root 11241100x80000000000000003858434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f591c4807fcc1ce92021-12-22 11:49:45.949root 11241100x80000000000000003858435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7b66e6b11802c22021-12-22 11:49:45.949root 11241100x80000000000000003858436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed2f3f95e6b74012021-12-22 11:49:45.949root 11241100x80000000000000003858437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89d7e0099357b542021-12-22 11:49:45.949root 11241100x80000000000000003858438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3839c73db381ed92021-12-22 11:49:45.949root 11241100x80000000000000003858439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb358193a35eb0c2021-12-22 11:49:45.950root 11241100x80000000000000003858440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f63c917ceca82032021-12-22 11:49:45.950root 11241100x80000000000000003858441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc882248a1267ed12021-12-22 11:49:45.950root 11241100x80000000000000003858442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28133de035e33f052021-12-22 11:49:45.950root 11241100x80000000000000003858443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0a40bd4876f7b52021-12-22 11:49:45.950root 11241100x80000000000000003858444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672e3acd6ed2fe942021-12-22 11:49:45.950root 11241100x80000000000000003858445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6327900125caf97a2021-12-22 11:49:45.950root 11241100x80000000000000003858446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d734a0779375822b2021-12-22 11:49:45.950root 11241100x80000000000000003858447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51df6583e52dce112021-12-22 11:49:45.950root 11241100x80000000000000003858448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:45.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d8bf671c0aeb822021-12-22 11:49:45.950root 11241100x80000000000000003858449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e843f6a2d023b052021-12-22 11:49:46.443root 11241100x80000000000000003858450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2336a8e539cd2832021-12-22 11:49:46.443root 11241100x80000000000000003858451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6b14eaa6f11b9e2021-12-22 11:49:46.443root 11241100x80000000000000003858452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc28f8d5be003192021-12-22 11:49:46.443root 11241100x80000000000000003858453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b3c0868a61c8832021-12-22 11:49:46.443root 11241100x80000000000000003858454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3300267bc526c9522021-12-22 11:49:46.443root 11241100x80000000000000003858455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea40249fc51a1b92021-12-22 11:49:46.444root 11241100x80000000000000003858456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2659b83661af89212021-12-22 11:49:46.444root 11241100x80000000000000003858457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c376bd10fa88172021-12-22 11:49:46.444root 11241100x80000000000000003858458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee18cb308f14f2e2021-12-22 11:49:46.444root 11241100x80000000000000003858459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f302e030e7770af2021-12-22 11:49:46.444root 11241100x80000000000000003858460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321b4086ff398f942021-12-22 11:49:46.444root 11241100x80000000000000003858461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8452d34cdc9e6b2021-12-22 11:49:46.444root 11241100x80000000000000003858462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68dbe4ad09f4d2c2021-12-22 11:49:46.444root 11241100x80000000000000003858463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36de7086d2741bd82021-12-22 11:49:46.445root 11241100x80000000000000003858464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ee6d92236fde382021-12-22 11:49:46.445root 11241100x80000000000000003858465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9e2a9b7a8c85562021-12-22 11:49:46.445root 11241100x80000000000000003858466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841eb1c3f88972f52021-12-22 11:49:46.445root 11241100x80000000000000003858467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f9a4e5015686672021-12-22 11:49:46.445root 11241100x80000000000000003858468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a807a6f729ea8d262021-12-22 11:49:46.445root 11241100x80000000000000003858469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d7f3dccfc66e682021-12-22 11:49:46.445root 11241100x80000000000000003858470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278ebbe84eb8e5782021-12-22 11:49:46.445root 11241100x80000000000000003858471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4eb3f726f95c4872021-12-22 11:49:46.445root 11241100x80000000000000003858472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5390e24a5bc1022021-12-22 11:49:46.445root 11241100x80000000000000003858473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05cc822533d7dca2021-12-22 11:49:46.446root 11241100x80000000000000003858474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75455ef5520a05682021-12-22 11:49:46.446root 11241100x80000000000000003858475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a0534d1c0a64f22021-12-22 11:49:46.446root 11241100x80000000000000003858476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb060c3b7fac28a72021-12-22 11:49:46.446root 11241100x80000000000000003858477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d034553beca5bb92021-12-22 11:49:46.446root 11241100x80000000000000003858478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a94d4c145fe1c972021-12-22 11:49:46.446root 11241100x80000000000000003858479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b1aa698b32297c2021-12-22 11:49:46.446root 11241100x80000000000000003858480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830d8dec5342793e2021-12-22 11:49:46.446root 11241100x80000000000000003858481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c935213cc9cd27422021-12-22 11:49:46.447root 11241100x80000000000000003858482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a08370d4096e40f2021-12-22 11:49:46.447root 11241100x80000000000000003858483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db13b2a9bf73e4f2021-12-22 11:49:46.447root 11241100x80000000000000003858484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2515c618f8c8bb52021-12-22 11:49:46.447root 11241100x80000000000000003858485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e32f4d7160d55bd2021-12-22 11:49:46.447root 11241100x80000000000000003858486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647c415239a4558e2021-12-22 11:49:46.447root 11241100x80000000000000003858487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1fdb0d033a59362021-12-22 11:49:46.448root 11241100x80000000000000003858488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4268412a84c2ed802021-12-22 11:49:46.448root 11241100x80000000000000003858489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f83dce36bbf7c6f2021-12-22 11:49:46.448root 11241100x80000000000000003858490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48929ac78c8d470d2021-12-22 11:49:46.448root 11241100x80000000000000003858491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdfcbfa08893ba852021-12-22 11:49:46.448root 11241100x80000000000000003858492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcccdeccbdebd1482021-12-22 11:49:46.448root 11241100x80000000000000003858493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea725d54d85007f2021-12-22 11:49:46.449root 11241100x80000000000000003858494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07229b33ec6ded2a2021-12-22 11:49:46.449root 11241100x80000000000000003858495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f449f0518b32cb9a2021-12-22 11:49:46.449root 11241100x80000000000000003858496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292b2496f2594c0d2021-12-22 11:49:46.449root 11241100x80000000000000003858497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191b2560355bff212021-12-22 11:49:46.449root 11241100x80000000000000003858498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3289c621cd9d12e52021-12-22 11:49:46.449root 11241100x80000000000000003858499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d14a22c416e5a72021-12-22 11:49:46.449root 11241100x80000000000000003858500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98db6f58a7516402021-12-22 11:49:46.449root 11241100x80000000000000003858501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d6b9d97935d0002021-12-22 11:49:46.450root 11241100x80000000000000003858502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e850235764272d42021-12-22 11:49:46.450root 11241100x80000000000000003858503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893585678b76a0e82021-12-22 11:49:46.450root 11241100x80000000000000003858504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf0d5e5db8c423042021-12-22 11:49:46.943root 11241100x80000000000000003858505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96870de93a65d64a2021-12-22 11:49:46.943root 11241100x80000000000000003858506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81060dcf1e287d992021-12-22 11:49:46.943root 11241100x80000000000000003858507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c7089fae1c99e832021-12-22 11:49:46.944root 11241100x80000000000000003858508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a737cfb3f51127992021-12-22 11:49:46.944root 11241100x80000000000000003858509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6697df0c9666c72021-12-22 11:49:46.944root 11241100x80000000000000003858510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9a3c5001e7a33a2021-12-22 11:49:46.944root 11241100x80000000000000003858511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9f0e5e9c6bc90b2021-12-22 11:49:46.944root 11241100x80000000000000003858512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a04196b0301dc3e2021-12-22 11:49:46.944root 11241100x80000000000000003858513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4568be86577cfae72021-12-22 11:49:46.944root 11241100x80000000000000003858514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb0ab83ce370fbc2021-12-22 11:49:46.944root 11241100x80000000000000003858515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c74c65aaee817202021-12-22 11:49:46.944root 11241100x80000000000000003858516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf59b9ea1df3b7342021-12-22 11:49:46.944root 11241100x80000000000000003858517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64596e5e7faa3222021-12-22 11:49:46.944root 11241100x80000000000000003858518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7a92bce61264cd2021-12-22 11:49:46.944root 11241100x80000000000000003858519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd836c2222c57932021-12-22 11:49:46.944root 11241100x80000000000000003858520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18b3bea31f759dd2021-12-22 11:49:46.945root 11241100x80000000000000003858521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4946e15a2dcaca52021-12-22 11:49:46.945root 11241100x80000000000000003858522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6df9925156f9b5d2021-12-22 11:49:46.945root 11241100x80000000000000003858523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f643f16789c708e12021-12-22 11:49:46.945root 11241100x80000000000000003858524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fde2f8fd2c5664e2021-12-22 11:49:46.945root 11241100x80000000000000003858525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae163d8d359d4db62021-12-22 11:49:46.945root 11241100x80000000000000003858526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28ed26e87a95f5c2021-12-22 11:49:46.945root 11241100x80000000000000003858527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf66e7b010004ce12021-12-22 11:49:46.945root 11241100x80000000000000003858528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5696ec165faec72021-12-22 11:49:46.945root 11241100x80000000000000003858529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a95b722f7432df42021-12-22 11:49:46.945root 11241100x80000000000000003858530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805c9e5e86bc03d72021-12-22 11:49:46.945root 11241100x80000000000000003858531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129aab57bac713932021-12-22 11:49:46.945root 11241100x80000000000000003858532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9344acea169cfa2021-12-22 11:49:46.945root 11241100x80000000000000003858533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c17b52fdb81f902021-12-22 11:49:46.945root 11241100x80000000000000003858534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31a472ef8ef0f352021-12-22 11:49:46.945root 11241100x80000000000000003858535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d555ce44b9ca36dc2021-12-22 11:49:46.945root 11241100x80000000000000003858536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3610930a29ac97b2021-12-22 11:49:46.946root 11241100x80000000000000003858537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d81b39fe66737352021-12-22 11:49:46.946root 11241100x80000000000000003858538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8451782328b2b5012021-12-22 11:49:46.946root 11241100x80000000000000003858539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a20df16b3c133e42021-12-22 11:49:46.946root 11241100x80000000000000003858540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d0f6190273b2972021-12-22 11:49:46.946root 11241100x80000000000000003858541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c020fa6c22cbb322021-12-22 11:49:46.946root 11241100x80000000000000003858542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07886b72033a28382021-12-22 11:49:46.946root 11241100x80000000000000003858543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5debae66acd957132021-12-22 11:49:46.946root 11241100x80000000000000003858544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8188dc772fff5d302021-12-22 11:49:46.946root 11241100x80000000000000003858545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c9717d0bcd21c12021-12-22 11:49:46.946root 11241100x80000000000000003858546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5dcf62ee04c7e7b2021-12-22 11:49:46.946root 11241100x80000000000000003858547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4722754df0d4dda22021-12-22 11:49:46.946root 11241100x80000000000000003858548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e122fd34b46ce32021-12-22 11:49:46.946root 11241100x80000000000000003858549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd82df7b8956cf42021-12-22 11:49:46.946root 11241100x80000000000000003858550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b7cac086e6d6d72021-12-22 11:49:46.946root 11241100x80000000000000003858551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad735b05314e92a02021-12-22 11:49:46.946root 11241100x80000000000000003858552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab62045a934a6922021-12-22 11:49:46.946root 11241100x80000000000000003858553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e45042cff980bdc2021-12-22 11:49:46.947root 11241100x80000000000000003858554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d0ebf0f8e2aaff2021-12-22 11:49:46.947root 11241100x80000000000000003858555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb6431f1117b8bf2021-12-22 11:49:46.947root 11241100x80000000000000003858556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b8d6a580c850f22021-12-22 11:49:46.947root 11241100x80000000000000003858557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b4008057a62af22021-12-22 11:49:46.947root 11241100x80000000000000003858558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8c3dd7eede756d2021-12-22 11:49:46.947root 11241100x80000000000000003858559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b5f68ecc949dfc2021-12-22 11:49:47.443root 11241100x80000000000000003858560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632f4e154a0bf15c2021-12-22 11:49:47.443root 11241100x80000000000000003858561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c667cf7cfc01e8b92021-12-22 11:49:47.443root 11241100x80000000000000003858562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190819fa721cfad72021-12-22 11:49:47.444root 11241100x80000000000000003858563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f924f3f53e9d1672021-12-22 11:49:47.444root 11241100x80000000000000003858564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a544d9dc2c76ec832021-12-22 11:49:47.444root 11241100x80000000000000003858565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7acc00c2a0af6ec2021-12-22 11:49:47.444root 11241100x80000000000000003858566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83522ee51a71c51a2021-12-22 11:49:47.444root 11241100x80000000000000003858567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221aa99c7fc047b62021-12-22 11:49:47.444root 11241100x80000000000000003858568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e07dc2fcdfda3302021-12-22 11:49:47.444root 11241100x80000000000000003858569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d11c48d756bb8f2021-12-22 11:49:47.444root 11241100x80000000000000003858570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1fa788856d226132021-12-22 11:49:47.444root 11241100x80000000000000003858571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ebbd95b64bb87bc2021-12-22 11:49:47.445root 11241100x80000000000000003858572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42555e6e5c53cf902021-12-22 11:49:47.445root 11241100x80000000000000003858573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f9a713b8a0f69c2021-12-22 11:49:47.445root 11241100x80000000000000003858574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc6cd0c749f7bf42021-12-22 11:49:47.445root 11241100x80000000000000003858575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4ccc9532d19e262021-12-22 11:49:47.445root 11241100x80000000000000003858576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da211974e95867d52021-12-22 11:49:47.445root 11241100x80000000000000003858577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf2ca23d390582a2021-12-22 11:49:47.445root 11241100x80000000000000003858578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41f0e85fdf4b19e2021-12-22 11:49:47.445root 11241100x80000000000000003858579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efae58179492cb922021-12-22 11:49:47.445root 11241100x80000000000000003858580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6abf369928e703d12021-12-22 11:49:47.445root 11241100x80000000000000003858581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5509c548feaa4d5e2021-12-22 11:49:47.446root 11241100x80000000000000003858582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a49bebf4758e9e2021-12-22 11:49:47.446root 11241100x80000000000000003858583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95ad2d4e914df772021-12-22 11:49:47.446root 11241100x80000000000000003858584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bfc945350880e4b2021-12-22 11:49:47.446root 11241100x80000000000000003858585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0849c19f16844c812021-12-22 11:49:47.446root 11241100x80000000000000003858586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae40004e4cbec0d42021-12-22 11:49:47.446root 11241100x80000000000000003858587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecdba7459e12f8512021-12-22 11:49:47.446root 11241100x80000000000000003858588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3431959a5b3e6e482021-12-22 11:49:47.446root 11241100x80000000000000003858589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71aee8a23a351b002021-12-22 11:49:47.446root 11241100x80000000000000003858590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9cd580f04283502021-12-22 11:49:47.446root 11241100x80000000000000003858591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7210638a8da8a53a2021-12-22 11:49:47.447root 11241100x80000000000000003858592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a850b33ee86b2f22021-12-22 11:49:47.447root 11241100x80000000000000003858593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73452738a0d222e32021-12-22 11:49:47.447root 11241100x80000000000000003858594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d314df2d215e5c2021-12-22 11:49:47.447root 11241100x80000000000000003858595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06db446c951ed5b2021-12-22 11:49:47.447root 11241100x80000000000000003858596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4866b1a2ff8a4db42021-12-22 11:49:47.447root 11241100x80000000000000003858597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a990b4b4512c132021-12-22 11:49:47.448root 11241100x80000000000000003858598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4e3b2b7930b9e72021-12-22 11:49:47.448root 11241100x80000000000000003858599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d214f85d070028c22021-12-22 11:49:47.448root 11241100x80000000000000003858600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718c0804daf4725d2021-12-22 11:49:47.448root 11241100x80000000000000003858601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ef64eabb840d772021-12-22 11:49:47.448root 11241100x80000000000000003858602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ab9cf08956d7f72021-12-22 11:49:47.448root 11241100x80000000000000003858603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef07087c66cc802b2021-12-22 11:49:47.448root 11241100x80000000000000003858604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b43b1ce520d26d2021-12-22 11:49:47.448root 11241100x80000000000000003858605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243b4e1efcad85312021-12-22 11:49:47.448root 11241100x80000000000000003858606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96906113c76a36f82021-12-22 11:49:47.449root 11241100x80000000000000003858607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f9bd406aa7f1752021-12-22 11:49:47.449root 11241100x80000000000000003858608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d74c7f6a4fc4642021-12-22 11:49:47.449root 11241100x80000000000000003858609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7c606f6e5443a22021-12-22 11:49:47.449root 11241100x80000000000000003858610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68aa4e00a0c425072021-12-22 11:49:47.943root 11241100x80000000000000003858611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d49fae95143e0082021-12-22 11:49:47.943root 11241100x80000000000000003858612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ada6b0b3c59f412021-12-22 11:49:47.943root 11241100x80000000000000003858613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec4d578df29dd5b2021-12-22 11:49:47.943root 11241100x80000000000000003858614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c74fb55b7ce1b1f2021-12-22 11:49:47.943root 11241100x80000000000000003858615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e2d8514b3062092021-12-22 11:49:47.943root 11241100x80000000000000003858616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e8784b9bd5b0832021-12-22 11:49:47.943root 11241100x80000000000000003858617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90d7e5908f963af2021-12-22 11:49:47.943root 11241100x80000000000000003858618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389fca46b8e109062021-12-22 11:49:47.943root 11241100x80000000000000003858619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab8afa9976b3fa12021-12-22 11:49:47.944root 11241100x80000000000000003858620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c43f82f1ab8f6fb2021-12-22 11:49:47.944root 11241100x80000000000000003858621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25f43fa37fc7c5e2021-12-22 11:49:47.944root 11241100x80000000000000003858622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380c4b5cbcdf00c72021-12-22 11:49:47.944root 11241100x80000000000000003858623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1654956b540847ea2021-12-22 11:49:47.944root 11241100x80000000000000003858624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64185f8de99638df2021-12-22 11:49:47.944root 11241100x80000000000000003858625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d0f0d42a1290a02021-12-22 11:49:47.944root 11241100x80000000000000003858626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f013a71e58c1d0292021-12-22 11:49:47.944root 11241100x80000000000000003858627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2cc5ab98adbb84f2021-12-22 11:49:47.944root 11241100x80000000000000003858628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9059582031cc64eb2021-12-22 11:49:47.944root 11241100x80000000000000003858629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbefca15d0d6ed02021-12-22 11:49:47.945root 11241100x80000000000000003858630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6261648edbac2d672021-12-22 11:49:47.945root 11241100x80000000000000003858631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ffe59b9e57e2ae92021-12-22 11:49:47.945root 11241100x80000000000000003858632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69affb243cfb1fc22021-12-22 11:49:47.945root 11241100x80000000000000003858633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bba3ab88f6419592021-12-22 11:49:47.945root 11241100x80000000000000003858634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56873afc50ada8d02021-12-22 11:49:47.945root 11241100x80000000000000003858635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad5068039a1f5542021-12-22 11:49:47.945root 11241100x80000000000000003858636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ba0fd9852471d32021-12-22 11:49:47.946root 11241100x80000000000000003858637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9e2f8ec6e499882021-12-22 11:49:47.946root 11241100x80000000000000003858638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70faf49d7e952c9e2021-12-22 11:49:47.946root 11241100x80000000000000003858639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e5064bf8d427852021-12-22 11:49:47.946root 11241100x80000000000000003858640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae94f22f0d2518ef2021-12-22 11:49:47.947root 11241100x80000000000000003858641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9157e9c9bb5c0f2021-12-22 11:49:47.947root 11241100x80000000000000003858642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb2c061575f6dab2021-12-22 11:49:47.947root 11241100x80000000000000003858643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6bdeaef29ad58d22021-12-22 11:49:47.947root 11241100x80000000000000003858644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c74d8a9048998ad2021-12-22 11:49:47.947root 11241100x80000000000000003858645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a364a0bae757f42021-12-22 11:49:47.947root 11241100x80000000000000003858646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a737d34dce82dd62021-12-22 11:49:47.947root 11241100x80000000000000003858647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9682199c572f522e2021-12-22 11:49:47.947root 11241100x80000000000000003858648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f07144678329ce42021-12-22 11:49:47.948root 11241100x80000000000000003858649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10195cea69a6092a2021-12-22 11:49:47.948root 11241100x80000000000000003858650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3d79f05aaa34732021-12-22 11:49:47.948root 11241100x80000000000000003858651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3661f8990d0e30012021-12-22 11:49:47.948root 11241100x80000000000000003858652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284280d198831ff42021-12-22 11:49:47.948root 11241100x80000000000000003858653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1f8ece417be4732021-12-22 11:49:47.948root 11241100x80000000000000003858654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30fb98a7296eda7a2021-12-22 11:49:47.948root 11241100x80000000000000003858655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3174c7650521ef2021-12-22 11:49:47.948root 11241100x80000000000000003858656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5615bae31ddc612021-12-22 11:49:47.948root 11241100x80000000000000003858657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb6102a65697d132021-12-22 11:49:47.948root 11241100x80000000000000003858658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b153b8d3e68906592021-12-22 11:49:47.949root 11241100x80000000000000003858659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9001b139ebb374e2021-12-22 11:49:47.949root 11241100x80000000000000003858660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949d270dbe60c1512021-12-22 11:49:47.949root 11241100x80000000000000003858661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b6cbbc3142a8952021-12-22 11:49:47.949root 11241100x80000000000000003858662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220932022a3f537b2021-12-22 11:49:47.949root 11241100x80000000000000003858663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:47.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda7bdddd23255352021-12-22 11:49:47.949root 11241100x80000000000000003858664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5997f896f8f5402021-12-22 11:49:48.443root 11241100x80000000000000003858665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4dedb2b5b605e752021-12-22 11:49:48.443root 11241100x80000000000000003858666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c816a796e9d45f902021-12-22 11:49:48.443root 11241100x80000000000000003858667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37767d5caee9f1e72021-12-22 11:49:48.444root 11241100x80000000000000003858668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a6062e50b9fa0b2021-12-22 11:49:48.444root 11241100x80000000000000003858669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f517374c599d35c2021-12-22 11:49:48.444root 11241100x80000000000000003858670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e57ac1e4afef512021-12-22 11:49:48.444root 11241100x80000000000000003858671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25911636ec8b8b42021-12-22 11:49:48.444root 11241100x80000000000000003858672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226f27e225420a192021-12-22 11:49:48.444root 11241100x80000000000000003858673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d61634abbc75c32021-12-22 11:49:48.444root 11241100x80000000000000003858674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddcedd868ecbf2e92021-12-22 11:49:48.444root 11241100x80000000000000003858675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825532592e6551282021-12-22 11:49:48.444root 11241100x80000000000000003858676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c66d95bb433c8a2021-12-22 11:49:48.444root 11241100x80000000000000003858677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81be96f5e07396482021-12-22 11:49:48.444root 11241100x80000000000000003858678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4893d3838b73bdd42021-12-22 11:49:48.445root 11241100x80000000000000003858679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee2a738690c4b552021-12-22 11:49:48.445root 11241100x80000000000000003858680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daad03d079b4a3da2021-12-22 11:49:48.445root 11241100x80000000000000003858681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b865036b3759d862021-12-22 11:49:48.445root 11241100x80000000000000003858682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37291c3350b611092021-12-22 11:49:48.445root 11241100x80000000000000003858683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3b028469be5d1a2021-12-22 11:49:48.445root 11241100x80000000000000003858684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775a9d5d5f82a3102021-12-22 11:49:48.445root 11241100x80000000000000003858685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a87219ac734d79122021-12-22 11:49:48.445root 11241100x80000000000000003858686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32aeaa1245804202021-12-22 11:49:48.445root 11241100x80000000000000003858687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93973b02d0feb962021-12-22 11:49:48.445root 11241100x80000000000000003858688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0cc3c27ae3a0e262021-12-22 11:49:48.446root 11241100x80000000000000003858689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8cee4fe89f80a12021-12-22 11:49:48.446root 11241100x80000000000000003858690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a793d4886d38fd2021-12-22 11:49:48.446root 11241100x80000000000000003858691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6d37877e24671a2021-12-22 11:49:48.446root 11241100x80000000000000003858692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008ce439ca3a0b8c2021-12-22 11:49:48.446root 11241100x80000000000000003858693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75080a706ceb897e2021-12-22 11:49:48.446root 11241100x80000000000000003858694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9939c8e8fe1f9feb2021-12-22 11:49:48.446root 11241100x80000000000000003858695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276bc1357fc43b972021-12-22 11:49:48.446root 11241100x80000000000000003858696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060fed68604121282021-12-22 11:49:48.446root 11241100x80000000000000003858697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1638fcbf8827ee7c2021-12-22 11:49:48.446root 11241100x80000000000000003858698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04777ecec68efff2021-12-22 11:49:48.446root 11241100x80000000000000003858699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d2be05431d7c5f2021-12-22 11:49:48.447root 11241100x80000000000000003858700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91b26470bc3acef2021-12-22 11:49:48.447root 11241100x80000000000000003858701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ff041f6b934ec82021-12-22 11:49:48.447root 11241100x80000000000000003858702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8658c35ca759f1d2021-12-22 11:49:48.447root 11241100x80000000000000003858703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451a1808c6a2fc5d2021-12-22 11:49:48.449root 11241100x80000000000000003858704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72bfe4b885b801de2021-12-22 11:49:48.449root 11241100x80000000000000003858705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7be1ae3355ba4882021-12-22 11:49:48.450root 11241100x80000000000000003858706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a552884e172a822021-12-22 11:49:48.450root 11241100x80000000000000003858707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced0a3f249359d5c2021-12-22 11:49:48.450root 11241100x80000000000000003858708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e19c3c16db35b42021-12-22 11:49:48.943root 11241100x80000000000000003858709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f733dce3183468ce2021-12-22 11:49:48.944root 11241100x80000000000000003858710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1fdfcce02012662021-12-22 11:49:48.945root 11241100x80000000000000003858711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563710e04daf474e2021-12-22 11:49:48.945root 11241100x80000000000000003858712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d91471e99234e502021-12-22 11:49:48.945root 11241100x80000000000000003858713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658bad76c408f0da2021-12-22 11:49:48.945root 11241100x80000000000000003858714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb471d5319eb86f2021-12-22 11:49:48.945root 11241100x80000000000000003858715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f89d37fc4d6831292021-12-22 11:49:48.945root 11241100x80000000000000003858716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d51fb63eb49d732021-12-22 11:49:48.945root 11241100x80000000000000003858717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4d19c6fa3415c42021-12-22 11:49:48.945root 11241100x80000000000000003858718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc6433dd0d0c8422021-12-22 11:49:48.945root 11241100x80000000000000003858719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c9c02ff394da832021-12-22 11:49:48.945root 11241100x80000000000000003858720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f99a44f830718d52021-12-22 11:49:48.945root 11241100x80000000000000003858721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40417dd0bbdc5b4a2021-12-22 11:49:48.946root 11241100x80000000000000003858722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45b1b761ba694572021-12-22 11:49:48.946root 11241100x80000000000000003858723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca8689da7d2faed2021-12-22 11:49:48.946root 11241100x80000000000000003858724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2098e4b987b41e302021-12-22 11:49:48.946root 11241100x80000000000000003858725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d35e469617b1c6b2021-12-22 11:49:48.946root 11241100x80000000000000003858726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d771a5a800cfaa2021-12-22 11:49:48.946root 11241100x80000000000000003858727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c793d23d04d7532021-12-22 11:49:48.946root 11241100x80000000000000003858728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44b2863a2c23b8a2021-12-22 11:49:48.946root 11241100x80000000000000003858729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a547392f2e47787a2021-12-22 11:49:48.946root 11241100x80000000000000003858730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f4f84ccb767e392021-12-22 11:49:48.947root 11241100x80000000000000003858731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a36fc439ee728a2021-12-22 11:49:48.947root 11241100x80000000000000003858732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8686b435ada19fd2021-12-22 11:49:48.947root 11241100x80000000000000003858733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d059a7be96d0be622021-12-22 11:49:48.947root 11241100x80000000000000003858734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57725a222ed2d08a2021-12-22 11:49:48.947root 11241100x80000000000000003858735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f930ff89b1ac56a2021-12-22 11:49:48.947root 11241100x80000000000000003858736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35109850df11e8d2021-12-22 11:49:48.947root 11241100x80000000000000003858737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4353b29abdad312021-12-22 11:49:48.947root 11241100x80000000000000003858738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9046220eab8dcf2021-12-22 11:49:48.947root 11241100x80000000000000003858739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6457fb547651edab2021-12-22 11:49:48.948root 11241100x80000000000000003858740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2fefe5e3d9f9802021-12-22 11:49:48.948root 11241100x80000000000000003858741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc56019df118638c2021-12-22 11:49:48.948root 11241100x80000000000000003858742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f151d3116081c44f2021-12-22 11:49:48.948root 11241100x80000000000000003858743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f10b55fe5ec59ce2021-12-22 11:49:48.948root 11241100x80000000000000003858744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7159887cabe5262021-12-22 11:49:48.948root 11241100x80000000000000003858745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d8fc6a8a445c502021-12-22 11:49:48.948root 11241100x80000000000000003858746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71116c53ec9560cb2021-12-22 11:49:48.948root 11241100x80000000000000003858747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf7898b72b07f3b2021-12-22 11:49:48.949root 11241100x80000000000000003858748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1c1835921e49882021-12-22 11:49:48.949root 11241100x80000000000000003858749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:48.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4d81ae82e88edc2021-12-22 11:49:48.949root 11241100x80000000000000003858750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8c10700b1cb8852021-12-22 11:49:49.442root 11241100x80000000000000003858751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156f04514f8358822021-12-22 11:49:49.443root 11241100x80000000000000003858752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efeb168436104c902021-12-22 11:49:49.443root 11241100x80000000000000003858753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c3ed703133f2e32021-12-22 11:49:49.443root 11241100x80000000000000003858754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3a29ff7ba8778e2021-12-22 11:49:49.443root 11241100x80000000000000003858755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88fad35928bc14dc2021-12-22 11:49:49.443root 11241100x80000000000000003858756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc3dcf94255b8af2021-12-22 11:49:49.443root 11241100x80000000000000003858757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfd8abaa140f7152021-12-22 11:49:49.443root 11241100x80000000000000003858758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d147983f271024c52021-12-22 11:49:49.444root 11241100x80000000000000003858759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815f28cc2c38b8962021-12-22 11:49:49.444root 11241100x80000000000000003858760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ce2a8c0ac396d32021-12-22 11:49:49.444root 11241100x80000000000000003858761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd80931711547562021-12-22 11:49:49.444root 11241100x80000000000000003858762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e78d4a1facd3d12021-12-22 11:49:49.444root 11241100x80000000000000003858763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f11c0aca444dd32021-12-22 11:49:49.444root 11241100x80000000000000003858764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b8c775412c89fe2021-12-22 11:49:49.444root 11241100x80000000000000003858765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5bdf2e872b83c202021-12-22 11:49:49.445root 11241100x80000000000000003858766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f9d4177f7dbb0f2021-12-22 11:49:49.445root 11241100x80000000000000003858767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5ca4ba57c3a1b72021-12-22 11:49:49.445root 11241100x80000000000000003858768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247a9869b86849f42021-12-22 11:49:49.445root 11241100x80000000000000003858769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8662b6310d6d57d2021-12-22 11:49:49.445root 11241100x80000000000000003858770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e9d8a87163d0732021-12-22 11:49:49.445root 11241100x80000000000000003858771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38015f65ba22b7e12021-12-22 11:49:49.445root 11241100x80000000000000003858772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e2f8500d840bbe2021-12-22 11:49:49.445root 11241100x80000000000000003858773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26895f2cda5ac8862021-12-22 11:49:49.445root 11241100x80000000000000003858774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de48968d4c2b86c2021-12-22 11:49:49.445root 11241100x80000000000000003858775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7b609642fab20f2021-12-22 11:49:49.446root 11241100x80000000000000003858776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525ffe2e88a52c2b2021-12-22 11:49:49.446root 11241100x80000000000000003858777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e552780451ffbc12021-12-22 11:49:49.446root 11241100x80000000000000003858778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cbe8c5b12267982021-12-22 11:49:49.446root 11241100x80000000000000003858779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1d637c3d90f9e92021-12-22 11:49:49.446root 11241100x80000000000000003858780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8663bb3f15a95fe02021-12-22 11:49:49.446root 11241100x80000000000000003858781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c534e2b77643ab32021-12-22 11:49:49.446root 11241100x80000000000000003858782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f67288b1ca9ebc2021-12-22 11:49:49.446root 11241100x80000000000000003858783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2a61dc99b2224e2021-12-22 11:49:49.447root 11241100x80000000000000003858784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d8f70e7d048f612021-12-22 11:49:49.447root 11241100x80000000000000003858785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d636bcc923aeb152021-12-22 11:49:49.447root 11241100x80000000000000003858786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1957e87316b63912021-12-22 11:49:49.447root 11241100x80000000000000003858787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9854d7dfff96ede12021-12-22 11:49:49.448root 11241100x80000000000000003858788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d395a5cc4ade102021-12-22 11:49:49.448root 11241100x80000000000000003858789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05421518b143d0e2021-12-22 11:49:49.448root 11241100x80000000000000003858790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2807b0b5f416ca2021-12-22 11:49:49.448root 11241100x80000000000000003858791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3982206c8ddc33b32021-12-22 11:49:49.448root 11241100x80000000000000003858792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ac5786ace6fe822021-12-22 11:49:49.448root 11241100x80000000000000003858793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7e55c8ccc067772021-12-22 11:49:49.448root 11241100x80000000000000003858794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499af5cd687d950a2021-12-22 11:49:49.448root 11241100x80000000000000003858795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630c69487ba29de22021-12-22 11:49:49.448root 11241100x80000000000000003858796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bcf84f198df2012021-12-22 11:49:49.449root 11241100x80000000000000003858797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c981cd4ec9d0215f2021-12-22 11:49:49.449root 11241100x80000000000000003858798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082b757b3e3e66362021-12-22 11:49:49.449root 11241100x80000000000000003858799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4139ecae8b1a12d42021-12-22 11:49:49.449root 11241100x80000000000000003858800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d2716d5b89b8d92021-12-22 11:49:49.449root 11241100x80000000000000003858801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0780c951f81fffb2021-12-22 11:49:49.450root 11241100x80000000000000003858802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63aee8a4fb2c186d2021-12-22 11:49:49.450root 11241100x80000000000000003858803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e509c8012a84902021-12-22 11:49:49.450root 11241100x80000000000000003858804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d439bf52b80da222021-12-22 11:49:49.943root 11241100x80000000000000003858805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67efb63dac67e5b62021-12-22 11:49:49.943root 11241100x80000000000000003858806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04cdcb387cc3d4502021-12-22 11:49:49.943root 11241100x80000000000000003858807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1927406ba64609fb2021-12-22 11:49:49.943root 11241100x80000000000000003858808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953b0093449821f42021-12-22 11:49:49.943root 11241100x80000000000000003858809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f719039f4685d1f2021-12-22 11:49:49.943root 11241100x80000000000000003858810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299492a4ede81f8f2021-12-22 11:49:49.943root 11241100x80000000000000003858811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077a4da3614ede652021-12-22 11:49:49.943root 11241100x80000000000000003858812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4712b9a9c3ba8192021-12-22 11:49:49.944root 11241100x80000000000000003858813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a5474cbf812c422021-12-22 11:49:49.944root 11241100x80000000000000003858814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63cb9caef51999ba2021-12-22 11:49:49.944root 11241100x80000000000000003858815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55993b1febcb34e92021-12-22 11:49:49.944root 11241100x80000000000000003858816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a02cf4001c3c2562021-12-22 11:49:49.944root 11241100x80000000000000003858817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115e97597f948ebb2021-12-22 11:49:49.945root 11241100x80000000000000003858818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edebdbba0623d2bc2021-12-22 11:49:49.945root 11241100x80000000000000003858819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f389c496109c28c2021-12-22 11:49:49.945root 11241100x80000000000000003858820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c96ea3bedc8dc372021-12-22 11:49:49.945root 11241100x80000000000000003858821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3450f5277cdde112021-12-22 11:49:49.945root 11241100x80000000000000003858822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5155eec4bf07b12021-12-22 11:49:49.945root 11241100x80000000000000003858823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a98c2ca134ac482021-12-22 11:49:49.945root 11241100x80000000000000003858824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080622c98be429e02021-12-22 11:49:49.945root 11241100x80000000000000003858825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebbda0cee18f749c2021-12-22 11:49:49.945root 11241100x80000000000000003858826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b4ad5f50a4fd322021-12-22 11:49:49.945root 11241100x80000000000000003858827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de24281f1d1d9012021-12-22 11:49:49.946root 11241100x80000000000000003858828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1c2b06c658e5f32021-12-22 11:49:49.946root 11241100x80000000000000003858829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858904f967d1d32d2021-12-22 11:49:49.946root 11241100x80000000000000003858830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93dbefb2c22415c12021-12-22 11:49:49.946root 11241100x80000000000000003858831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf70291167177d82021-12-22 11:49:49.946root 11241100x80000000000000003858832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392b54c6e77df3762021-12-22 11:49:49.946root 11241100x80000000000000003858833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc94753370e50c12021-12-22 11:49:49.946root 11241100x80000000000000003858834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1873efea954bc4a82021-12-22 11:49:49.946root 11241100x80000000000000003858835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29258ab567ac43142021-12-22 11:49:49.946root 11241100x80000000000000003858836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a5a51b5e2b262c2021-12-22 11:49:49.946root 11241100x80000000000000003858837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eda3d7d4936979a2021-12-22 11:49:49.947root 11241100x80000000000000003858838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ebdde2648987002021-12-22 11:49:49.947root 11241100x80000000000000003858839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec61b0d4fab3957c2021-12-22 11:49:49.947root 11241100x80000000000000003858840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd1fa17d19edb332021-12-22 11:49:49.947root 11241100x80000000000000003858841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22b29c0507e36a72021-12-22 11:49:49.947root 11241100x80000000000000003858842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14bad573e3b8fde62021-12-22 11:49:49.947root 11241100x80000000000000003858843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf10e6c4ab8ef402021-12-22 11:49:49.947root 11241100x80000000000000003858844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a70fb9a867635b42021-12-22 11:49:49.947root 11241100x80000000000000003858845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e008cafb6a8ebe22021-12-22 11:49:49.947root 11241100x80000000000000003858846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb152ab552ddeb92021-12-22 11:49:49.947root 11241100x80000000000000003858847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa82393507119ef2021-12-22 11:49:49.948root 11241100x80000000000000003858848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae331a3f7be238852021-12-22 11:49:49.948root 11241100x80000000000000003858849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7de8d0e98f19af2021-12-22 11:49:49.948root 11241100x80000000000000003858850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7be391d90af7072021-12-22 11:49:49.948root 11241100x80000000000000003858851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6e3ffccc864e5f2021-12-22 11:49:49.948root 11241100x80000000000000003858852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13545decd9dc22f62021-12-22 11:49:49.948root 11241100x80000000000000003858853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e557b49d7a8f5eb2021-12-22 11:49:49.948root 11241100x80000000000000003858854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080625e5f941e1232021-12-22 11:49:49.948root 11241100x80000000000000003858855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0387f1c2df9e5a2021-12-22 11:49:49.948root 11241100x80000000000000003858856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde9ead617192fe42021-12-22 11:49:49.948root 11241100x80000000000000003858857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01dd5dc5858183542021-12-22 11:49:49.949root 11241100x80000000000000003858858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4421f7b63ac2eb2021-12-22 11:49:49.949root 11241100x80000000000000003858859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69da24f80faaadb92021-12-22 11:49:49.949root 11241100x80000000000000003858860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff9d57309fb659a2021-12-22 11:49:49.949root 11241100x80000000000000003858861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a387a5029a792272021-12-22 11:49:49.949root 11241100x80000000000000003858862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e191ff3db957e34b2021-12-22 11:49:49.949root 11241100x80000000000000003858863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca678fca34311dd2021-12-22 11:49:49.949root 11241100x80000000000000003858864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e059af9e889dacb2021-12-22 11:49:49.950root 11241100x80000000000000003858865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01246e543c88d6c2021-12-22 11:49:49.950root 11241100x80000000000000003858866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3862d29c7d865a102021-12-22 11:49:49.950root 11241100x80000000000000003858867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc0632ef726ef702021-12-22 11:49:49.950root 11241100x80000000000000003858868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147e0003f7a012372021-12-22 11:49:49.950root 11241100x80000000000000003858869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad65435425fad29f2021-12-22 11:49:49.950root 11241100x80000000000000003858870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:49.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f4ddddae804c472021-12-22 11:49:49.950root 354300x80000000000000003858871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.203{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55514-false10.0.1.12-8000- 11241100x80000000000000003858872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb014a2052a1d6502021-12-22 11:49:50.204root 11241100x80000000000000003858873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1155942a5885a2502021-12-22 11:49:50.204root 11241100x80000000000000003858874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0ab074073a2bf22021-12-22 11:49:50.204root 11241100x80000000000000003858875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1003a53f8f6b72f42021-12-22 11:49:50.204root 11241100x80000000000000003858876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f2963617d026182021-12-22 11:49:50.204root 11241100x80000000000000003858877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7ebe2be41b3df02021-12-22 11:49:50.205root 11241100x80000000000000003858878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a166824f4435902021-12-22 11:49:50.205root 11241100x80000000000000003858879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95bd385eb89973cd2021-12-22 11:49:50.205root 11241100x80000000000000003858880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1dace3f4b446eb2021-12-22 11:49:50.205root 11241100x80000000000000003858881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae6261cb1e0b7402021-12-22 11:49:50.205root 11241100x80000000000000003858882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac22735c83e5e7a72021-12-22 11:49:50.205root 11241100x80000000000000003858883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d204014f64aebf2021-12-22 11:49:50.206root 11241100x80000000000000003858884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624ef037cdf001c32021-12-22 11:49:50.206root 11241100x80000000000000003858885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14a679d6ec9c4a12021-12-22 11:49:50.206root 11241100x80000000000000003858886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5098e3dd2c736b652021-12-22 11:49:50.206root 11241100x80000000000000003858887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0a630d7ddeaea42021-12-22 11:49:50.206root 11241100x80000000000000003858888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0220623452ce261a2021-12-22 11:49:50.206root 11241100x80000000000000003858889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b898dc303756478f2021-12-22 11:49:50.207root 11241100x80000000000000003858890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c006c1a5542b08b32021-12-22 11:49:50.207root 11241100x80000000000000003858891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af447c2c8af45b2e2021-12-22 11:49:50.207root 11241100x80000000000000003858892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44dfde33503446992021-12-22 11:49:50.207root 11241100x80000000000000003858893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab510f9250e1d19a2021-12-22 11:49:50.207root 11241100x80000000000000003858894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f4c895e7faf9032021-12-22 11:49:50.207root 11241100x80000000000000003858895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e61ac817c4956c2021-12-22 11:49:50.207root 11241100x80000000000000003858896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70500c76844b6cc92021-12-22 11:49:50.208root 11241100x80000000000000003858897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35b641ac6e39ce52021-12-22 11:49:50.208root 11241100x80000000000000003858898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe59aebd60b52612021-12-22 11:49:50.208root 11241100x80000000000000003858899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b1868d2b3fbdca2021-12-22 11:49:50.208root 11241100x80000000000000003858900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf199bc6984d7262021-12-22 11:49:50.208root 11241100x80000000000000003858901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ded1f426914e5be2021-12-22 11:49:50.208root 11241100x80000000000000003858902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197aca47b891741e2021-12-22 11:49:50.208root 11241100x80000000000000003858903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00218af1f2ff05f62021-12-22 11:49:50.208root 11241100x80000000000000003858904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2c5ab60a9efd842021-12-22 11:49:50.208root 11241100x80000000000000003858905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386d0bc91b6486fd2021-12-22 11:49:50.208root 11241100x80000000000000003858906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48878e7c762317402021-12-22 11:49:50.208root 11241100x80000000000000003858907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb75a479eef86802021-12-22 11:49:50.208root 11241100x80000000000000003858908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfba152b1957d4342021-12-22 11:49:50.208root 11241100x80000000000000003858909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0dfbbd5b06ec2d2021-12-22 11:49:50.208root 11241100x80000000000000003858910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd950c3c4cb75f52021-12-22 11:49:50.209root 11241100x80000000000000003858911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26bc9383906f458b2021-12-22 11:49:50.209root 11241100x80000000000000003858912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4db89e5a2e91612021-12-22 11:49:50.209root 11241100x80000000000000003858913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80bd65bf08de219f2021-12-22 11:49:50.209root 11241100x80000000000000003858914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b630e6901a3d042021-12-22 11:49:50.209root 11241100x80000000000000003858915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05d567fbddec4dc2021-12-22 11:49:50.209root 11241100x80000000000000003858916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309ef9c0b2fd49402021-12-22 11:49:50.209root 11241100x80000000000000003858917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8a47ed91d3c63d2021-12-22 11:49:50.209root 11241100x80000000000000003858918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863753b77ba339b22021-12-22 11:49:50.209root 11241100x80000000000000003858919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ccbd760a3127ef2021-12-22 11:49:50.209root 11241100x80000000000000003858920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a82e9513a369352021-12-22 11:49:50.209root 11241100x80000000000000003858921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39d765f61d582762021-12-22 11:49:50.210root 11241100x80000000000000003858922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b17292fdba59d32021-12-22 11:49:50.210root 11241100x80000000000000003858923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01ade35507f89c22021-12-22 11:49:50.210root 11241100x80000000000000003858924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011d58e35a3f1fa12021-12-22 11:49:50.210root 11241100x80000000000000003858925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430d475c33b983df2021-12-22 11:49:50.210root 11241100x80000000000000003858926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec354996dd25c0a2021-12-22 11:49:50.210root 11241100x80000000000000003858927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab56b888d825cff12021-12-22 11:49:50.210root 11241100x80000000000000003858928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76aafd17458f2a12021-12-22 11:49:50.210root 11241100x80000000000000003858929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b124c26cd4910f82021-12-22 11:49:50.210root 11241100x80000000000000003858930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1959b81d10a7f14f2021-12-22 11:49:50.210root 11241100x80000000000000003858931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc6d3052c73ce412021-12-22 11:49:50.693root 11241100x80000000000000003858932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f974be45d5bc1ebe2021-12-22 11:49:50.693root 11241100x80000000000000003858933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174389cd2f9ffec42021-12-22 11:49:50.693root 11241100x80000000000000003858934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29548a339fa38672021-12-22 11:49:50.693root 11241100x80000000000000003858935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b06df6d25f3003c2021-12-22 11:49:50.694root 11241100x80000000000000003858936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0991509d9d1fffc32021-12-22 11:49:50.694root 11241100x80000000000000003858937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4604704770758fb22021-12-22 11:49:50.694root 11241100x80000000000000003858938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a87b225954d8554c2021-12-22 11:49:50.694root 11241100x80000000000000003858939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475f16effcd332342021-12-22 11:49:50.694root 11241100x80000000000000003858940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f6e078b6fed67f2021-12-22 11:49:50.695root 11241100x80000000000000003858941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb736be7ae993472021-12-22 11:49:50.695root 11241100x80000000000000003858942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ebff7a2a657eff2021-12-22 11:49:50.696root 11241100x80000000000000003858943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be000102c6c429a82021-12-22 11:49:50.696root 11241100x80000000000000003858944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42edcdf506177922021-12-22 11:49:50.696root 11241100x80000000000000003858945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff901dc6cbf2fb342021-12-22 11:49:50.696root 11241100x80000000000000003858946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ca23f5e60e2f7e2021-12-22 11:49:50.696root 11241100x80000000000000003858947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c49817f0c06433e2021-12-22 11:49:50.697root 11241100x80000000000000003858948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06aa9e114e1be882021-12-22 11:49:50.697root 11241100x80000000000000003858949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c973ee49fea48c2021-12-22 11:49:50.698root 11241100x80000000000000003858950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02186e0484170fdd2021-12-22 11:49:50.698root 11241100x80000000000000003858951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0409b46423eb1eb2021-12-22 11:49:50.698root 11241100x80000000000000003858952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab27c12cc1ccd152021-12-22 11:49:50.699root 11241100x80000000000000003858953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e8e98f17474a8c2021-12-22 11:49:50.699root 11241100x80000000000000003858954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a0c9ebdad647e32021-12-22 11:49:50.699root 11241100x80000000000000003858955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbeca37b1a62234b2021-12-22 11:49:50.699root 11241100x80000000000000003858956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f78fe974195304e2021-12-22 11:49:50.700root 11241100x80000000000000003858957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5bac6ad16fcd7842021-12-22 11:49:50.700root 11241100x80000000000000003858958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c801ecab11f830e82021-12-22 11:49:50.700root 11241100x80000000000000003858959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072c1b4b8e751a482021-12-22 11:49:50.700root 11241100x80000000000000003858960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21333793e50dffc62021-12-22 11:49:50.701root 11241100x80000000000000003858961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d47b6f80a6e16aa2021-12-22 11:49:50.701root 11241100x80000000000000003858962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ef4db64954ed0a2021-12-22 11:49:50.701root 11241100x80000000000000003858963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2964598733899bf82021-12-22 11:49:50.702root 11241100x80000000000000003858964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588d9fa910385d752021-12-22 11:49:50.702root 11241100x80000000000000003858965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9335d7af5117592021-12-22 11:49:50.702root 11241100x80000000000000003858966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9799ba2d38c27cad2021-12-22 11:49:50.703root 11241100x80000000000000003858967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40bddc97baa514c62021-12-22 11:49:50.703root 11241100x80000000000000003858968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59bc0cad00ede172021-12-22 11:49:50.703root 11241100x80000000000000003858969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa338c7ab5889b72021-12-22 11:49:50.704root 11241100x80000000000000003858970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378af7c14a9acbcf2021-12-22 11:49:50.704root 11241100x80000000000000003858971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c8eef0e3e27f7f2021-12-22 11:49:50.704root 11241100x80000000000000003858972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d772eb50283a9d482021-12-22 11:49:50.705root 11241100x80000000000000003858973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f90a5aca8a54e982021-12-22 11:49:50.705root 11241100x80000000000000003858974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8eeb8464801ac62021-12-22 11:49:50.705root 11241100x80000000000000003858975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0cd742f1c2176572021-12-22 11:49:50.706root 11241100x80000000000000003858976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d4887dda5e90eb2021-12-22 11:49:50.706root 11241100x80000000000000003858977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06896df9cfc18a532021-12-22 11:49:50.706root 11241100x80000000000000003858978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18bf950ae86807922021-12-22 11:49:50.706root 11241100x80000000000000003858979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e5f01c0620e4a92021-12-22 11:49:50.707root 11241100x80000000000000003858980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1a6905a4c5e3f32021-12-22 11:49:50.707root 11241100x80000000000000003858981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426abc8006a273ce2021-12-22 11:49:50.707root 11241100x80000000000000003858982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:50.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d46be1f31cf9af2021-12-22 11:49:50.707root 534500x80000000000000003858983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.082{ec2b6afe-10df-61c3-0000-000000000000}19100-ubuntu 11241100x80000000000000003858984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ee06f0dc7bcf8d2021-12-22 11:49:51.083root 11241100x80000000000000003858985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d972c9c2179c4c6e2021-12-22 11:49:51.083root 11241100x80000000000000003858986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22131d4f0f0f8a732021-12-22 11:49:51.083root 11241100x80000000000000003858987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c138b4fc41bdd02d2021-12-22 11:49:51.084root 11241100x80000000000000003858988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb5d893f53590aa2021-12-22 11:49:51.084root 11241100x80000000000000003858989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a1fe18ed996d692021-12-22 11:49:51.084root 11241100x80000000000000003858990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357d128c5d85f12b2021-12-22 11:49:51.084root 534500x80000000000000003858991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.084{ec2b6afe-10df-61c3-0000-000000000000}19101-ubuntu 11241100x80000000000000003858992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.085{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash/tmp/sh-thd.GT0FrM2021-12-22 11:49:51.085ubuntu 11241100x80000000000000003858993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0414ad79bf416fc82021-12-22 11:49:51.085root 23542300x80000000000000003858994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.085{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702ubuntu/bin/bash/tmp/sh-thd.GT0FrM--- 11241100x80000000000000003858995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca0790d3a8f983d2021-12-22 11:49:51.085root 11241100x80000000000000003858996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3176231f220355702021-12-22 11:49:51.086root 11241100x80000000000000003858997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4940fa14112d701e2021-12-22 11:49:51.086root 11241100x80000000000000003858998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df19f8ea80250a0b2021-12-22 11:49:51.087root 11241100x80000000000000003858999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa41be7f28199fcb2021-12-22 11:49:51.087root 11241100x80000000000000003859000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add0c73f36d5232c2021-12-22 11:49:51.088root 11241100x80000000000000003859001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3db08ebfe73e6ec2021-12-22 11:49:51.088root 11241100x80000000000000003859002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79084da7368744ed2021-12-22 11:49:51.088root 11241100x80000000000000003859003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86ccd0d41c856c92021-12-22 11:49:51.088root 11241100x80000000000000003859004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1252f022206a94d32021-12-22 11:49:51.088root 11241100x80000000000000003859005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea8bb66992231922021-12-22 11:49:51.089root 11241100x80000000000000003859006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892e43f7cbe588d52021-12-22 11:49:51.089root 11241100x80000000000000003859007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8928856b8507ec2021-12-22 11:49:51.089root 11241100x80000000000000003859008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2eaf47f32f194e2021-12-22 11:49:51.089root 11241100x80000000000000003859009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733fa5846caf30d42021-12-22 11:49:51.090root 11241100x80000000000000003859010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09c27a52a6d84c22021-12-22 11:49:51.090root 11241100x80000000000000003859011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071e7e80e27d44422021-12-22 11:49:51.090root 11241100x80000000000000003859012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8534658a9eddf0df2021-12-22 11:49:51.090root 11241100x80000000000000003859013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4235273bdfad9ee12021-12-22 11:49:51.091root 11241100x80000000000000003859014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abbcd37d1a7b6152021-12-22 11:49:51.091root 11241100x80000000000000003859015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abc33151d1fc00b2021-12-22 11:49:51.091root 11241100x80000000000000003859016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661d9acaeffa79702021-12-22 11:49:51.091root 11241100x80000000000000003859017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4ac9f8544e85d22021-12-22 11:49:51.091root 11241100x80000000000000003859018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c9a9d8311782432021-12-22 11:49:51.091root 11241100x80000000000000003859019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e675e45387ea362021-12-22 11:49:51.091root 11241100x80000000000000003859020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa91a9512818f2f12021-12-22 11:49:51.091root 11241100x80000000000000003859021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ebb97b4e129e212021-12-22 11:49:51.092root 11241100x80000000000000003859022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115b46ebe0e60f292021-12-22 11:49:51.092root 11241100x80000000000000003859023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add1e10eab5019b52021-12-22 11:49:51.092root 11241100x80000000000000003859024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47680c3ea7cdf6022021-12-22 11:49:51.092root 11241100x80000000000000003859025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581c2285b654689b2021-12-22 11:49:51.093root 11241100x80000000000000003859026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed5f21fa6f6d8552021-12-22 11:49:51.093root 11241100x80000000000000003859027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eabbd918888623b2021-12-22 11:49:51.093root 11241100x80000000000000003859028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95b84b2545df6922021-12-22 11:49:51.093root 11241100x80000000000000003859029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4928c3941896bb82021-12-22 11:49:51.093root 11241100x80000000000000003859030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8d807d939bc2952021-12-22 11:49:51.093root 11241100x80000000000000003859031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbf15c3fbf960ad2021-12-22 11:49:51.093root 11241100x80000000000000003859032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2dd044e8289bf92021-12-22 11:49:51.094root 11241100x80000000000000003859033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3738848e844cf42021-12-22 11:49:51.094root 11241100x80000000000000003859034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a1f305d73dac932021-12-22 11:49:51.094root 11241100x80000000000000003859035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a277ef45a9e00fc72021-12-22 11:49:51.094root 11241100x80000000000000003859036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94bedeb98792953a2021-12-22 11:49:51.094root 11241100x80000000000000003859037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c09741c16269672021-12-22 11:49:51.094root 11241100x80000000000000003859038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d42b3b5e2cac9b2021-12-22 11:49:51.094root 11241100x80000000000000003859039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63c60b588f5bd932021-12-22 11:49:51.095root 11241100x80000000000000003859040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcdf2e4bb089c07b2021-12-22 11:49:51.095root 11241100x80000000000000003859041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2a9c5e88a69bd02021-12-22 11:49:51.095root 11241100x80000000000000003859042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d992f943df38e772021-12-22 11:49:51.095root 11241100x80000000000000003859043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1cac1d00bd2c8ea2021-12-22 11:49:51.095root 11241100x80000000000000003859044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976bda59c5ddd0b02021-12-22 11:49:51.443root 11241100x80000000000000003859045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1444d1ad6f6fb6152021-12-22 11:49:51.443root 11241100x80000000000000003859046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0dbb2d28b18d732021-12-22 11:49:51.443root 11241100x80000000000000003859047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cafa11db6dc171d2021-12-22 11:49:51.443root 11241100x80000000000000003859048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f782f75705793dff2021-12-22 11:49:51.443root 11241100x80000000000000003859049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8eb956b072693642021-12-22 11:49:51.443root 11241100x80000000000000003859050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84943b665d965ad92021-12-22 11:49:51.443root 11241100x80000000000000003859051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66912b0241c965b2021-12-22 11:49:51.444root 11241100x80000000000000003859052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65a083e08961c312021-12-22 11:49:51.444root 11241100x80000000000000003859053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8e3d34f64149472021-12-22 11:49:51.444root 11241100x80000000000000003859054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457ad87ff86b23422021-12-22 11:49:51.444root 11241100x80000000000000003859055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00f9ceb5c785d122021-12-22 11:49:51.444root 11241100x80000000000000003859056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768419a64d4f6f392021-12-22 11:49:51.444root 11241100x80000000000000003859057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b75075af64ec1b2021-12-22 11:49:51.445root 11241100x80000000000000003859058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5727891643ebc02021-12-22 11:49:51.445root 11241100x80000000000000003859059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a5b021d6266b9e2021-12-22 11:49:51.445root 11241100x80000000000000003859060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7e00dfd6b3a91a2021-12-22 11:49:51.445root 11241100x80000000000000003859061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b05efc8f3b67d842021-12-22 11:49:51.445root 11241100x80000000000000003859062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058c716ebee63e662021-12-22 11:49:51.445root 11241100x80000000000000003859063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17fae4c88ddfe1a92021-12-22 11:49:51.445root 11241100x80000000000000003859064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26bd69889cbf0c22021-12-22 11:49:51.446root 11241100x80000000000000003859065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11dddedd19dfc1282021-12-22 11:49:51.446root 11241100x80000000000000003859066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ec55b68e7f51732021-12-22 11:49:51.446root 11241100x80000000000000003859067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2620dfd485ccd942021-12-22 11:49:51.446root 11241100x80000000000000003859068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e6ca5462c609dd2021-12-22 11:49:51.446root 11241100x80000000000000003859069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4f2361ac5c34852021-12-22 11:49:51.446root 11241100x80000000000000003859070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca656e6cb0ad7c582021-12-22 11:49:51.447root 11241100x80000000000000003859071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9278e52689061612021-12-22 11:49:51.447root 11241100x80000000000000003859072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557df77fa80dbbac2021-12-22 11:49:51.447root 11241100x80000000000000003859073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e129e495284443fd2021-12-22 11:49:51.447root 11241100x80000000000000003859074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af965fd08fa0eb82021-12-22 11:49:51.447root 11241100x80000000000000003859075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e3ffc09571bdac2021-12-22 11:49:51.447root 11241100x80000000000000003859076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa2d14941db16012021-12-22 11:49:51.448root 11241100x80000000000000003859077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2688ff628361663e2021-12-22 11:49:51.448root 11241100x80000000000000003859078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6729a8fc960dd5a2021-12-22 11:49:51.448root 11241100x80000000000000003859079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e312b5264c230de62021-12-22 11:49:51.448root 11241100x80000000000000003859080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7766b26dedc762ca2021-12-22 11:49:51.448root 11241100x80000000000000003859081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832f0099ada83ccd2021-12-22 11:49:51.448root 11241100x80000000000000003859082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5875d60dc066742021-12-22 11:49:51.449root 11241100x80000000000000003859083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c1f4b3e3698c502021-12-22 11:49:51.449root 11241100x80000000000000003859084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862d440822f32a832021-12-22 11:49:51.449root 11241100x80000000000000003859085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54efccb89b69768d2021-12-22 11:49:51.449root 11241100x80000000000000003859086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b724a633646fd4162021-12-22 11:49:51.449root 11241100x80000000000000003859087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1bb6071c0c08162021-12-22 11:49:51.449root 11241100x80000000000000003859088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7008b8cb3e2394e22021-12-22 11:49:51.449root 11241100x80000000000000003859089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3838d74ea54f682021-12-22 11:49:51.450root 11241100x80000000000000003859090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34271817da62586b2021-12-22 11:49:51.450root 11241100x80000000000000003859091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d61aa55e787ba4f2021-12-22 11:49:51.450root 11241100x80000000000000003859092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0dc670b21eead32021-12-22 11:49:51.450root 11241100x80000000000000003859093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e939c0ac7fee03182021-12-22 11:49:51.450root 11241100x80000000000000003859094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b19df4b3fcf8f902021-12-22 11:49:51.451root 11241100x80000000000000003859095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24b323e5d72dead2021-12-22 11:49:51.451root 11241100x80000000000000003859096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459759165b75374d2021-12-22 11:49:51.451root 11241100x80000000000000003859097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca09fb33a6e67d02021-12-22 11:49:51.451root 11241100x80000000000000003859098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a555949b793c92922021-12-22 11:49:51.451root 11241100x80000000000000003859099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84539174b8badc132021-12-22 11:49:51.452root 11241100x80000000000000003859100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d652cee26c883cca2021-12-22 11:49:51.452root 11241100x80000000000000003859101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1068e71393cd81e82021-12-22 11:49:51.452root 11241100x80000000000000003859102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fc4b671660fc142021-12-22 11:49:51.452root 11241100x80000000000000003859103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d760247ffc2576292021-12-22 11:49:51.452root 11241100x80000000000000003859104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2529421d54816532021-12-22 11:49:51.452root 11241100x80000000000000003859105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9ddf78b6d9a93a2021-12-22 11:49:51.453root 11241100x80000000000000003859106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c85a60a74c16c32021-12-22 11:49:51.453root 11241100x80000000000000003859107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b561f38effe0f9842021-12-22 11:49:51.453root 11241100x80000000000000003859108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d450b342ffec7e5d2021-12-22 11:49:51.453root 11241100x80000000000000003859109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f7b9a29e4ff32f2021-12-22 11:49:51.453root 11241100x80000000000000003859110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2c2186ef5c43ff2021-12-22 11:49:51.453root 11241100x80000000000000003859111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec48304898d127d2021-12-22 11:49:51.453root 11241100x80000000000000003859112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3db864e3eb3f7f2021-12-22 11:49:51.453root 11241100x80000000000000003859113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d591eff39b10e9422021-12-22 11:49:51.453root 11241100x80000000000000003859114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2d9745c6e6a53a2021-12-22 11:49:51.454root 11241100x80000000000000003859115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53f5378b0212f232021-12-22 11:49:51.454root 11241100x80000000000000003859116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f353edb7646016832021-12-22 11:49:51.454root 11241100x80000000000000003859117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4656b11f1bdecc022021-12-22 11:49:51.454root 11241100x80000000000000003859118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6540e0697a8df5182021-12-22 11:49:51.454root 11241100x80000000000000003859119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64720ffc96d64bd2021-12-22 11:49:51.454root 11241100x80000000000000003859120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93deb17162021af42021-12-22 11:49:51.454root 11241100x80000000000000003859121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b19371601b697a2021-12-22 11:49:51.454root 11241100x80000000000000003859122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f657b2518ea3092021-12-22 11:49:51.454root 11241100x80000000000000003859123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be408a3775a3d7ac2021-12-22 11:49:51.454root 11241100x80000000000000003859124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ab6f9e70f9aa1a2021-12-22 11:49:51.454root 11241100x80000000000000003859125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c69c10733905522021-12-22 11:49:51.455root 11241100x80000000000000003859126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04fc712b2e1af062021-12-22 11:49:51.455root 11241100x80000000000000003859127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc90a0244759a11c2021-12-22 11:49:51.943root 11241100x80000000000000003859128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69506ca5509ca7d02021-12-22 11:49:51.943root 11241100x80000000000000003859129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc6c17de5b684722021-12-22 11:49:51.943root 11241100x80000000000000003859130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e6bb7f15751fba2021-12-22 11:49:51.943root 11241100x80000000000000003859131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b5de31cfa02e432021-12-22 11:49:51.943root 11241100x80000000000000003859132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c21e71c22828f22021-12-22 11:49:51.943root 11241100x80000000000000003859133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb8778a91132cea2021-12-22 11:49:51.943root 11241100x80000000000000003859134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98400bb2651326132021-12-22 11:49:51.944root 11241100x80000000000000003859135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b52cba08e17ce52021-12-22 11:49:51.944root 11241100x80000000000000003859136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6039cb11fffb302021-12-22 11:49:51.944root 11241100x80000000000000003859137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f697be7138dcc74a2021-12-22 11:49:51.944root 11241100x80000000000000003859138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0da17da2a35ebd2021-12-22 11:49:51.944root 11241100x80000000000000003859139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46e1debf31fc25e2021-12-22 11:49:51.944root 11241100x80000000000000003859140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede4ce08e2e76e3a2021-12-22 11:49:51.944root 11241100x80000000000000003859141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d4a81d7c8ca7c82021-12-22 11:49:51.944root 11241100x80000000000000003859142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb45d89af8573612021-12-22 11:49:51.944root 11241100x80000000000000003859143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94e5af87732403f2021-12-22 11:49:51.944root 11241100x80000000000000003859144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af4e637cb1e33772021-12-22 11:49:51.944root 11241100x80000000000000003859145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1986f7ccd4b6a82021-12-22 11:49:51.945root 11241100x80000000000000003859146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459c454762e555c72021-12-22 11:49:51.945root 11241100x80000000000000003859147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a36912bf1203b732021-12-22 11:49:51.945root 11241100x80000000000000003859148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1fd64efcd066862021-12-22 11:49:51.945root 11241100x80000000000000003859149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e090e428f6171282021-12-22 11:49:51.945root 11241100x80000000000000003859150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c2bbf02a6bebb42021-12-22 11:49:51.945root 11241100x80000000000000003859151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45b18c8a8b6b7c82021-12-22 11:49:51.945root 11241100x80000000000000003859152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de79b0d57db314682021-12-22 11:49:51.946root 11241100x80000000000000003859153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0103f0c208183972021-12-22 11:49:51.946root 11241100x80000000000000003859154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242ce310598e848e2021-12-22 11:49:51.946root 11241100x80000000000000003859155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c756b05c4910bab2021-12-22 11:49:51.946root 11241100x80000000000000003859156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e79c07d927a99892021-12-22 11:49:51.946root 11241100x80000000000000003859157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5038e579ceeca62021-12-22 11:49:51.946root 11241100x80000000000000003859158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755a73b75f0296722021-12-22 11:49:51.946root 11241100x80000000000000003859159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba0640547ae47e02021-12-22 11:49:51.947root 11241100x80000000000000003859160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa8f88230cb75702021-12-22 11:49:51.947root 11241100x80000000000000003859161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd97646f61776272021-12-22 11:49:51.947root 11241100x80000000000000003859162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6fd2c4c9af84c522021-12-22 11:49:51.947root 11241100x80000000000000003859163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff33d3494261ecd62021-12-22 11:49:51.947root 11241100x80000000000000003859164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c543c2a7fc456012021-12-22 11:49:51.947root 11241100x80000000000000003859165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a51e584fa776de2021-12-22 11:49:51.947root 11241100x80000000000000003859166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08b5abd23a814992021-12-22 11:49:51.948root 11241100x80000000000000003859167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3239276aa6129e472021-12-22 11:49:51.948root 11241100x80000000000000003859168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ab62f418e32ca22021-12-22 11:49:51.948root 11241100x80000000000000003859169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec8d2c10d5ef2df2021-12-22 11:49:51.948root 11241100x80000000000000003859170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cdbe2618074c2572021-12-22 11:49:51.948root 11241100x80000000000000003859171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987d86d25059bd5a2021-12-22 11:49:51.948root 11241100x80000000000000003859172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5b225b91acb3ae2021-12-22 11:49:51.948root 11241100x80000000000000003859173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a23d95597cc09b12021-12-22 11:49:51.949root 11241100x80000000000000003859174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a542c811277c37572021-12-22 11:49:51.949root 11241100x80000000000000003859175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1409c209de265a6c2021-12-22 11:49:51.949root 11241100x80000000000000003859176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578793559d9365282021-12-22 11:49:51.949root 11241100x80000000000000003859177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75734b02a18c1d4a2021-12-22 11:49:51.949root 11241100x80000000000000003859178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b21f1ec0eba8712021-12-22 11:49:51.949root 11241100x80000000000000003859179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27183800a4dada6c2021-12-22 11:49:51.949root 11241100x80000000000000003859180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd245e370d7e70242021-12-22 11:49:51.950root 11241100x80000000000000003859181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09318fb480b9c3352021-12-22 11:49:51.950root 11241100x80000000000000003859182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39b43f6aaaa8f052021-12-22 11:49:51.950root 11241100x80000000000000003859183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c55789613b674b2021-12-22 11:49:51.950root 11241100x80000000000000003859184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765d6940e03b5f732021-12-22 11:49:51.950root 11241100x80000000000000003859185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96534d888ca96b3b2021-12-22 11:49:51.950root 11241100x80000000000000003859186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d28adee46046f5d2021-12-22 11:49:51.950root 11241100x80000000000000003859187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddce8e533f9ace192021-12-22 11:49:51.950root 11241100x80000000000000003859188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1705fbc1d29893442021-12-22 11:49:51.950root 11241100x80000000000000003859189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f23341c4ec73982021-12-22 11:49:51.950root 11241100x80000000000000003859190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b32b60d8650b122021-12-22 11:49:51.950root 11241100x80000000000000003859191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72a9ee037f591892021-12-22 11:49:51.950root 11241100x80000000000000003859192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a64cdfa1a079922021-12-22 11:49:51.951root 11241100x80000000000000003859193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1924186433c21ee2021-12-22 11:49:51.951root 11241100x80000000000000003859194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c129829bf68da312021-12-22 11:49:51.951root 11241100x80000000000000003859195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8145e4f6daf457082021-12-22 11:49:51.951root 11241100x80000000000000003859196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168690482794945b2021-12-22 11:49:51.951root 11241100x80000000000000003859197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5a3c38d7745fd42021-12-22 11:49:51.951root 11241100x80000000000000003859198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c09841fa79b51672021-12-22 11:49:51.951root 11241100x80000000000000003859199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9295ec3b96ebf2e92021-12-22 11:49:51.952root 11241100x80000000000000003859200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb91b4def764e8a42021-12-22 11:49:51.952root 11241100x80000000000000003859201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732f9afbd03763492021-12-22 11:49:51.952root 11241100x80000000000000003859202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6210c463d0ae9242021-12-22 11:49:51.952root 11241100x80000000000000003859203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb737c1f3e8045d2021-12-22 11:49:51.952root 11241100x80000000000000003859204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:51.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306c76d37beb35e52021-12-22 11:49:51.952root 154100x80000000000000003859205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.157{ec2b6afe-10e0-61c3-e031-b2a2bb550000}19102/bin/chmod-----chmod 777 run_hook.sh/home/ubuntuubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 534500x80000000000000003859206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.158{ec2b6afe-10e0-61c3-e031-b2a2bb550000}19102/bin/chmodubuntu 11241100x80000000000000003859207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad4b5273e8801e42021-12-22 11:49:52.443root 11241100x80000000000000003859208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61100d9d9925a7fc2021-12-22 11:49:52.443root 11241100x80000000000000003859209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc6800913fcef282021-12-22 11:49:52.443root 11241100x80000000000000003859210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a17f17582fa6852021-12-22 11:49:52.443root 11241100x80000000000000003859211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.facce72235076ee12021-12-22 11:49:52.444root 11241100x80000000000000003859212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83535a02a33ce15a2021-12-22 11:49:52.444root 11241100x80000000000000003859213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9895168df4833c2021-12-22 11:49:52.444root 11241100x80000000000000003859214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84b1eb0bebd15922021-12-22 11:49:52.444root 11241100x80000000000000003859215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f77e3a2a14e2c02021-12-22 11:49:52.444root 11241100x80000000000000003859216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd610d642d501fc92021-12-22 11:49:52.444root 11241100x80000000000000003859217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b119a69b6491902021-12-22 11:49:52.444root 11241100x80000000000000003859218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7535ae78a7174d52021-12-22 11:49:52.444root 11241100x80000000000000003859219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ae64a033eb94ac2021-12-22 11:49:52.444root 11241100x80000000000000003859220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435fa3b1f6c2e7a62021-12-22 11:49:52.444root 11241100x80000000000000003859221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0519a3b46f53df922021-12-22 11:49:52.444root 11241100x80000000000000003859222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed01afa5b00a5f72021-12-22 11:49:52.445root 11241100x80000000000000003859223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2900bb481c81b8542021-12-22 11:49:52.445root 11241100x80000000000000003859224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8479a186319d3e2021-12-22 11:49:52.445root 11241100x80000000000000003859225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f338c1bbc395c9632021-12-22 11:49:52.445root 11241100x80000000000000003859226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bede092e8c863b0f2021-12-22 11:49:52.445root 11241100x80000000000000003859227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102cdd6d054b47fd2021-12-22 11:49:52.445root 11241100x80000000000000003859228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3feea2be2757cb522021-12-22 11:49:52.445root 11241100x80000000000000003859229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a7d169242ecc522021-12-22 11:49:52.445root 11241100x80000000000000003859230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2ad592935b39d32021-12-22 11:49:52.445root 11241100x80000000000000003859231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a9e3f90a367d932021-12-22 11:49:52.446root 11241100x80000000000000003859232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c79add8f88db5ac2021-12-22 11:49:52.446root 11241100x80000000000000003859233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bbb7b4a91df8b9d2021-12-22 11:49:52.446root 11241100x80000000000000003859234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9322da625c1015e2021-12-22 11:49:52.446root 11241100x80000000000000003859235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b15f30e5e3002b02021-12-22 11:49:52.446root 11241100x80000000000000003859236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148d44bd2e8e54f02021-12-22 11:49:52.446root 11241100x80000000000000003859237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcdc5db0db7b52132021-12-22 11:49:52.446root 11241100x80000000000000003859238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbdfa4c755c1d9ac2021-12-22 11:49:52.446root 11241100x80000000000000003859239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9259a2195c4e902021-12-22 11:49:52.446root 11241100x80000000000000003859240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf03af501042c2e2021-12-22 11:49:52.446root 11241100x80000000000000003859241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4015c9e127fa78c62021-12-22 11:49:52.446root 11241100x80000000000000003859242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6701ac20191d67bd2021-12-22 11:49:52.447root 11241100x80000000000000003859243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb3acf8a2688d3f2021-12-22 11:49:52.447root 11241100x80000000000000003859244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21369249337e21b82021-12-22 11:49:52.447root 11241100x80000000000000003859245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3404ac0fc04b8fbc2021-12-22 11:49:52.447root 11241100x80000000000000003859246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e553aea02a29a57e2021-12-22 11:49:52.447root 11241100x80000000000000003859247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219f17a22aea64672021-12-22 11:49:52.447root 11241100x80000000000000003859248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d4e8a8e2c9b3ca2021-12-22 11:49:52.447root 11241100x80000000000000003859249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4b4352da357d7b2021-12-22 11:49:52.447root 11241100x80000000000000003859250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d66b71b5164da92021-12-22 11:49:52.447root 11241100x80000000000000003859251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336915c15792769a2021-12-22 11:49:52.447root 11241100x80000000000000003859252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5267e2ba53524c12021-12-22 11:49:52.447root 11241100x80000000000000003859253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183fd927598a776c2021-12-22 11:49:52.447root 11241100x80000000000000003859254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123c5dea6cbda3fe2021-12-22 11:49:52.447root 11241100x80000000000000003859255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d9f842250ca3042021-12-22 11:49:52.447root 11241100x80000000000000003859256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a40ba05cc0660b82021-12-22 11:49:52.448root 11241100x80000000000000003859257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c857dc33de53ef72021-12-22 11:49:52.448root 11241100x80000000000000003859258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406da0378d47edc22021-12-22 11:49:52.448root 11241100x80000000000000003859259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7fc6b83ee830d52021-12-22 11:49:52.448root 11241100x80000000000000003859260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e302a888a888f52021-12-22 11:49:52.448root 11241100x80000000000000003859261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416d5a117eebcb692021-12-22 11:49:52.448root 11241100x80000000000000003859262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cf6d09d3a7b6372021-12-22 11:49:52.448root 11241100x80000000000000003859263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1cff8990975f532021-12-22 11:49:52.448root 11241100x80000000000000003859264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce3c4bbf6f2ce522021-12-22 11:49:52.448root 11241100x80000000000000003859265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903095c59f42076e2021-12-22 11:49:52.448root 11241100x80000000000000003859266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb013f5c1a6a4502021-12-22 11:49:52.448root 11241100x80000000000000003859267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d47bba67bfad21a2021-12-22 11:49:52.448root 11241100x80000000000000003859268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e6f4eefa7d8f262021-12-22 11:49:52.448root 11241100x80000000000000003859269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071c7484c06365fe2021-12-22 11:49:52.448root 11241100x80000000000000003859270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77702395f7a5bfc2021-12-22 11:49:52.449root 11241100x80000000000000003859271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a806cd3e4bded02021-12-22 11:49:52.449root 11241100x80000000000000003859272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd26aab230d2c3d2021-12-22 11:49:52.449root 11241100x80000000000000003859273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b62964f466cb992021-12-22 11:49:52.449root 11241100x80000000000000003859274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b7f1dc67e2c34a2021-12-22 11:49:52.450root 11241100x80000000000000003859275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066269d491623cc92021-12-22 11:49:52.452root 11241100x80000000000000003859276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1bc8aef07cb46f2021-12-22 11:49:52.452root 11241100x80000000000000003859277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1ebbeaad75138a2021-12-22 11:49:52.452root 11241100x80000000000000003859278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df49a054dab99c42021-12-22 11:49:52.452root 11241100x80000000000000003859279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60001617e05816b92021-12-22 11:49:52.452root 11241100x80000000000000003859280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29d85bd5b995c6c2021-12-22 11:49:52.452root 11241100x80000000000000003859281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8d744936e892272021-12-22 11:49:52.452root 11241100x80000000000000003859282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95992cc78b8333592021-12-22 11:49:52.452root 11241100x80000000000000003859283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a4dd8b0d8f8bc92021-12-22 11:49:52.454root 11241100x80000000000000003859284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ede0983ef11cdf2021-12-22 11:49:52.454root 11241100x80000000000000003859285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a966e32ff034ad2021-12-22 11:49:52.455root 11241100x80000000000000003859286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae1aa5d622914322021-12-22 11:49:52.455root 11241100x80000000000000003859287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20fd1d1a281b6cb2021-12-22 11:49:52.455root 11241100x80000000000000003859288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b5f02b26517d6e2021-12-22 11:49:52.455root 11241100x80000000000000003859289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a94571dd04f9972021-12-22 11:49:52.455root 11241100x80000000000000003859290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4a9af97c15e2f02021-12-22 11:49:52.455root 11241100x80000000000000003859291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63c1988865148f22021-12-22 11:49:52.455root 11241100x80000000000000003859292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55d7adc4e1fd9cf2021-12-22 11:49:52.455root 11241100x80000000000000003859293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2312415b0c6f94af2021-12-22 11:49:52.455root 11241100x80000000000000003859294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4d90bcd8bf17152021-12-22 11:49:52.456root 11241100x80000000000000003859295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48fa4e9889cccac2021-12-22 11:49:52.456root 11241100x80000000000000003859296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77db81d72072b1502021-12-22 11:49:52.456root 11241100x80000000000000003859297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e84204c3bbaed952021-12-22 11:49:52.456root 11241100x80000000000000003859298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1268d0c7f73d7212021-12-22 11:49:52.456root 11241100x80000000000000003859299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02413db6a741ab82021-12-22 11:49:52.456root 11241100x80000000000000003859300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d6e3b3ff8e0bb12021-12-22 11:49:52.456root 11241100x80000000000000003859301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f818d37e904e552021-12-22 11:49:52.456root 11241100x80000000000000003859302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf384cb011f3b5a2021-12-22 11:49:52.456root 11241100x80000000000000003859303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ffed476d0505472021-12-22 11:49:52.459root 11241100x80000000000000003859304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55889eaea0ebf2bf2021-12-22 11:49:52.459root 11241100x80000000000000003859305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177270ea8f848b412021-12-22 11:49:52.460root 11241100x80000000000000003859306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0356224f564126682021-12-22 11:49:52.460root 11241100x80000000000000003859307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0682887b2e31d32021-12-22 11:49:52.460root 11241100x80000000000000003859308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac6a2c32b1ea9e92021-12-22 11:49:52.460root 11241100x80000000000000003859309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf85b3466b182992021-12-22 11:49:52.462root 11241100x80000000000000003859310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d901eab573ac18b2021-12-22 11:49:52.462root 11241100x80000000000000003859311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93763a01f3de7bd82021-12-22 11:49:52.462root 11241100x80000000000000003859312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9c47ce48a3696d2021-12-22 11:49:52.465root 11241100x80000000000000003859313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d5e5134c0b349d2021-12-22 11:49:52.465root 11241100x80000000000000003859314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da6ced3c37415802021-12-22 11:49:52.466root 11241100x80000000000000003859315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e14ae2221af806c2021-12-22 11:49:52.466root 11241100x80000000000000003859316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f33eac41de841382021-12-22 11:49:52.466root 11241100x80000000000000003859317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4935e6e8c63838332021-12-22 11:49:52.466root 11241100x80000000000000003859318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2627b4fef60a88712021-12-22 11:49:52.467root 11241100x80000000000000003859319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b9d48cececd3d32021-12-22 11:49:52.469root 11241100x80000000000000003859320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e31fe7565fd5dd22021-12-22 11:49:52.469root 11241100x80000000000000003859321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfdbbdd4e46dbcf32021-12-22 11:49:52.469root 11241100x80000000000000003859322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0bac3d2734146e62021-12-22 11:49:52.469root 11241100x80000000000000003859323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e1d65a64da020e2021-12-22 11:49:52.469root 11241100x80000000000000003859324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a26930f4fe5c482021-12-22 11:49:52.470root 11241100x80000000000000003859325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd11a9061f1b2742021-12-22 11:49:52.470root 11241100x80000000000000003859326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0acd80543a28bec2021-12-22 11:49:52.470root 11241100x80000000000000003859327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b557ea997507b49c2021-12-22 11:49:52.470root 11241100x80000000000000003859328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e675ac7fb513352021-12-22 11:49:52.470root 11241100x80000000000000003859329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d16df975ebd1112021-12-22 11:49:52.471root 11241100x80000000000000003859330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f08eb7ae1b8f9232021-12-22 11:49:52.471root 11241100x80000000000000003859331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bbf750b16457ca2021-12-22 11:49:52.471root 11241100x80000000000000003859332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3d89317f287a062021-12-22 11:49:52.471root 11241100x80000000000000003859333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.472{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0f715a8757db6e2021-12-22 11:49:52.472root 11241100x80000000000000003859334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.472{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05e9656baeadcba2021-12-22 11:49:52.472root 11241100x80000000000000003859335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.472{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc5a677a4862e762021-12-22 11:49:52.472root 11241100x80000000000000003859336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.472{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15dda03c17c760272021-12-22 11:49:52.472root 11241100x80000000000000003859337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.472{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228fb5c70250ca602021-12-22 11:49:52.472root 11241100x80000000000000003859338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.472{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92cbf68094bfeec12021-12-22 11:49:52.472root 11241100x80000000000000003859339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f23800f5c0e35372021-12-22 11:49:52.943root 11241100x80000000000000003859340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1225ceeee6f3ae0d2021-12-22 11:49:52.943root 11241100x80000000000000003859341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eecb696cf9645c42021-12-22 11:49:52.943root 11241100x80000000000000003859342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2401eea5b1cef82e2021-12-22 11:49:52.943root 11241100x80000000000000003859343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b52c44583c67582021-12-22 11:49:52.943root 11241100x80000000000000003859344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c9654b0df4b48e2021-12-22 11:49:52.943root 11241100x80000000000000003859345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23a472320e8b8fa2021-12-22 11:49:52.943root 11241100x80000000000000003859346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e546ed79bf39d4a72021-12-22 11:49:52.944root 11241100x80000000000000003859347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e928ff098fa0973d2021-12-22 11:49:52.944root 11241100x80000000000000003859348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7b50b495192a642021-12-22 11:49:52.944root 11241100x80000000000000003859349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b60b1d9cd3d30c2021-12-22 11:49:52.944root 11241100x80000000000000003859350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84665e3a706e7b742021-12-22 11:49:52.944root 11241100x80000000000000003859351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83845dfdb5fca0252021-12-22 11:49:52.944root 11241100x80000000000000003859352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c56b593adad2c3f2021-12-22 11:49:52.944root 11241100x80000000000000003859353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc8a57efb1b4a0d2021-12-22 11:49:52.944root 11241100x80000000000000003859354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcff6bbd3fbcc2582021-12-22 11:49:52.945root 11241100x80000000000000003859355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65340dfb0b3138712021-12-22 11:49:52.945root 11241100x80000000000000003859356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd308b6e34a852c12021-12-22 11:49:52.945root 11241100x80000000000000003859357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df413de830870e342021-12-22 11:49:52.945root 11241100x80000000000000003859358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be630225a3998502021-12-22 11:49:52.945root 11241100x80000000000000003859359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a8bee176ef08f72021-12-22 11:49:52.945root 11241100x80000000000000003859360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464122c1e650eb782021-12-22 11:49:52.945root 11241100x80000000000000003859361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdde846098c8cf9f2021-12-22 11:49:52.945root 11241100x80000000000000003859362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd254943f248b0472021-12-22 11:49:52.946root 11241100x80000000000000003859363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c115346df7d68ff2021-12-22 11:49:52.946root 11241100x80000000000000003859364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c750335820814d2021-12-22 11:49:52.946root 11241100x80000000000000003859365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f9be0709eb547f2021-12-22 11:49:52.946root 11241100x80000000000000003859366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a62b72eec9d97db2021-12-22 11:49:52.946root 11241100x80000000000000003859367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3eaaf496534e9c62021-12-22 11:49:52.946root 11241100x80000000000000003859368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33f1207223b2b732021-12-22 11:49:52.946root 11241100x80000000000000003859369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f622b405a1552a352021-12-22 11:49:52.946root 11241100x80000000000000003859370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfe0b15ce5618362021-12-22 11:49:52.947root 11241100x80000000000000003859371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012a8630e18a31352021-12-22 11:49:52.947root 11241100x80000000000000003859372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b196e771645860752021-12-22 11:49:52.947root 11241100x80000000000000003859373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cb79ce83de1f522021-12-22 11:49:52.947root 11241100x80000000000000003859374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439dcf4e9df32c302021-12-22 11:49:52.947root 11241100x80000000000000003859375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c045f3809071f52021-12-22 11:49:52.947root 11241100x80000000000000003859376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ce2bab849472312021-12-22 11:49:52.947root 11241100x80000000000000003859377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893bfcac0e9474842021-12-22 11:49:52.947root 11241100x80000000000000003859378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b210e61f082fd6da2021-12-22 11:49:52.948root 11241100x80000000000000003859379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a66c280a3094c72021-12-22 11:49:52.948root 11241100x80000000000000003859380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ba47a796b389fd2021-12-22 11:49:52.948root 11241100x80000000000000003859381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73db60ca2b7c7de32021-12-22 11:49:52.948root 11241100x80000000000000003859382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45b1d4d159901312021-12-22 11:49:52.948root 11241100x80000000000000003859383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4bbbb8c7ec7bcd2021-12-22 11:49:52.948root 11241100x80000000000000003859384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b74eb56a46608312021-12-22 11:49:52.948root 11241100x80000000000000003859385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27547448056f5352021-12-22 11:49:52.948root 11241100x80000000000000003859386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c17ac80d6ba8f22021-12-22 11:49:52.949root 11241100x80000000000000003859387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e50564d0fb207a2021-12-22 11:49:52.949root 11241100x80000000000000003859388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f315e3cbe40843b02021-12-22 11:49:52.949root 11241100x80000000000000003859389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35aab531f8889f602021-12-22 11:49:52.949root 11241100x80000000000000003859390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3c32c2f6995bb12021-12-22 11:49:52.949root 11241100x80000000000000003859391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5fd31cd3f181cf2021-12-22 11:49:52.949root 11241100x80000000000000003859392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef936c92bf838e72021-12-22 11:49:52.949root 11241100x80000000000000003859393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78070d9b9bc2edb2021-12-22 11:49:52.950root 11241100x80000000000000003859394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:52.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab5a39f2b0583652021-12-22 11:49:52.950root 11241100x80000000000000003859395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e7e377c11a6e472021-12-22 11:49:53.443root 11241100x80000000000000003859396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810400516a8e94bb2021-12-22 11:49:53.443root 11241100x80000000000000003859397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03537780b62059882021-12-22 11:49:53.443root 11241100x80000000000000003859398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8411f88cfb2201572021-12-22 11:49:53.443root 11241100x80000000000000003859399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d40caeff97f19d2021-12-22 11:49:53.443root 11241100x80000000000000003859400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9452c2f8e18ded6b2021-12-22 11:49:53.443root 11241100x80000000000000003859401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64966e3ee16f2a482021-12-22 11:49:53.443root 11241100x80000000000000003859402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b36dced713bf3242021-12-22 11:49:53.444root 11241100x80000000000000003859403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f9e10781a6fc5e2021-12-22 11:49:53.444root 11241100x80000000000000003859404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca6d26eeb105a962021-12-22 11:49:53.444root 11241100x80000000000000003859405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0da859500d3b2f32021-12-22 11:49:53.444root 11241100x80000000000000003859406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4edbe01c6833cc2021-12-22 11:49:53.444root 11241100x80000000000000003859407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36356dd8a61f057e2021-12-22 11:49:53.444root 11241100x80000000000000003859408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e243f674e25cf2bb2021-12-22 11:49:53.444root 11241100x80000000000000003859409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a370f65d3cb5064a2021-12-22 11:49:53.444root 11241100x80000000000000003859410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d6813b2f9903512021-12-22 11:49:53.444root 11241100x80000000000000003859411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7030b07c5a8078df2021-12-22 11:49:53.444root 11241100x80000000000000003859412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c84bd027a6d7072021-12-22 11:49:53.445root 11241100x80000000000000003859413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b918cd60413ba92021-12-22 11:49:53.445root 11241100x80000000000000003859414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea77d75832ee599f2021-12-22 11:49:53.445root 11241100x80000000000000003859415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c296b723707d97aa2021-12-22 11:49:53.445root 11241100x80000000000000003859416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2c3b99ba72d5f82021-12-22 11:49:53.445root 11241100x80000000000000003859417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55798055213896f42021-12-22 11:49:53.445root 11241100x80000000000000003859418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb5f2a92d4ed26e2021-12-22 11:49:53.445root 11241100x80000000000000003859419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8ab53ad862588b2021-12-22 11:49:53.445root 11241100x80000000000000003859420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5fafc3b83377c62021-12-22 11:49:53.446root 11241100x80000000000000003859421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48adbfd37028672e2021-12-22 11:49:53.446root 11241100x80000000000000003859422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3914049ba77c5592021-12-22 11:49:53.446root 11241100x80000000000000003859423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253270f9990b0b682021-12-22 11:49:53.446root 11241100x80000000000000003859424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2269fbbb8b741c82021-12-22 11:49:53.446root 11241100x80000000000000003859425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57281f78890bb552021-12-22 11:49:53.446root 11241100x80000000000000003859426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b640e8e4ddd1581b2021-12-22 11:49:53.446root 11241100x80000000000000003859427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df9be72d957a54a2021-12-22 11:49:53.446root 11241100x80000000000000003859428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e449ec0399fe0c2021-12-22 11:49:53.446root 11241100x80000000000000003859429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d94ce3fec09d8f2021-12-22 11:49:53.447root 11241100x80000000000000003859430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43569a6b690a1a002021-12-22 11:49:53.447root 11241100x80000000000000003859431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891d526ac736e76d2021-12-22 11:49:53.447root 11241100x80000000000000003859432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b144f89d1f981d2021-12-22 11:49:53.447root 11241100x80000000000000003859433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc90b3c546818a562021-12-22 11:49:53.447root 11241100x80000000000000003859434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d1f43538f77abf2021-12-22 11:49:53.447root 11241100x80000000000000003859435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a94ac59f18071f2021-12-22 11:49:53.447root 11241100x80000000000000003859436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7020f4dfee458a2021-12-22 11:49:53.447root 11241100x80000000000000003859437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb7c6f53bf332172021-12-22 11:49:53.448root 11241100x80000000000000003859438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b680f6d1380c0f362021-12-22 11:49:53.448root 11241100x80000000000000003859439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a5f53406ca97122021-12-22 11:49:53.448root 11241100x80000000000000003859440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91db3216f46f04602021-12-22 11:49:53.448root 11241100x80000000000000003859441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b1dc90d6f1948e2021-12-22 11:49:53.448root 11241100x80000000000000003859442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e14216c84247c0b2021-12-22 11:49:53.448root 11241100x80000000000000003859443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e44aa47dd13a142021-12-22 11:49:53.448root 11241100x80000000000000003859444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c627d448daf5a772021-12-22 11:49:53.448root 11241100x80000000000000003859445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2988573ad5bb38a12021-12-22 11:49:53.448root 11241100x80000000000000003859446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c694fb972d0291152021-12-22 11:49:53.448root 11241100x80000000000000003859447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51605e4a4c6515092021-12-22 11:49:53.449root 11241100x80000000000000003859448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11397a59e58fd602021-12-22 11:49:53.449root 11241100x80000000000000003859449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df18d3184e0cf3d2021-12-22 11:49:53.449root 11241100x80000000000000003859450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef509ac2d96197e2021-12-22 11:49:53.449root 11241100x80000000000000003859451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8361203da42d9012021-12-22 11:49:53.449root 11241100x80000000000000003859452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f76f7c83e674de2021-12-22 11:49:53.449root 11241100x80000000000000003859453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3dff12b97073f712021-12-22 11:49:53.449root 11241100x80000000000000003859454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2380bb51d2bc1b582021-12-22 11:49:53.449root 11241100x80000000000000003859455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58259a6834cdde002021-12-22 11:49:53.450root 11241100x80000000000000003859456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8a921e4155e3842021-12-22 11:49:53.450root 11241100x80000000000000003859457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faffbb0da41591462021-12-22 11:49:53.450root 11241100x80000000000000003859458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23741c132dec3d9b2021-12-22 11:49:53.450root 11241100x80000000000000003859459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1262f547ce8ac2622021-12-22 11:49:53.450root 11241100x80000000000000003859460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923686eb8c6b4f9f2021-12-22 11:49:53.450root 11241100x80000000000000003859461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec47ce64ae4097e2021-12-22 11:49:53.450root 11241100x80000000000000003859462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5b1e00d08105542021-12-22 11:49:53.450root 11241100x80000000000000003859463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74b4f2ceac07a6d2021-12-22 11:49:53.450root 11241100x80000000000000003859464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf4b76581b6e71f2021-12-22 11:49:53.450root 11241100x80000000000000003859465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c7392bf46f58372021-12-22 11:49:53.451root 11241100x80000000000000003859466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a5f0e0f352be372021-12-22 11:49:53.451root 11241100x80000000000000003859467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da59ed4517b88492021-12-22 11:49:53.451root 11241100x80000000000000003859468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61978d4bc87fd9e2021-12-22 11:49:53.451root 11241100x80000000000000003859469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29dcf5d2995b226f2021-12-22 11:49:53.451root 11241100x80000000000000003859470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c459660ecddb47422021-12-22 11:49:53.451root 11241100x80000000000000003859471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2766f5126ffb7a772021-12-22 11:49:53.451root 11241100x80000000000000003859472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb282d308da67db2021-12-22 11:49:53.452root 11241100x80000000000000003859473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635119638b8a35572021-12-22 11:49:53.452root 11241100x80000000000000003859474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96eea5a740f1f8d2021-12-22 11:49:53.452root 11241100x80000000000000003859475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7f28138360687e2021-12-22 11:49:53.452root 11241100x80000000000000003859476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026e172d7d83a1892021-12-22 11:49:53.453root 11241100x80000000000000003859477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a30833ba0561952021-12-22 11:49:53.453root 11241100x80000000000000003859478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a38e22596d4206b2021-12-22 11:49:53.453root 11241100x80000000000000003859479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28181267b9e1f9462021-12-22 11:49:53.453root 11241100x80000000000000003859480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b37cea071facb32021-12-22 11:49:53.453root 11241100x80000000000000003859481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b68b8e335cba5d2021-12-22 11:49:53.454root 11241100x80000000000000003859482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0cebd8a32aa215e2021-12-22 11:49:53.454root 11241100x80000000000000003859483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4de7a1d22162f532021-12-22 11:49:53.454root 11241100x80000000000000003859484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c853b6b3ec22f72021-12-22 11:49:53.455root 11241100x80000000000000003859485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94cefea7ffb17de42021-12-22 11:49:53.455root 11241100x80000000000000003859486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78416b9de7ff4e92021-12-22 11:49:53.455root 11241100x80000000000000003859487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed10bdfa8ad34712021-12-22 11:49:53.455root 11241100x80000000000000003859488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df516f77415b8a172021-12-22 11:49:53.456root 11241100x80000000000000003859489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80702a09311b31d22021-12-22 11:49:53.456root 11241100x80000000000000003859490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa848102f51466a2021-12-22 11:49:53.456root 11241100x80000000000000003859491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff5f9eec9fa774c2021-12-22 11:49:53.456root 11241100x80000000000000003859492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b24b213de5abc12021-12-22 11:49:53.456root 11241100x80000000000000003859493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5292fed680dfd622021-12-22 11:49:53.456root 11241100x80000000000000003859494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d210206cd3b82d82021-12-22 11:49:53.456root 11241100x80000000000000003859495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338c3e441e1d7ea22021-12-22 11:49:53.456root 11241100x80000000000000003859496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0097d0f10f1131362021-12-22 11:49:53.456root 11241100x80000000000000003859497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbc017c4751f8262021-12-22 11:49:53.457root 11241100x80000000000000003859498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb012cd544be0282021-12-22 11:49:53.457root 11241100x80000000000000003859499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d1e5cc3ab29c062021-12-22 11:49:53.457root 11241100x80000000000000003859500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b69124d71dc1cb72021-12-22 11:49:53.457root 11241100x80000000000000003859501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c9069d7b6c9aa82021-12-22 11:49:53.457root 11241100x80000000000000003859502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece60d96576865f42021-12-22 11:49:53.457root 11241100x80000000000000003859503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c240f8a175c719722021-12-22 11:49:53.457root 11241100x80000000000000003859504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1977dcc491a0dcc2021-12-22 11:49:53.457root 11241100x80000000000000003859505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62d82b20ebb1ed22021-12-22 11:49:53.458root 11241100x80000000000000003859506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c722fa8af1bc8b942021-12-22 11:49:53.458root 11241100x80000000000000003859507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e97b2fbaa0025292021-12-22 11:49:53.458root 11241100x80000000000000003859508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80e6cbf2acfe9612021-12-22 11:49:53.458root 11241100x80000000000000003859509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b591448a0bc2e02021-12-22 11:49:53.458root 11241100x80000000000000003859510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09d7a64eeb74a762021-12-22 11:49:53.458root 11241100x80000000000000003859511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fcbdb4f954889232021-12-22 11:49:53.458root 11241100x80000000000000003859512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582fb5b6090765012021-12-22 11:49:53.458root 11241100x80000000000000003859513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255697ab278072272021-12-22 11:49:53.458root 11241100x80000000000000003859514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c454dad9ad4feb62021-12-22 11:49:53.458root 11241100x80000000000000003859515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc87b18bb541430a2021-12-22 11:49:53.459root 11241100x80000000000000003859516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9f208b19624b7c2021-12-22 11:49:53.459root 11241100x80000000000000003859517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463998d00c81a9492021-12-22 11:49:53.459root 11241100x80000000000000003859518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4daa398636d4b72021-12-22 11:49:53.459root 11241100x80000000000000003859519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76cf1b6c9df480e2021-12-22 11:49:53.459root 11241100x80000000000000003859520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceaa005a60ea93822021-12-22 11:49:53.459root 11241100x80000000000000003859521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22202770ab9882532021-12-22 11:49:53.459root 11241100x80000000000000003859522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa2622fe550e3002021-12-22 11:49:53.459root 11241100x80000000000000003859523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3183234b55165d6d2021-12-22 11:49:53.459root 11241100x80000000000000003859524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7c17703b26e2042021-12-22 11:49:53.460root 11241100x80000000000000003859525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9378b15b287ea8c2021-12-22 11:49:53.460root 11241100x80000000000000003859526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2802552a11c264452021-12-22 11:49:53.460root 11241100x80000000000000003859527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3ccfacafabd1002021-12-22 11:49:53.460root 11241100x80000000000000003859528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6255da157cf1e42021-12-22 11:49:53.460root 11241100x80000000000000003859529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26dbac76340a8bdf2021-12-22 11:49:53.460root 11241100x80000000000000003859530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef9b33bd896eccc2021-12-22 11:49:53.460root 11241100x80000000000000003859531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286a7c4b20bd5f432021-12-22 11:49:53.460root 11241100x80000000000000003859532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5cf570b1f1e09a2021-12-22 11:49:53.460root 11241100x80000000000000003859533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85244a9b3e7a982f2021-12-22 11:49:53.461root 11241100x80000000000000003859534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3a83a436aa46472021-12-22 11:49:53.461root 11241100x80000000000000003859535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c554f3beca55ec812021-12-22 11:49:53.943root 11241100x80000000000000003859536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ebfba42e61cf9562021-12-22 11:49:53.943root 11241100x80000000000000003859537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265a3756fdd309072021-12-22 11:49:53.944root 11241100x80000000000000003859538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f55ebf2a192c8ed2021-12-22 11:49:53.944root 11241100x80000000000000003859539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eedfb4c58a1d09b2021-12-22 11:49:53.944root 11241100x80000000000000003859540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2846b6e81cce9b962021-12-22 11:49:53.944root 11241100x80000000000000003859541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6084faf6398c0d562021-12-22 11:49:53.944root 11241100x80000000000000003859542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42da2ec7e8481b342021-12-22 11:49:53.944root 11241100x80000000000000003859543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4976052dc65815a2021-12-22 11:49:53.944root 11241100x80000000000000003859544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef2acfb22686d2a2021-12-22 11:49:53.944root 11241100x80000000000000003859545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91fa62445b3114602021-12-22 11:49:53.944root 11241100x80000000000000003859546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75914f2cc4384b7c2021-12-22 11:49:53.944root 11241100x80000000000000003859547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd42105dc0e962672021-12-22 11:49:53.944root 11241100x80000000000000003859548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7501933d0dd9cc2021-12-22 11:49:53.945root 11241100x80000000000000003859549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5be9f217e6d1ff2021-12-22 11:49:53.945root 11241100x80000000000000003859550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5ff078318997ea2021-12-22 11:49:53.945root 11241100x80000000000000003859551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb88083e8fcd9632021-12-22 11:49:53.945root 11241100x80000000000000003859552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a766c341754324532021-12-22 11:49:53.945root 11241100x80000000000000003859553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ed6473a362b4792021-12-22 11:49:53.945root 11241100x80000000000000003859554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec058331d91e97832021-12-22 11:49:53.945root 11241100x80000000000000003859555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774d20e83542ad4b2021-12-22 11:49:53.945root 11241100x80000000000000003859556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0167b53068449702021-12-22 11:49:53.945root 11241100x80000000000000003859557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abffda80001c35352021-12-22 11:49:53.945root 11241100x80000000000000003859558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b90770569865ee2021-12-22 11:49:53.945root 11241100x80000000000000003859559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b900530274355b8f2021-12-22 11:49:53.946root 11241100x80000000000000003859560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43647ca9781d5362021-12-22 11:49:53.946root 11241100x80000000000000003859561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54673fb15ebb14f72021-12-22 11:49:53.946root 11241100x80000000000000003859562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd027d11b589ea102021-12-22 11:49:53.946root 11241100x80000000000000003859563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b1be74ae13090a2021-12-22 11:49:53.946root 11241100x80000000000000003859564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c696b8ad4730602021-12-22 11:49:53.946root 11241100x80000000000000003859565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace565c5166168e32021-12-22 11:49:53.946root 11241100x80000000000000003859566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4749a562cf4d7ee62021-12-22 11:49:53.946root 11241100x80000000000000003859567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae03913cdad4ae982021-12-22 11:49:53.946root 11241100x80000000000000003859568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6099e11b72bee2742021-12-22 11:49:53.946root 11241100x80000000000000003859569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92068935e15a89fb2021-12-22 11:49:53.946root 11241100x80000000000000003859570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a705529d82149c812021-12-22 11:49:53.946root 11241100x80000000000000003859571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6534ee07ce2c337a2021-12-22 11:49:53.947root 11241100x80000000000000003859572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ebe866797c0bd1f2021-12-22 11:49:53.947root 11241100x80000000000000003859573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4502fcff807ff062021-12-22 11:49:53.947root 11241100x80000000000000003859574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03b3877b42566fa2021-12-22 11:49:53.947root 11241100x80000000000000003859575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb499b75c09b4bf2021-12-22 11:49:53.947root 11241100x80000000000000003859576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4d5795b29562e32021-12-22 11:49:53.947root 11241100x80000000000000003859577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a843e020d5e3862021-12-22 11:49:53.948root 11241100x80000000000000003859578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770eb230f62706de2021-12-22 11:49:53.948root 11241100x80000000000000003859579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae757ecd314687f2021-12-22 11:49:53.948root 11241100x80000000000000003859580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a525967804706af22021-12-22 11:49:53.948root 11241100x80000000000000003859581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e2e11b390ad5d52021-12-22 11:49:53.948root 11241100x80000000000000003859582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2948bea7fed9c92021-12-22 11:49:53.948root 11241100x80000000000000003859583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe42af8a112ef9282021-12-22 11:49:53.948root 11241100x80000000000000003859584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6e944fa25db1da2021-12-22 11:49:53.948root 11241100x80000000000000003859585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2ad02db6cdc0d52021-12-22 11:49:53.948root 11241100x80000000000000003859586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e157bf42f6d5772021-12-22 11:49:53.949root 11241100x80000000000000003859587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b743c8c86c49c82021-12-22 11:49:53.949root 11241100x80000000000000003859588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72120a0f63c1d34e2021-12-22 11:49:53.949root 11241100x80000000000000003859589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296c9f2ed5fbad012021-12-22 11:49:53.949root 11241100x80000000000000003859590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d99c53547ca05f2021-12-22 11:49:53.949root 11241100x80000000000000003859591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276b50b358560bea2021-12-22 11:49:53.949root 11241100x80000000000000003859592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22676597585b3a92021-12-22 11:49:53.949root 11241100x80000000000000003859593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e36faf762c7bd92021-12-22 11:49:53.949root 11241100x80000000000000003859594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059d52a067bd491b2021-12-22 11:49:53.950root 11241100x80000000000000003859595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:53.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e5e1f6d874085f2021-12-22 11:49:53.950root 11241100x80000000000000003859596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2d83a1c027ac752021-12-22 11:49:54.443root 11241100x80000000000000003859597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f5a9a8b54c0ef22021-12-22 11:49:54.443root 11241100x80000000000000003859598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d999003e858b56c2021-12-22 11:49:54.443root 11241100x80000000000000003859599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50abfd07cc4660352021-12-22 11:49:54.444root 11241100x80000000000000003859600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aedf720a362433d52021-12-22 11:49:54.444root 11241100x80000000000000003859601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4298cc582563b46d2021-12-22 11:49:54.444root 11241100x80000000000000003859602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ab8cab0854268e2021-12-22 11:49:54.444root 11241100x80000000000000003859603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec2f747008531d32021-12-22 11:49:54.444root 11241100x80000000000000003859604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9798c8df683c03622021-12-22 11:49:54.444root 11241100x80000000000000003859605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ec43ab1ee0d69b2021-12-22 11:49:54.444root 11241100x80000000000000003859606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4548af9ce655b5d72021-12-22 11:49:54.445root 11241100x80000000000000003859607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47730e000be2e5e62021-12-22 11:49:54.445root 11241100x80000000000000003859608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3dd171462b20a6f2021-12-22 11:49:54.445root 11241100x80000000000000003859609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfe25e59d9539392021-12-22 11:49:54.445root 11241100x80000000000000003859610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b220ed00925d0c2021-12-22 11:49:54.445root 11241100x80000000000000003859611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e493053a13856a2021-12-22 11:49:54.446root 11241100x80000000000000003859612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961a2c367a4c74fc2021-12-22 11:49:54.446root 11241100x80000000000000003859613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87871eb6d41aca3b2021-12-22 11:49:54.446root 11241100x80000000000000003859614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7c532df00244972021-12-22 11:49:54.446root 11241100x80000000000000003859615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038f2114fd41a4a92021-12-22 11:49:54.446root 11241100x80000000000000003859616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1f9efbeac201332021-12-22 11:49:54.447root 11241100x80000000000000003859617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc7ccc6097a7c932021-12-22 11:49:54.447root 11241100x80000000000000003859618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3c0dc51912dccc2021-12-22 11:49:54.447root 11241100x80000000000000003859619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ffe155d2e071a12021-12-22 11:49:54.447root 11241100x80000000000000003859620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e1d20b64b387d12021-12-22 11:49:54.447root 11241100x80000000000000003859621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b9d4b03c42be4d2021-12-22 11:49:54.448root 11241100x80000000000000003859622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce81da7f873d54012021-12-22 11:49:54.448root 11241100x80000000000000003859623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5afcdbfa368b8e2021-12-22 11:49:54.448root 11241100x80000000000000003859624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea48c7f792c11522021-12-22 11:49:54.448root 11241100x80000000000000003859625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071831e25fb161682021-12-22 11:49:54.448root 11241100x80000000000000003859626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71eee5abf63c580c2021-12-22 11:49:54.449root 11241100x80000000000000003859627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b1ee0c7c17efe32021-12-22 11:49:54.449root 11241100x80000000000000003859628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a9a866efbe34632021-12-22 11:49:54.449root 11241100x80000000000000003859629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2dca556796de6f52021-12-22 11:49:54.449root 11241100x80000000000000003859630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c8664131ff47252021-12-22 11:49:54.450root 11241100x80000000000000003859631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7adb766b555196d92021-12-22 11:49:54.450root 11241100x80000000000000003859632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590f38728ad109ad2021-12-22 11:49:54.450root 11241100x80000000000000003859633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba0890d72fbcc7b2021-12-22 11:49:54.450root 11241100x80000000000000003859634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e428559fc85e6a102021-12-22 11:49:54.451root 11241100x80000000000000003859635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9fb21a28d957db92021-12-22 11:49:54.451root 11241100x80000000000000003859636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e108650f65c0d3762021-12-22 11:49:54.451root 11241100x80000000000000003859637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93776fce8977c5302021-12-22 11:49:54.452root 11241100x80000000000000003859638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276c2af5d8dbe42a2021-12-22 11:49:54.452root 11241100x80000000000000003859639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c88fa852797ac632021-12-22 11:49:54.453root 11241100x80000000000000003859640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc2a83eee7d5ecf2021-12-22 11:49:54.453root 11241100x80000000000000003859641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8145a4d615f9472021-12-22 11:49:54.453root 11241100x80000000000000003859642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8eda7731b2d54ac2021-12-22 11:49:54.453root 11241100x80000000000000003859643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4f3da12b8fccaf2021-12-22 11:49:54.454root 11241100x80000000000000003859644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9cdcfa3d7b9deee2021-12-22 11:49:54.454root 11241100x80000000000000003859645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a21fedc4631f982021-12-22 11:49:54.454root 11241100x80000000000000003859646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25492e3f938bdbc72021-12-22 11:49:54.454root 11241100x80000000000000003859647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c4bc70ae59290d2021-12-22 11:49:54.454root 11241100x80000000000000003859648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170b7aeeb7c0bad32021-12-22 11:49:54.455root 11241100x80000000000000003859649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e925bb4e772fcc2021-12-22 11:49:54.455root 11241100x80000000000000003859650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd56b302527bc8a62021-12-22 11:49:54.455root 11241100x80000000000000003859651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3364baa1e22f3bd72021-12-22 11:49:54.455root 11241100x80000000000000003859652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c72e263f4c2f882021-12-22 11:49:54.455root 11241100x80000000000000003859653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f3a20d1561fd082021-12-22 11:49:54.455root 11241100x80000000000000003859654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc497145129b26062021-12-22 11:49:54.455root 11241100x80000000000000003859655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800bfe8c81377dba2021-12-22 11:49:54.455root 11241100x80000000000000003859656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef3205b376b1a182021-12-22 11:49:54.455root 11241100x80000000000000003859657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7c4b399551bb712021-12-22 11:49:54.456root 11241100x80000000000000003859658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72451d09315d96912021-12-22 11:49:54.456root 11241100x80000000000000003859659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244f2498c38141902021-12-22 11:49:54.456root 11241100x80000000000000003859660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aefef088f3d2d672021-12-22 11:49:54.456root 11241100x80000000000000003859661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90afe27370540cc82021-12-22 11:49:54.456root 11241100x80000000000000003859662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46ea9155723e7892021-12-22 11:49:54.456root 11241100x80000000000000003859663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe372df535eed0482021-12-22 11:49:54.456root 11241100x80000000000000003859664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc32e7ee08fe13c2021-12-22 11:49:54.457root 11241100x80000000000000003859665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b86f9bb53ed2822021-12-22 11:49:54.457root 11241100x80000000000000003859666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e1c0e0c6a978902021-12-22 11:49:54.457root 11241100x80000000000000003859667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6dbbe1ec6a8ee352021-12-22 11:49:54.457root 11241100x80000000000000003859668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7509eac970acd3aa2021-12-22 11:49:54.457root 11241100x80000000000000003859669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8fb3f70d5f1aba2021-12-22 11:49:54.457root 11241100x80000000000000003859670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1c98c4ade569d02021-12-22 11:49:54.457root 11241100x80000000000000003859671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9bbbc4ef1702f442021-12-22 11:49:54.457root 11241100x80000000000000003859672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471360a64993290b2021-12-22 11:49:54.457root 11241100x80000000000000003859673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5373ebd71a9a7d12021-12-22 11:49:54.457root 11241100x80000000000000003859674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0ecfd2bdf1ef662021-12-22 11:49:54.457root 11241100x80000000000000003859675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4f18a76b7e79b42021-12-22 11:49:54.458root 11241100x80000000000000003859676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc19fb472b1006142021-12-22 11:49:54.458root 11241100x80000000000000003859677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f9f7352409c53c2021-12-22 11:49:54.458root 11241100x80000000000000003859678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925e7618a7cdae662021-12-22 11:49:54.458root 11241100x80000000000000003859679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe3b999ad2f6d102021-12-22 11:49:54.458root 11241100x80000000000000003859680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00dba8e5756b1cc92021-12-22 11:49:54.458root 11241100x80000000000000003859681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fcfe64d111d4292021-12-22 11:49:54.458root 11241100x80000000000000003859682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fac2e4fe73461832021-12-22 11:49:54.458root 11241100x80000000000000003859683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2ab65410810ebd2021-12-22 11:49:54.458root 11241100x80000000000000003859684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cee8d05e4a2adf2021-12-22 11:49:54.458root 11241100x80000000000000003859685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6abec3231df8db32021-12-22 11:49:54.458root 11241100x80000000000000003859686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e6419e91c17fdb2021-12-22 11:49:54.459root 11241100x80000000000000003859687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2a80ee441e5e542021-12-22 11:49:54.459root 11241100x80000000000000003859688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa11582202cd76112021-12-22 11:49:54.459root 11241100x80000000000000003859689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086ed845229ac17d2021-12-22 11:49:54.459root 11241100x80000000000000003859690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19bc82fae8f600fa2021-12-22 11:49:54.459root 11241100x80000000000000003859691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f86bcd8b7b54572021-12-22 11:49:54.459root 11241100x80000000000000003859692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd00fe85a437a4a42021-12-22 11:49:54.943root 11241100x80000000000000003859693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaaed033435e25b72021-12-22 11:49:54.943root 11241100x80000000000000003859694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bb33dfcaea672d2021-12-22 11:49:54.944root 11241100x80000000000000003859695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7dea03e5f4e7342021-12-22 11:49:54.944root 11241100x80000000000000003859696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b745b32f0ff099672021-12-22 11:49:54.944root 11241100x80000000000000003859697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dca10fb846125592021-12-22 11:49:54.944root 11241100x80000000000000003859698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0f082151dc349f2021-12-22 11:49:54.944root 11241100x80000000000000003859699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1cff11a10b82b552021-12-22 11:49:54.944root 11241100x80000000000000003859700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9224a4e43e9b31c2021-12-22 11:49:54.944root 11241100x80000000000000003859701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6e0b7114e8efbb2021-12-22 11:49:54.944root 11241100x80000000000000003859702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6e90fc3588b0312021-12-22 11:49:54.945root 11241100x80000000000000003859703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aee8bfcca7cce742021-12-22 11:49:54.945root 11241100x80000000000000003859704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4605e0c5f2f285fc2021-12-22 11:49:54.945root 11241100x80000000000000003859705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7a808426ac6e212021-12-22 11:49:54.945root 11241100x80000000000000003859706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47586d677f18cb3c2021-12-22 11:49:54.946root 11241100x80000000000000003859707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef9e24f307e246f2021-12-22 11:49:54.946root 11241100x80000000000000003859708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7bf06db7d366d6f2021-12-22 11:49:54.946root 11241100x80000000000000003859709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da4fdfbf7a5478a72021-12-22 11:49:54.946root 11241100x80000000000000003859710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d446a17406d5012021-12-22 11:49:54.946root 11241100x80000000000000003859711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3812a4f9288ea572021-12-22 11:49:54.946root 11241100x80000000000000003859712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40aa82481942ab22021-12-22 11:49:54.946root 11241100x80000000000000003859713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85dbcdcd3d640b0b2021-12-22 11:49:54.947root 11241100x80000000000000003859714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80e653dcb84488f2021-12-22 11:49:54.947root 11241100x80000000000000003859715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a2ac19788339a72021-12-22 11:49:54.947root 11241100x80000000000000003859716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a6d02d739368f62021-12-22 11:49:54.947root 11241100x80000000000000003859717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d15d9de59648e72021-12-22 11:49:54.947root 11241100x80000000000000003859718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5611b6c1b1afae842021-12-22 11:49:54.947root 11241100x80000000000000003859719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88048c4843e0484d2021-12-22 11:49:54.947root 11241100x80000000000000003859720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a98c385a8b2573c2021-12-22 11:49:54.947root 11241100x80000000000000003859721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d865712d96b8012021-12-22 11:49:54.948root 11241100x80000000000000003859722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36bcc1413731cc7d2021-12-22 11:49:54.948root 11241100x80000000000000003859723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93916dc69deffdcd2021-12-22 11:49:54.948root 11241100x80000000000000003859724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff877a19e2b69552021-12-22 11:49:54.948root 11241100x80000000000000003859725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ab0107cb2287472021-12-22 11:49:54.948root 11241100x80000000000000003859726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ab15f0b74f8ec12021-12-22 11:49:54.949root 11241100x80000000000000003859727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5956b232d890fd3c2021-12-22 11:49:54.949root 11241100x80000000000000003859728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb714160e4f3c4212021-12-22 11:49:54.949root 11241100x80000000000000003859729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1960ec06cd69e162021-12-22 11:49:54.949root 11241100x80000000000000003859730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093e0ce06d41708c2021-12-22 11:49:54.949root 11241100x80000000000000003859731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97941ac56a0f5e532021-12-22 11:49:54.950root 11241100x80000000000000003859732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab9cb8fbcd301cc2021-12-22 11:49:54.950root 11241100x80000000000000003859733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d44d16bbe5d3cdf72021-12-22 11:49:54.950root 11241100x80000000000000003859734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ed51334ca3f1742021-12-22 11:49:54.950root 11241100x80000000000000003859735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fe26a85463a2722021-12-22 11:49:54.950root 11241100x80000000000000003859736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7373dd18f8f31e2b2021-12-22 11:49:54.950root 11241100x80000000000000003859737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1bcb2e630488dd2021-12-22 11:49:54.950root 11241100x80000000000000003859738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140620b8d99d7ec42021-12-22 11:49:54.950root 11241100x80000000000000003859739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14696a34ee46ff9b2021-12-22 11:49:54.950root 11241100x80000000000000003859740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4caaa319f5a4562021-12-22 11:49:54.951root 11241100x80000000000000003859741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f9016d716035dd2021-12-22 11:49:54.951root 11241100x80000000000000003859742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e782548586bac902021-12-22 11:49:54.951root 11241100x80000000000000003859743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16576f577d23d8532021-12-22 11:49:54.951root 11241100x80000000000000003859744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6222c9b7048097242021-12-22 11:49:54.951root 11241100x80000000000000003859745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f141107938d5812021-12-22 11:49:54.951root 11241100x80000000000000003859746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316fb3ded7b721f22021-12-22 11:49:54.951root 11241100x80000000000000003859747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8af4bc81891449d2021-12-22 11:49:54.951root 11241100x80000000000000003859748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62b24e6f5f9e54e2021-12-22 11:49:54.952root 11241100x80000000000000003859749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0224f21ec7d799a42021-12-22 11:49:54.952root 11241100x80000000000000003859750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7901baab0db0032021-12-22 11:49:54.952root 11241100x80000000000000003859751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc845f36f05fc5472021-12-22 11:49:54.952root 11241100x80000000000000003859752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325e6c3e1915323b2021-12-22 11:49:54.952root 11241100x80000000000000003859753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c75a5dd7021ec52021-12-22 11:49:54.952root 11241100x80000000000000003859754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055c83792ddd3d1f2021-12-22 11:49:54.952root 11241100x80000000000000003859755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b5040d17baf3f12021-12-22 11:49:54.953root 11241100x80000000000000003859756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbdb65df3e6044782021-12-22 11:49:54.953root 11241100x80000000000000003859757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c41918b1615dca22021-12-22 11:49:54.953root 11241100x80000000000000003859758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f9e146abfc58092021-12-22 11:49:54.953root 11241100x80000000000000003859759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2419ccb0e7f113842021-12-22 11:49:54.953root 11241100x80000000000000003859760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc41897d98825322021-12-22 11:49:54.953root 11241100x80000000000000003859761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f202bb7f30036222021-12-22 11:49:54.953root 11241100x80000000000000003859762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44fa0a06e596aedd2021-12-22 11:49:54.954root 11241100x80000000000000003859763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766b7507655d618c2021-12-22 11:49:54.954root 11241100x80000000000000003859764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138d192b9ca8a57e2021-12-22 11:49:54.954root 11241100x80000000000000003859765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ca9081fd37b13f2021-12-22 11:49:54.954root 11241100x80000000000000003859766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e624523abb24882021-12-22 11:49:54.954root 11241100x80000000000000003859767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8c27e4e8ba0eb22021-12-22 11:49:54.954root 11241100x80000000000000003859768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68f18144dd6bcc62021-12-22 11:49:54.954root 11241100x80000000000000003859769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e251ae33d134fec2021-12-22 11:49:54.955root 11241100x80000000000000003859770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee9c4219beffbd82021-12-22 11:49:54.957root 11241100x80000000000000003859771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca439acd1ba00a312021-12-22 11:49:54.957root 11241100x80000000000000003859772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2d8f78912678992021-12-22 11:49:54.957root 11241100x80000000000000003859773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd879fb429b31c832021-12-22 11:49:54.957root 11241100x80000000000000003859774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d684c8cb2051160c2021-12-22 11:49:54.957root 11241100x80000000000000003859775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d84e78a125971312021-12-22 11:49:54.958root 11241100x80000000000000003859776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f13abf8f0f64c32021-12-22 11:49:54.960root 11241100x80000000000000003859777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0280f7a35b045c282021-12-22 11:49:54.960root 11241100x80000000000000003859778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e05162819566cfd2021-12-22 11:49:54.960root 11241100x80000000000000003859779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f32cd17fd4e9102021-12-22 11:49:54.960root 11241100x80000000000000003859780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7299cd23bda0972021-12-22 11:49:54.960root 11241100x80000000000000003859781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77dd30abe3fe803f2021-12-22 11:49:54.960root 11241100x80000000000000003859782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15748be3b056fc12021-12-22 11:49:54.960root 11241100x80000000000000003859783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5d9adb8dc479c62021-12-22 11:49:54.960root 11241100x80000000000000003859784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9c0d22480198412021-12-22 11:49:54.960root 11241100x80000000000000003859785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b239861fe008e22021-12-22 11:49:54.961root 11241100x80000000000000003859786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4547cf2d6e46d0452021-12-22 11:49:54.961root 11241100x80000000000000003859787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45fdf60c18745252021-12-22 11:49:54.961root 11241100x80000000000000003859788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d194a89486aa6c2021-12-22 11:49:54.962root 11241100x80000000000000003859789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f08a0004226a6b2021-12-22 11:49:54.962root 11241100x80000000000000003859790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114a5588e71a04ef2021-12-22 11:49:54.962root 11241100x80000000000000003859791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea89e8607aa082062021-12-22 11:49:54.963root 11241100x80000000000000003859792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183ad8c8c56f67462021-12-22 11:49:54.963root 11241100x80000000000000003859793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548dd1c000a650df2021-12-22 11:49:54.963root 11241100x80000000000000003859794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c24cfea72cf81b02021-12-22 11:49:54.963root 11241100x80000000000000003859795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4e4f9ee4bdb7d62021-12-22 11:49:54.963root 11241100x80000000000000003859796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a881c8491d8eb92021-12-22 11:49:54.964root 11241100x80000000000000003859797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5fbd61f6f28eeb12021-12-22 11:49:54.964root 11241100x80000000000000003859798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393fd435a70025fc2021-12-22 11:49:54.964root 11241100x80000000000000003859799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f26801b39c96d02021-12-22 11:49:54.964root 11241100x80000000000000003859800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9035a8a0140b4b52021-12-22 11:49:54.964root 11241100x80000000000000003859801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc2e633d17e29812021-12-22 11:49:54.964root 11241100x80000000000000003859802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86631c362448cad22021-12-22 11:49:54.965root 11241100x80000000000000003859803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7e1934085724f32021-12-22 11:49:54.965root 11241100x80000000000000003859804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8124318f4632a9362021-12-22 11:49:54.966root 11241100x80000000000000003859805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18142f4b95ee0f7b2021-12-22 11:49:54.966root 11241100x80000000000000003859806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733040ac21952fdf2021-12-22 11:49:54.966root 11241100x80000000000000003859807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44cbf175d008346c2021-12-22 11:49:54.967root 11241100x80000000000000003859808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1554201959c51632021-12-22 11:49:54.967root 11241100x80000000000000003859809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be9429dae78bd872021-12-22 11:49:54.967root 11241100x80000000000000003859810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c2a2c20e4125342021-12-22 11:49:54.968root 11241100x80000000000000003859811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14eb7615dbe732492021-12-22 11:49:54.968root 11241100x80000000000000003859812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a36c861d17ce3ce2021-12-22 11:49:54.970root 11241100x80000000000000003859813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1c8e83a129f36b2021-12-22 11:49:54.970root 11241100x80000000000000003859814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d5931ff11395dc2021-12-22 11:49:54.971root 11241100x80000000000000003859815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec000e5907c393b2021-12-22 11:49:54.971root 11241100x80000000000000003859816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd31c9c5de334702021-12-22 11:49:54.971root 11241100x80000000000000003859817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b652a20ae5e2cd52021-12-22 11:49:54.971root 11241100x80000000000000003859818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08cd8ce877bc54762021-12-22 11:49:54.972root 11241100x80000000000000003859819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47258fcab0fd5712021-12-22 11:49:54.972root 11241100x80000000000000003859820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30caf9f6e8ea4d72021-12-22 11:49:54.972root 11241100x80000000000000003859821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43bad9c6e4d86d52021-12-22 11:49:54.972root 11241100x80000000000000003859822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34faff47f9da6fda2021-12-22 11:49:54.972root 11241100x80000000000000003859823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:54.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759a299a3ed3b4d12021-12-22 11:49:54.972root 11241100x80000000000000003859824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cde007cc3bf2172021-12-22 11:49:55.443root 11241100x80000000000000003859825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4bea4dba0fc1552021-12-22 11:49:55.443root 11241100x80000000000000003859826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7246f4f0bd427cf22021-12-22 11:49:55.443root 11241100x80000000000000003859827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c359e9ac1f030c92021-12-22 11:49:55.443root 11241100x80000000000000003859828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60632f3d1c855f552021-12-22 11:49:55.443root 11241100x80000000000000003859829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d530cea3ad2270e2021-12-22 11:49:55.443root 11241100x80000000000000003859830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f085ae884fd9ec2021-12-22 11:49:55.443root 11241100x80000000000000003859831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7964589ac1b24f7c2021-12-22 11:49:55.444root 11241100x80000000000000003859832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c990c1a533792cbd2021-12-22 11:49:55.444root 11241100x80000000000000003859833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f25d5eedc0c89032021-12-22 11:49:55.445root 11241100x80000000000000003859834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f103e6448bbd9f072021-12-22 11:49:55.445root 11241100x80000000000000003859835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9fb846963794de32021-12-22 11:49:55.445root 11241100x80000000000000003859836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6bfeae7a595ffb2021-12-22 11:49:55.445root 11241100x80000000000000003859837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7dddc03c6092d52021-12-22 11:49:55.445root 11241100x80000000000000003859838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf60df69812456ff2021-12-22 11:49:55.445root 11241100x80000000000000003859839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5e5972edbaac8c2021-12-22 11:49:55.445root 11241100x80000000000000003859840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dcc40e70431340e2021-12-22 11:49:55.445root 11241100x80000000000000003859841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99a93ce5c4264a62021-12-22 11:49:55.445root 11241100x80000000000000003859842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e7382a289805a12021-12-22 11:49:55.445root 11241100x80000000000000003859843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63786215d719f2b92021-12-22 11:49:55.445root 11241100x80000000000000003859844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03517d2b82fda9f2021-12-22 11:49:55.445root 11241100x80000000000000003859845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70983dab7692c5d32021-12-22 11:49:55.445root 11241100x80000000000000003859846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c47cd7196464072021-12-22 11:49:55.446root 11241100x80000000000000003859847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2552034d72f9223d2021-12-22 11:49:55.446root 11241100x80000000000000003859848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08574fda9f17a1f2021-12-22 11:49:55.446root 11241100x80000000000000003859849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0eef6dc360bb7f72021-12-22 11:49:55.446root 11241100x80000000000000003859850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cee479ee4ec0bd72021-12-22 11:49:55.446root 11241100x80000000000000003859851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cef1595588b3522021-12-22 11:49:55.446root 11241100x80000000000000003859852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4612caf1d41776662021-12-22 11:49:55.446root 11241100x80000000000000003859853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0dbe58896013efd2021-12-22 11:49:55.446root 11241100x80000000000000003859854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28c853291179a6a2021-12-22 11:49:55.446root 11241100x80000000000000003859855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a24b46866a8a71b2021-12-22 11:49:55.446root 11241100x80000000000000003859856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ba44a076777aa62021-12-22 11:49:55.446root 11241100x80000000000000003859857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ded7a75271c1eb92021-12-22 11:49:55.446root 11241100x80000000000000003859858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a872e9347bfd18392021-12-22 11:49:55.446root 11241100x80000000000000003859859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13420e8384f7a2a42021-12-22 11:49:55.446root 11241100x80000000000000003859860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51744a22717e65a72021-12-22 11:49:55.446root 11241100x80000000000000003859861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0918c27f9eb898042021-12-22 11:49:55.446root 11241100x80000000000000003859862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56caba94d72b1cdc2021-12-22 11:49:55.447root 11241100x80000000000000003859863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3faa92a94c3d5e1f2021-12-22 11:49:55.447root 11241100x80000000000000003859864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff84b88c3ba8d472021-12-22 11:49:55.447root 11241100x80000000000000003859865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910386b813873e2d2021-12-22 11:49:55.447root 11241100x80000000000000003859866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d323a5071ef92a2021-12-22 11:49:55.447root 11241100x80000000000000003859867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f8bc58acd308242021-12-22 11:49:55.447root 11241100x80000000000000003859868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279b194ff84e04bf2021-12-22 11:49:55.447root 11241100x80000000000000003859869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f7d24f81038d782021-12-22 11:49:55.447root 11241100x80000000000000003859870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300b638525e604e52021-12-22 11:49:55.447root 11241100x80000000000000003859871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b522a263a7b26c82021-12-22 11:49:55.447root 11241100x80000000000000003859872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d0d76ea2d01e252021-12-22 11:49:55.447root 11241100x80000000000000003859873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924c9d74ca403abc2021-12-22 11:49:55.447root 11241100x80000000000000003859874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b391274ea1e4a4432021-12-22 11:49:55.447root 11241100x80000000000000003859875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43526d55bc58f8a12021-12-22 11:49:55.447root 11241100x80000000000000003859876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8469d20913ab5fd2021-12-22 11:49:55.447root 11241100x80000000000000003859877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3a167518ac89fb2021-12-22 11:49:55.448root 11241100x80000000000000003859878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92f52272bd673232021-12-22 11:49:55.448root 11241100x80000000000000003859879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2896e5883dab46082021-12-22 11:49:55.448root 11241100x80000000000000003859880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d70c922e071c8a2021-12-22 11:49:55.448root 11241100x80000000000000003859881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0cd9b9fbc20c27c2021-12-22 11:49:55.448root 11241100x80000000000000003859882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bcc2dc2c5b8a8932021-12-22 11:49:55.448root 11241100x80000000000000003859883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c234623d4dd4ff2021-12-22 11:49:55.448root 11241100x80000000000000003859884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de80ec86c1a550ee2021-12-22 11:49:55.448root 11241100x80000000000000003859885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1264b16cadb26a152021-12-22 11:49:55.448root 11241100x80000000000000003859886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd731dc46770b7ee2021-12-22 11:49:55.448root 11241100x80000000000000003859887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fefba43ea033ccd52021-12-22 11:49:55.448root 11241100x80000000000000003859888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a2e24cc36f00bc2021-12-22 11:49:55.448root 11241100x80000000000000003859889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c757421c26b1b22021-12-22 11:49:55.448root 11241100x80000000000000003859890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72bf4a62e9a332b72021-12-22 11:49:55.448root 11241100x80000000000000003859891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f03169c4b1a4a852021-12-22 11:49:55.448root 11241100x80000000000000003859892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230089e6c5223d1d2021-12-22 11:49:55.449root 11241100x80000000000000003859893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4356c1a876957d172021-12-22 11:49:55.449root 11241100x80000000000000003859894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a39958c8e24e0732021-12-22 11:49:55.449root 11241100x80000000000000003859895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93acf9a4e39ffe282021-12-22 11:49:55.449root 11241100x80000000000000003859896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634d31d2545542f82021-12-22 11:49:55.449root 11241100x80000000000000003859897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6218820a62f9d92f2021-12-22 11:49:55.449root 11241100x80000000000000003859898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f1cedc8646ceb52021-12-22 11:49:55.449root 11241100x80000000000000003859899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b763b2ee19d0632021-12-22 11:49:55.449root 11241100x80000000000000003859900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b3745e38ad012f2021-12-22 11:49:55.449root 11241100x80000000000000003859901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a048267498fa5a2021-12-22 11:49:55.449root 11241100x80000000000000003859902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159622e501d649ce2021-12-22 11:49:55.449root 11241100x80000000000000003859903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3680cbbd2197abe2021-12-22 11:49:55.449root 11241100x80000000000000003859904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5609c2b60324062021-12-22 11:49:55.450root 11241100x80000000000000003859905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f1c8791dfb4d2b2021-12-22 11:49:55.450root 11241100x80000000000000003859906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913ee7f81e8390442021-12-22 11:49:55.450root 11241100x80000000000000003859907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98fb461978fa5f62021-12-22 11:49:55.450root 11241100x80000000000000003859908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac703d165da6d492021-12-22 11:49:55.450root 11241100x80000000000000003859909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2bc43a914e9bb622021-12-22 11:49:55.450root 11241100x80000000000000003859910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8730447a36fc1e102021-12-22 11:49:55.450root 11241100x80000000000000003859911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7fa4fd08b3987d2021-12-22 11:49:55.450root 11241100x80000000000000003859912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0ca4b838c46c332021-12-22 11:49:55.450root 11241100x80000000000000003859913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b86377ed6c3731b2021-12-22 11:49:55.450root 11241100x80000000000000003859914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6338e293ee39c2922021-12-22 11:49:55.450root 11241100x80000000000000003859915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7936bd51ae0152372021-12-22 11:49:55.450root 11241100x80000000000000003859916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6354c4aa5371302021-12-22 11:49:55.450root 11241100x80000000000000003859917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdedeac01976d47e2021-12-22 11:49:55.451root 11241100x80000000000000003859918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a26d59f583c6c82021-12-22 11:49:55.451root 11241100x80000000000000003859919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774a2fe2703c1ace2021-12-22 11:49:55.451root 11241100x80000000000000003859920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1b2dea1250659d2021-12-22 11:49:55.451root 11241100x80000000000000003859921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b59c7c65bb7b7592021-12-22 11:49:55.451root 11241100x80000000000000003859922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4b02b6e1882f182021-12-22 11:49:55.451root 11241100x80000000000000003859923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a2d1cb625d4e912021-12-22 11:49:55.451root 11241100x80000000000000003859924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b49c33ffe20ee852021-12-22 11:49:55.451root 11241100x80000000000000003859925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d0f315817b397b2021-12-22 11:49:55.451root 11241100x80000000000000003859926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7ed1e8994ea7582021-12-22 11:49:55.943root 11241100x80000000000000003859927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca7a7754c8036342021-12-22 11:49:55.943root 11241100x80000000000000003859928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb529b1a52b102a2021-12-22 11:49:55.943root 11241100x80000000000000003859929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca3bfef0f485c022021-12-22 11:49:55.943root 11241100x80000000000000003859930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95c81cfc89d3a102021-12-22 11:49:55.943root 11241100x80000000000000003859931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee03403c82ac0ba22021-12-22 11:49:55.944root 11241100x80000000000000003859932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d1898b70b246e82021-12-22 11:49:55.944root 11241100x80000000000000003859933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a8b2ca7e8e11522021-12-22 11:49:55.944root 11241100x80000000000000003859934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7a88de1945f9832021-12-22 11:49:55.944root 11241100x80000000000000003859935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f80845f6b94c2ed2021-12-22 11:49:55.944root 11241100x80000000000000003859936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3605bee71f1f8d2021-12-22 11:49:55.944root 11241100x80000000000000003859937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967331865bbc9f172021-12-22 11:49:55.944root 11241100x80000000000000003859938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967188eb93ab88862021-12-22 11:49:55.944root 11241100x80000000000000003859939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ca26443a1910bf2021-12-22 11:49:55.944root 11241100x80000000000000003859940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7446dab7a3eeebaa2021-12-22 11:49:55.944root 11241100x80000000000000003859941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5237e97f31f026812021-12-22 11:49:55.945root 11241100x80000000000000003859942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d60f3ca315ad7832021-12-22 11:49:55.945root 11241100x80000000000000003859943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7b75e1a44b3a4a2021-12-22 11:49:55.945root 11241100x80000000000000003859944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92881ba50d63dc52021-12-22 11:49:55.945root 11241100x80000000000000003859945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a047e04ea61ca6f22021-12-22 11:49:55.945root 11241100x80000000000000003859946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14573ac2c4bb6e62021-12-22 11:49:55.945root 11241100x80000000000000003859947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62d49ac29aac6472021-12-22 11:49:55.945root 11241100x80000000000000003859948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854d5ab3d11474ec2021-12-22 11:49:55.945root 11241100x80000000000000003859949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6905cda960bb8422021-12-22 11:49:55.945root 11241100x80000000000000003859950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09dcb53748b6417d2021-12-22 11:49:55.946root 11241100x80000000000000003859951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e5e9903af69e962021-12-22 11:49:55.946root 11241100x80000000000000003859952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb8a59b347167782021-12-22 11:49:55.946root 11241100x80000000000000003859953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d48dd6ba3c6d5b2021-12-22 11:49:55.946root 11241100x80000000000000003859954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9366729e0b71c1102021-12-22 11:49:55.946root 11241100x80000000000000003859955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b919486e9f1e56702021-12-22 11:49:55.946root 11241100x80000000000000003859956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc91b886e0bab842021-12-22 11:49:55.946root 11241100x80000000000000003859957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33ad65a165dc2dc2021-12-22 11:49:55.946root 11241100x80000000000000003859958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6267f4e0a8a91a712021-12-22 11:49:55.946root 11241100x80000000000000003859959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e2f1d3d22756ea2021-12-22 11:49:55.947root 11241100x80000000000000003859960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb9d8f1ac20018b2021-12-22 11:49:55.947root 11241100x80000000000000003859961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96dcc934930ae1282021-12-22 11:49:55.947root 11241100x80000000000000003859962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308545a3123325802021-12-22 11:49:55.947root 11241100x80000000000000003859963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c450e5448e1f482021-12-22 11:49:55.947root 11241100x80000000000000003859964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3834fd8e38909ab72021-12-22 11:49:55.947root 11241100x80000000000000003859965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06fdeff12894c3552021-12-22 11:49:55.947root 11241100x80000000000000003859966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f3495709a2fe842021-12-22 11:49:55.947root 11241100x80000000000000003859967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff2ad34d38777d82021-12-22 11:49:55.947root 11241100x80000000000000003859968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322b63d48d9a925a2021-12-22 11:49:55.948root 11241100x80000000000000003859969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a07ed74984c8ed2021-12-22 11:49:55.948root 11241100x80000000000000003859970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c49ff8d155f7ed02021-12-22 11:49:55.948root 11241100x80000000000000003859971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b106eac18ff2fb2021-12-22 11:49:55.948root 11241100x80000000000000003859972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3224ed16394ae12021-12-22 11:49:55.948root 11241100x80000000000000003859973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7083d5d9cac28c932021-12-22 11:49:55.948root 11241100x80000000000000003859974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e26bc826dae2792021-12-22 11:49:55.948root 11241100x80000000000000003859975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a883569f6a9481212021-12-22 11:49:55.948root 11241100x80000000000000003859976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dee07f1e456fdd02021-12-22 11:49:55.949root 11241100x80000000000000003859977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa1cfb3b1db2c5a2021-12-22 11:49:55.949root 11241100x80000000000000003859978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ea0dc6fe8578f72021-12-22 11:49:55.949root 11241100x80000000000000003859979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cef32850f9c501e2021-12-22 11:49:55.949root 11241100x80000000000000003859980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88dd56eb931c0c22021-12-22 11:49:55.949root 11241100x80000000000000003859981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0406e12275d184a12021-12-22 11:49:55.949root 11241100x80000000000000003859982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67c1b9c916c276b2021-12-22 11:49:55.949root 11241100x80000000000000003859983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c497da17bc902c392021-12-22 11:49:55.950root 11241100x80000000000000003859984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42dae1ff27b96a82021-12-22 11:49:55.950root 11241100x80000000000000003859985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62059e0a853eca242021-12-22 11:49:55.950root 11241100x80000000000000003859986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c061312711aae72021-12-22 11:49:55.950root 11241100x80000000000000003859987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50f5c5cbf5ca2822021-12-22 11:49:55.950root 11241100x80000000000000003859988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c6addb83f0f9fd2021-12-22 11:49:55.950root 11241100x80000000000000003859989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829cfbdae6c547622021-12-22 11:49:55.950root 11241100x80000000000000003859990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e393bd2cc976822021-12-22 11:49:55.950root 11241100x80000000000000003859991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ebe7316105771f2021-12-22 11:49:55.950root 11241100x80000000000000003859992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0461a5f9d728ab692021-12-22 11:49:55.950root 11241100x80000000000000003859993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed97fb168e11513b2021-12-22 11:49:55.951root 11241100x80000000000000003859994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba2abceef79776b2021-12-22 11:49:55.951root 11241100x80000000000000003859995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725e025250f2322e2021-12-22 11:49:55.951root 11241100x80000000000000003859996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bebe914c7e3651a02021-12-22 11:49:55.951root 11241100x80000000000000003859997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d260351d3335ff142021-12-22 11:49:55.951root 11241100x80000000000000003859998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3ffabc94ec123c2021-12-22 11:49:55.951root 11241100x80000000000000003859999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f8dc61830ed1d62021-12-22 11:49:55.951root 11241100x80000000000000003860000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1454eb66fea2a2552021-12-22 11:49:55.951root 11241100x80000000000000003860001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a70f379aeec6eca2021-12-22 11:49:55.951root 11241100x80000000000000003860002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a87d51c355d68f2021-12-22 11:49:55.952root 11241100x80000000000000003860003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d27ad10ac966bdb2021-12-22 11:49:55.952root 11241100x80000000000000003860004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa618b725938e58c2021-12-22 11:49:55.952root 11241100x80000000000000003860005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48da971a074d7c032021-12-22 11:49:55.952root 11241100x80000000000000003860006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a792eff4ec28ca142021-12-22 11:49:55.952root 11241100x80000000000000003860007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9f1a6e5af6403c2021-12-22 11:49:55.952root 11241100x80000000000000003860008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff4936d8d2742ca2021-12-22 11:49:55.952root 11241100x80000000000000003860009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a366c159b4389ca82021-12-22 11:49:55.952root 11241100x80000000000000003860010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b09e2bf53159b32021-12-22 11:49:55.952root 11241100x80000000000000003860011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a2d47f6d4b0c502021-12-22 11:49:55.953root 11241100x80000000000000003860012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd3dada8c0e50442021-12-22 11:49:55.953root 11241100x80000000000000003860013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba08ef1d34bc4f32021-12-22 11:49:55.953root 11241100x80000000000000003860014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d226bf890d6575e42021-12-22 11:49:55.953root 11241100x80000000000000003860015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db42c2d0f1375bb2021-12-22 11:49:55.953root 11241100x80000000000000003860016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e0463fd6072cb22021-12-22 11:49:55.953root 11241100x80000000000000003860017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1938e6fa8b845f2021-12-22 11:49:55.953root 11241100x80000000000000003860018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75921718b1d2dff52021-12-22 11:49:55.953root 11241100x80000000000000003860019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2730dd73151c42c32021-12-22 11:49:55.953root 11241100x80000000000000003860020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb05f5ca1be89efd2021-12-22 11:49:55.954root 11241100x80000000000000003860021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c5591e79ff7e212021-12-22 11:49:55.954root 11241100x80000000000000003860022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249520c4fc8e65e72021-12-22 11:49:55.954root 11241100x80000000000000003860023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:55.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec5a465ffa40bc62021-12-22 11:49:55.954root 354300x80000000000000003860024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.022{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55516-false10.0.1.12-8000- 534500x80000000000000003860025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.042{00000000-0000-0000-0000-000000000000}19103<unknown process>ubuntu 534500x80000000000000003860026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.044{00000000-0000-0000-0000-000000000000}19104<unknown process>ubuntu 11241100x80000000000000003860027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.044{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash/tmp/sh-thd.SHMjmg2021-12-22 11:49:56.044ubuntu 23542300x80000000000000003860028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.044{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702ubuntu/bin/bash/tmp/sh-thd.SHMjmg--- 11241100x80000000000000003860029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25a8469a3e77a852021-12-22 11:49:56.443root 11241100x80000000000000003860030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06ec75eb2e431752021-12-22 11:49:56.444root 11241100x80000000000000003860031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6846986d1cb801492021-12-22 11:49:56.444root 11241100x80000000000000003860032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c596d0800d5ead02021-12-22 11:49:56.444root 11241100x80000000000000003860033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779ce02fb3e676cf2021-12-22 11:49:56.444root 11241100x80000000000000003860034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9372cdba4b818b72021-12-22 11:49:56.444root 11241100x80000000000000003860035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b2831e87ee9bc82021-12-22 11:49:56.444root 11241100x80000000000000003860036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b357e21c7f73ed2021-12-22 11:49:56.444root 11241100x80000000000000003860037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87b775920b783022021-12-22 11:49:56.445root 11241100x80000000000000003860038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00177d7e107e31072021-12-22 11:49:56.445root 11241100x80000000000000003860039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b9265877d176042021-12-22 11:49:56.445root 11241100x80000000000000003860040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9279c7809c93b8fb2021-12-22 11:49:56.445root 11241100x80000000000000003860041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f406aa50657723b2021-12-22 11:49:56.445root 11241100x80000000000000003860042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa60faf9b4dd7b262021-12-22 11:49:56.445root 11241100x80000000000000003860043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a01f0815f0afc22021-12-22 11:49:56.445root 11241100x80000000000000003860044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d73b19d807c2e32021-12-22 11:49:56.445root 11241100x80000000000000003860045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da72d7e651b9b37d2021-12-22 11:49:56.445root 11241100x80000000000000003860046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9bdad49f28d1b42021-12-22 11:49:56.445root 11241100x80000000000000003860047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2edf3d79e91e2682021-12-22 11:49:56.446root 11241100x80000000000000003860048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710b356853926c672021-12-22 11:49:56.446root 11241100x80000000000000003860049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943c04347322b3142021-12-22 11:49:56.446root 11241100x80000000000000003860050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d48d8fb8a6c8f82021-12-22 11:49:56.446root 11241100x80000000000000003860051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb9927bd4a5f8cc2021-12-22 11:49:56.446root 11241100x80000000000000003860052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028ded3d83b129882021-12-22 11:49:56.446root 11241100x80000000000000003860053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ce7e4d63cb9a822021-12-22 11:49:56.446root 11241100x80000000000000003860054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe9ecaf613b51132021-12-22 11:49:56.446root 11241100x80000000000000003860055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f039e9ef21858d92021-12-22 11:49:56.446root 11241100x80000000000000003860056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8edb45ccfbfc382021-12-22 11:49:56.446root 11241100x80000000000000003860057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d787ad57ca9b44212021-12-22 11:49:56.447root 11241100x80000000000000003860058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959db737589d65172021-12-22 11:49:56.447root 11241100x80000000000000003860059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb70b6ddf6b068d2021-12-22 11:49:56.447root 11241100x80000000000000003860060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f512f9f86d0e72e72021-12-22 11:49:56.447root 11241100x80000000000000003860061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8847eabab263e7f2021-12-22 11:49:56.447root 11241100x80000000000000003860062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0a123a7637377c2021-12-22 11:49:56.447root 11241100x80000000000000003860063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1815f9020d514a0a2021-12-22 11:49:56.447root 11241100x80000000000000003860064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eed51e82ee3cb1f2021-12-22 11:49:56.447root 11241100x80000000000000003860065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc97540ad3d3df482021-12-22 11:49:56.447root 11241100x80000000000000003860066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff1c12660aacd542021-12-22 11:49:56.447root 11241100x80000000000000003860067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7649bf8e0cb1a2182021-12-22 11:49:56.447root 11241100x80000000000000003860068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ded91efabde2562021-12-22 11:49:56.448root 11241100x80000000000000003860069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95266a6682c965592021-12-22 11:49:56.448root 11241100x80000000000000003860070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e714f8593c069a2021-12-22 11:49:56.448root 11241100x80000000000000003860071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d93753027a62d952021-12-22 11:49:56.448root 11241100x80000000000000003860072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1810429c904a10e2021-12-22 11:49:56.448root 11241100x80000000000000003860073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29be79f015f3d4082021-12-22 11:49:56.448root 11241100x80000000000000003860074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33fdae962cc424432021-12-22 11:49:56.448root 11241100x80000000000000003860075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a90f4bda54993bf2021-12-22 11:49:56.448root 11241100x80000000000000003860076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f94be24bb19018e2021-12-22 11:49:56.448root 11241100x80000000000000003860077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30aebd8c044ca8f02021-12-22 11:49:56.448root 11241100x80000000000000003860078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d450f6d8da4724e92021-12-22 11:49:56.448root 11241100x80000000000000003860079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e017a56ecd7e9e2021-12-22 11:49:56.449root 11241100x80000000000000003860080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fb27c1ed36b6192021-12-22 11:49:56.449root 11241100x80000000000000003860081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2fafeabb386ec32021-12-22 11:49:56.449root 11241100x80000000000000003860082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da62b8293f897d9e2021-12-22 11:49:56.449root 11241100x80000000000000003860083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca56f8d832bd85f2021-12-22 11:49:56.449root 11241100x80000000000000003860084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ea7462f4c5c9152021-12-22 11:49:56.449root 11241100x80000000000000003860085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb758dc4b53de1492021-12-22 11:49:56.450root 11241100x80000000000000003860086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5eb198aa21a0e792021-12-22 11:49:56.450root 11241100x80000000000000003860087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5bf7ca9e135d8152021-12-22 11:49:56.450root 11241100x80000000000000003860088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c21c53d485ac91e2021-12-22 11:49:56.451root 11241100x80000000000000003860089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf61d0fbcb113bd2021-12-22 11:49:56.451root 11241100x80000000000000003860090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7bd34d22800c742021-12-22 11:49:56.451root 11241100x80000000000000003860091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9953cb1be7014eee2021-12-22 11:49:56.451root 11241100x80000000000000003860092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57e1fb2d1c1062e2021-12-22 11:49:56.452root 11241100x80000000000000003860093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7ce55111c152892021-12-22 11:49:56.452root 11241100x80000000000000003860094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f57570d5ec4d0422021-12-22 11:49:56.452root 11241100x80000000000000003860095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07668a01df8576eb2021-12-22 11:49:56.452root 11241100x80000000000000003860096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd9c060ab06a3472021-12-22 11:49:56.452root 11241100x80000000000000003860097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed791afb7acdce042021-12-22 11:49:56.452root 11241100x80000000000000003860098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9b1eb48037e4bf2021-12-22 11:49:56.452root 11241100x80000000000000003860099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a91e2736f431162021-12-22 11:49:56.453root 11241100x80000000000000003860100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16ddfc1f17727d22021-12-22 11:49:56.453root 11241100x80000000000000003860101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8f02b3a9be63982021-12-22 11:49:56.453root 11241100x80000000000000003860102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29276ad6c95fd232021-12-22 11:49:56.453root 11241100x80000000000000003860103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6fc11412f2c86c22021-12-22 11:49:56.453root 11241100x80000000000000003860104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8814948f14992f452021-12-22 11:49:56.453root 11241100x80000000000000003860105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eaa42dc0b6bcb332021-12-22 11:49:56.454root 11241100x80000000000000003860106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b84b08a7ffb0232021-12-22 11:49:56.454root 11241100x80000000000000003860107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c59aca91dba31d2021-12-22 11:49:56.454root 154100x80000000000000003860108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.729{ec2b6afe-10e4-61c3-8042-98dbf3550000}19105/bin/nano-----nano run_hook.sh/home/ubuntuubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 11241100x80000000000000003860109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.731{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f7947521810cc32021-12-22 11:49:56.731root 11241100x80000000000000003860110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.731{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079dce93eee437f02021-12-22 11:49:56.731root 11241100x80000000000000003860111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.731{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a418323897840dce2021-12-22 11:49:56.731root 11241100x80000000000000003860112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.731{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3db2ee2cfe87b02021-12-22 11:49:56.731root 11241100x80000000000000003860113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.731{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a9a8c8ee2eadfc2021-12-22 11:49:56.731root 11241100x80000000000000003860114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.731{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a81fbfac1c224c2021-12-22 11:49:56.731root 11241100x80000000000000003860115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.731{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e37dd5b0d384502021-12-22 11:49:56.731root 11241100x80000000000000003860116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.731{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff19f566c1c8993c2021-12-22 11:49:56.731root 11241100x80000000000000003860117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9817e4fcf4a6d32021-12-22 11:49:56.732root 11241100x80000000000000003860118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3befd35f98c062382021-12-22 11:49:56.732root 11241100x80000000000000003860119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330572814e3a57b92021-12-22 11:49:56.732root 11241100x80000000000000003860120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc4c687c3358e4e2021-12-22 11:49:56.732root 11241100x80000000000000003860121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111c844d751fddd52021-12-22 11:49:56.732root 11241100x80000000000000003860122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5af35d58b21e9f2021-12-22 11:49:56.732root 11241100x80000000000000003860123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01310a929b6777102021-12-22 11:49:56.732root 11241100x80000000000000003860124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e77e6effaf37bf2021-12-22 11:49:56.732root 11241100x80000000000000003860125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138f8ceb41c5292b2021-12-22 11:49:56.732root 11241100x80000000000000003860126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a101b6acffbc39042021-12-22 11:49:56.732root 11241100x80000000000000003860127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a87b5c6f6dc7792021-12-22 11:49:56.733root 11241100x80000000000000003860128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58db0efaf5acc3762021-12-22 11:49:56.733root 11241100x80000000000000003860129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace4f704b9584eb32021-12-22 11:49:56.733root 11241100x80000000000000003860130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7037ee5968ecb3fa2021-12-22 11:49:56.733root 11241100x80000000000000003860131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e2243f20172c972021-12-22 11:49:56.733root 11241100x80000000000000003860132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.734{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db6e830add4f55f2021-12-22 11:49:56.734root 11241100x80000000000000003860133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.734{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0ee2e28a83f21b2021-12-22 11:49:56.734root 11241100x80000000000000003860134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.734{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df1d8fcdc89c1962021-12-22 11:49:56.734root 11241100x80000000000000003860135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.734{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2a335ad4ce5fdc2021-12-22 11:49:56.734root 11241100x80000000000000003860136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.735{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667b427ecfa070812021-12-22 11:49:56.735root 11241100x80000000000000003860137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.735{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869c84aaa65596ad2021-12-22 11:49:56.735root 11241100x80000000000000003860138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.735{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61b632d0aefe24e2021-12-22 11:49:56.735root 11241100x80000000000000003860139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.736{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a2b6d8958e021a2021-12-22 11:49:56.736root 11241100x80000000000000003860140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.736{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0593cb869b4bc02021-12-22 11:49:56.736root 11241100x80000000000000003860141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.736{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3fc65cf24aefa72021-12-22 11:49:56.736root 11241100x80000000000000003860142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.736{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67f4d3a93ff46d82021-12-22 11:49:56.736root 11241100x80000000000000003860143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.736{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ff65992cb3a69f2021-12-22 11:49:56.736root 11241100x80000000000000003860144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.736{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4af0415cc1cd96f2021-12-22 11:49:56.736root 11241100x80000000000000003860145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.736{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c81ee22d762a092021-12-22 11:49:56.736root 11241100x80000000000000003860146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.737{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b488eb6aaa160f2021-12-22 11:49:56.737root 11241100x80000000000000003860147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.737{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0e9881378054772021-12-22 11:49:56.737root 11241100x80000000000000003860148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.737{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3132fe8ca663a142021-12-22 11:49:56.737root 11241100x80000000000000003860149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.737{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419c60bfb935e2fb2021-12-22 11:49:56.737root 11241100x80000000000000003860150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.737{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d4c0f38915c7b12021-12-22 11:49:56.737root 11241100x80000000000000003860151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.737{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96600efd4d35bfa2021-12-22 11:49:56.737root 11241100x80000000000000003860152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.737{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c738a8689d364e3a2021-12-22 11:49:56.737root 11241100x80000000000000003860153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.738{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc915a33fd37c16d2021-12-22 11:49:56.738root 11241100x80000000000000003860154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.738{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb492f25185432e2021-12-22 11:49:56.738root 11241100x80000000000000003860155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.738{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21901355c9d95cbf2021-12-22 11:49:56.738root 11241100x80000000000000003860156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.738{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63bc4846a0ba6c6e2021-12-22 11:49:56.738root 11241100x80000000000000003860157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.738{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774c7df290573d692021-12-22 11:49:56.738root 11241100x80000000000000003860158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.738{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4f02dc49191fc42021-12-22 11:49:56.738root 11241100x80000000000000003860159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.738{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1acd6bb3439519f42021-12-22 11:49:56.738root 11241100x80000000000000003860160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.738{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15697bd3cedfa382021-12-22 11:49:56.738root 11241100x80000000000000003860161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.738{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd3c0673ccf8a942021-12-22 11:49:56.738root 11241100x80000000000000003860162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.739{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3794a190e898a02021-12-22 11:49:56.739root 11241100x80000000000000003860163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.739{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac59dc17eef46c0c2021-12-22 11:49:56.739root 11241100x80000000000000003860164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.739{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9488c91a5c8a72a22021-12-22 11:49:56.739root 11241100x80000000000000003860165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.739{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2c93c10a636b002021-12-22 11:49:56.739root 11241100x80000000000000003860166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.739{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d909079885d5bc2021-12-22 11:49:56.739root 11241100x80000000000000003860167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.739{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb9ffd58158b8842021-12-22 11:49:56.739root 11241100x80000000000000003860168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.739{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179bbaa25339ef7c2021-12-22 11:49:56.739root 11241100x80000000000000003860169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.739{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a2c152ed9c5fe82021-12-22 11:49:56.739root 11241100x80000000000000003860170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.740{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100937bbe1b3fdf52021-12-22 11:49:56.740root 11241100x80000000000000003860171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.740{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca90b77c4fad5622021-12-22 11:49:56.740root 11241100x80000000000000003860172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.740{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec4f6021ed455452021-12-22 11:49:56.740root 11241100x80000000000000003860173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.740{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775ca11f5b5e2f542021-12-22 11:49:56.740root 11241100x80000000000000003860174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.740{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992abc1b80db48202021-12-22 11:49:56.740root 11241100x80000000000000003860175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.740{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1dcc8b947b81502021-12-22 11:49:56.740root 11241100x80000000000000003860176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.740{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fab272bd692f142021-12-22 11:49:56.740root 11241100x80000000000000003860177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.740{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725f825e82f4f0622021-12-22 11:49:56.740root 11241100x80000000000000003860178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.740{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130e65c153654f0d2021-12-22 11:49:56.740root 11241100x80000000000000003860179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.741{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbe2149fa39eec02021-12-22 11:49:56.741root 11241100x80000000000000003860180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.741{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a480b6eb8b71fb2021-12-22 11:49:56.741root 11241100x80000000000000003860181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.741{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a34abf09ed3f3d2021-12-22 11:49:56.741root 11241100x80000000000000003860182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.741{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f89e6d33b23cae2021-12-22 11:49:56.741root 11241100x80000000000000003860183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.741{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2559ac258e20ba952021-12-22 11:49:56.741root 11241100x80000000000000003860184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.741{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c67382fb86e1e4e2021-12-22 11:49:56.741root 11241100x80000000000000003860185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.742{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec36923d9ea94ec2021-12-22 11:49:56.742root 11241100x80000000000000003860186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.742{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc3e2bc92dce5942021-12-22 11:49:56.742root 11241100x80000000000000003860187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.742{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f21f5cf265bc69a2021-12-22 11:49:56.742root 11241100x80000000000000003860188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.742{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b341d86b09afff2021-12-22 11:49:56.742root 11241100x80000000000000003860189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.742{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aafee134ae4b1672021-12-22 11:49:56.742root 11241100x80000000000000003860190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.742{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836ab68f9d33e1442021-12-22 11:49:56.742root 11241100x80000000000000003860191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.743{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7436e14cc98d5cb62021-12-22 11:49:56.743root 11241100x80000000000000003860192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.743{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae466b72f22ebd8b2021-12-22 11:49:56.743root 11241100x80000000000000003860193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.743{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62983d3b85691962021-12-22 11:49:56.743root 11241100x80000000000000003860194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.743{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5bba677d5c9dc12021-12-22 11:49:56.743root 11241100x80000000000000003860195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.743{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792c818112caa2842021-12-22 11:49:56.743root 11241100x80000000000000003860196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.744{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3728eac89bc559ef2021-12-22 11:49:56.744root 11241100x80000000000000003860197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.744{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a5621048ae38c62021-12-22 11:49:56.744root 11241100x80000000000000003860198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.744{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7badd0f8ab90fd6a2021-12-22 11:49:56.744root 11241100x80000000000000003860199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.744{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11bdf46bd4ed0bc52021-12-22 11:49:56.744root 11241100x80000000000000003860200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.744{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e8bb1e850897e02021-12-22 11:49:56.744root 11241100x80000000000000003860201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.744{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71809163303c77f52021-12-22 11:49:56.744root 11241100x80000000000000003860202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.744{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fee8c764b395902021-12-22 11:49:56.744root 11241100x80000000000000003860203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.745{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b735bc78fb4fc02021-12-22 11:49:56.745root 11241100x80000000000000003860204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.746{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a37f91351ea0712021-12-22 11:49:56.746root 11241100x80000000000000003860205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.746{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49fd19532bbfea0c2021-12-22 11:49:56.746root 11241100x80000000000000003860206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.746{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828687c1007bcd0e2021-12-22 11:49:56.746root 11241100x80000000000000003860207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.746{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac08450d8e9b031a2021-12-22 11:49:56.746root 11241100x80000000000000003860208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.746{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e113fd2357c223b2021-12-22 11:49:56.746root 11241100x80000000000000003860209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.746{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43bda79426028172021-12-22 11:49:56.746root 11241100x80000000000000003860210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.746{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27b4d6c990252772021-12-22 11:49:56.746root 11241100x80000000000000003860211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.746{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592af4e2eec98ec32021-12-22 11:49:56.746root 11241100x80000000000000003860212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.747{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150d2019b66ab8c12021-12-22 11:49:56.747root 11241100x80000000000000003860213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.747{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b32670bc9890be82021-12-22 11:49:56.747root 11241100x80000000000000003860214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.747{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ce766fd55ab0d22021-12-22 11:49:56.747root 11241100x80000000000000003860215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.747{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92c6bcbb99e0baa2021-12-22 11:49:56.747root 11241100x80000000000000003860216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.748{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7965ec6812695f0d2021-12-22 11:49:56.748root 11241100x80000000000000003860217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.748{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1dc9ccacf51ac62021-12-22 11:49:56.748root 11241100x80000000000000003860218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.748{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11bf20c59b875eb2021-12-22 11:49:56.748root 11241100x80000000000000003860219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.748{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adbd38dab50be5b82021-12-22 11:49:56.748root 11241100x80000000000000003860220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.748{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34e9f1cd0d9205a2021-12-22 11:49:56.748root 11241100x80000000000000003860221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.748{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b303caeae0c194d2021-12-22 11:49:56.748root 11241100x80000000000000003860222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.749{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2409214ed6dfb3ca2021-12-22 11:49:56.749root 11241100x80000000000000003860223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.749{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c6a26c3b79a7922021-12-22 11:49:56.749root 11241100x80000000000000003860224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.749{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d21e02b7d798fd2021-12-22 11:49:56.749root 11241100x80000000000000003860225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.749{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a62a78c4268776e2021-12-22 11:49:56.749root 11241100x80000000000000003860226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.749{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094e1c1b367e04b52021-12-22 11:49:56.749root 11241100x80000000000000003860227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.750{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe41f2ea42c8f59c2021-12-22 11:49:56.750root 11241100x80000000000000003860228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.750{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85927e68fdc60182021-12-22 11:49:56.750root 11241100x80000000000000003860229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.750{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a25096baeb325b2021-12-22 11:49:56.750root 11241100x80000000000000003860230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.750{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987dbde79bea79c22021-12-22 11:49:56.750root 11241100x80000000000000003860231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.750{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0305279e3787e8372021-12-22 11:49:56.750root 11241100x80000000000000003860232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.750{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277a4f7c968eeed42021-12-22 11:49:56.750root 11241100x80000000000000003860233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.750{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1924bcbf5328756f2021-12-22 11:49:56.750root 11241100x80000000000000003860234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.750{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d310e13f3779b2a72021-12-22 11:49:56.750root 11241100x80000000000000003860235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.750{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aed338b7d3e22ad2021-12-22 11:49:56.750root 11241100x80000000000000003860236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.751{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c99396de04a4862021-12-22 11:49:56.751root 11241100x80000000000000003860237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.751{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454fd905a7dfb7e52021-12-22 11:49:56.751root 11241100x80000000000000003860238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.751{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22bf84c3aa9a2302021-12-22 11:49:56.751root 11241100x80000000000000003860239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.751{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd75f087025e3cbe2021-12-22 11:49:56.751root 11241100x80000000000000003860240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.751{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126b8bfdd47230552021-12-22 11:49:56.751root 11241100x80000000000000003860241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.751{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3fa06da2cf164b2021-12-22 11:49:56.751root 11241100x80000000000000003860242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.751{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c11f764c13614c62021-12-22 11:49:56.751root 11241100x80000000000000003860243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.751{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b9777193017cee2021-12-22 11:49:56.751root 11241100x80000000000000003860244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.752{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999a501556d236592021-12-22 11:49:56.752root 11241100x80000000000000003860245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.752{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e45770e224613cf2021-12-22 11:49:56.752root 11241100x80000000000000003860246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.752{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d80ce60b98c14e52021-12-22 11:49:56.752root 11241100x80000000000000003860247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.752{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a931295fc33e162021-12-22 11:49:56.752root 11241100x80000000000000003860248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.752{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ddae2e0a3b27b162021-12-22 11:49:56.752root 11241100x80000000000000003860249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.752{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e840a9a2a4fb052021-12-22 11:49:56.752root 11241100x80000000000000003860250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.752{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9ffe27cdfdd4ae2021-12-22 11:49:56.752root 11241100x80000000000000003860251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.752{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b51cc7b0882ead02021-12-22 11:49:56.752root 11241100x80000000000000003860252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.752{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2c026544c330cb2021-12-22 11:49:56.752root 11241100x80000000000000003860253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.753{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de1a889005af1772021-12-22 11:49:56.753root 11241100x80000000000000003860254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.753{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5065f020ed9458f72021-12-22 11:49:56.753root 11241100x80000000000000003860255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.753{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c82230a6fa8ff22021-12-22 11:49:56.753root 11241100x80000000000000003860256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.753{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f2b67f060e9eab2021-12-22 11:49:56.753root 11241100x80000000000000003860257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.753{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a423265156ae5592021-12-22 11:49:56.753root 11241100x80000000000000003860258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.753{ec2b6afe-10e4-61c3-8042-98dbf3550000}19105/bin/nano/home/ubuntu/.run_hook.sh.swp2021-12-22 11:49:56.753ubuntu 11241100x80000000000000003860259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.753{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7c86c57bf285452021-12-22 11:49:56.753root 11241100x80000000000000003860260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.753{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54288e14f17cbe12021-12-22 11:49:56.753root 11241100x80000000000000003860261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.754{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b52c4e964482812021-12-22 11:49:56.754root 11241100x80000000000000003860262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.754{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8de8b8a976825842021-12-22 11:49:56.754root 11241100x80000000000000003860263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.754{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41c21e0168385222021-12-22 11:49:56.754root 11241100x80000000000000003860264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.754{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f910e82faf957f9d2021-12-22 11:49:56.754root 11241100x80000000000000003860265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.755{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7960ffc7392890042021-12-22 11:49:56.755root 11241100x80000000000000003860266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.755{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae41dfb7f15e8d12021-12-22 11:49:56.755root 11241100x80000000000000003860267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.755{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17455a71d2c0b7a82021-12-22 11:49:56.755root 11241100x80000000000000003860268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.755{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea42f30633c80f32021-12-22 11:49:56.755root 11241100x80000000000000003860269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.755{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da865a8c744c6c302021-12-22 11:49:56.755root 11241100x80000000000000003860270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.755{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77ae430713df11a2021-12-22 11:49:56.755root 11241100x80000000000000003860271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.755{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba3c9cb6eed6e3f2021-12-22 11:49:56.755root 11241100x80000000000000003860272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.755{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021feb084e0c85a22021-12-22 11:49:56.755root 11241100x80000000000000003860273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.756{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e5bdaf49ec26ed2021-12-22 11:49:56.756root 11241100x80000000000000003860274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.756{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f22e65b470dee3d2021-12-22 11:49:56.756root 11241100x80000000000000003860275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.756{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49595f9a8f50d1522021-12-22 11:49:56.756root 11241100x80000000000000003860276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.757{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d77f255cadd0ece2021-12-22 11:49:56.757root 11241100x80000000000000003860277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.757{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc64636d23adafc02021-12-22 11:49:56.757root 11241100x80000000000000003860278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.757{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8ec0c6acc563872021-12-22 11:49:56.757root 11241100x80000000000000003860279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.757{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10e1bde41a833f72021-12-22 11:49:56.757root 11241100x80000000000000003860280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.757{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895c644f4c28607d2021-12-22 11:49:56.757root 11241100x80000000000000003860281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.758{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932ac14efa4ed5bc2021-12-22 11:49:56.758root 11241100x80000000000000003860282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.758{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed6b7afc0ed41de2021-12-22 11:49:56.758root 11241100x80000000000000003860283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.758{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef440973a2d2ad3c2021-12-22 11:49:56.758root 11241100x80000000000000003860284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.759{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df730f0a02a1ed3c2021-12-22 11:49:56.759root 11241100x80000000000000003860285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.759{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ff83531b98a4902021-12-22 11:49:56.759root 11241100x80000000000000003860286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.759{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ea5ad97ec54ebb2021-12-22 11:49:56.759root 11241100x80000000000000003860287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.760{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d2c86bec5338892021-12-22 11:49:56.760root 11241100x80000000000000003860288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.760{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3acc49ca8e6cf3942021-12-22 11:49:56.760root 11241100x80000000000000003860289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.760{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67799b7cc2e0dc9c2021-12-22 11:49:56.760root 11241100x80000000000000003860290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.761{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9031074cc2714ecd2021-12-22 11:49:56.761root 11241100x80000000000000003860291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.761{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c4481f6271ada82021-12-22 11:49:56.761root 11241100x80000000000000003860292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.761{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d600d6e515747bb2021-12-22 11:49:56.761root 11241100x80000000000000003860293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.761{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70d0d17f72f6c682021-12-22 11:49:56.761root 11241100x80000000000000003860294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.762{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ede032771cb8482021-12-22 11:49:56.762root 11241100x80000000000000003860295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.762{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e15d0eb8254cd6b2021-12-22 11:49:56.762root 11241100x80000000000000003860296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.762{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265967db2c7d673e2021-12-22 11:49:56.762root 11241100x80000000000000003860297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.763{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6850ab975302232021-12-22 11:49:56.763root 11241100x80000000000000003860298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.763{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2d9db7a4a166092021-12-22 11:49:56.763root 11241100x80000000000000003860299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.763{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54534bb17f48a7e62021-12-22 11:49:56.763root 11241100x80000000000000003860300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.764{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a75a4edf180b5772021-12-22 11:49:56.764root 11241100x80000000000000003860301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.764{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf751f2f40f4eec72021-12-22 11:49:56.764root 11241100x80000000000000003860302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.764{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0235ae8f111e8bd2021-12-22 11:49:56.764root 11241100x80000000000000003860303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.764{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4bbf7d7b325e25f2021-12-22 11:49:56.764root 11241100x80000000000000003860304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.765{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f082296145cbdbc62021-12-22 11:49:56.765root 11241100x80000000000000003860305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.765{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cecaa0cbaab03e42021-12-22 11:49:56.765root 11241100x80000000000000003860306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.766{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820bfe8124e02a6e2021-12-22 11:49:56.766root 11241100x80000000000000003860307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.766{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ff05edf1fc43b02021-12-22 11:49:56.766root 11241100x80000000000000003860308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.766{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b847eaa3568d152021-12-22 11:49:56.766root 11241100x80000000000000003860309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.766{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8202e11d6d827d2021-12-22 11:49:56.766root 11241100x80000000000000003860310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.767{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4f71f21429b91d2021-12-22 11:49:56.767root 11241100x80000000000000003860311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.767{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825c92ad5acd44172021-12-22 11:49:56.767root 11241100x80000000000000003860312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.767{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358d3c31eeec58092021-12-22 11:49:56.767root 11241100x80000000000000003860313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.767{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f29c7b0e2dbfea52021-12-22 11:49:56.767root 11241100x80000000000000003860314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.767{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d05e40cc7ba722d2021-12-22 11:49:56.767root 11241100x80000000000000003860315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.767{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1090922d1d4a69812021-12-22 11:49:56.767root 11241100x80000000000000003860316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.768{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aaaba7e8d2d84962021-12-22 11:49:56.768root 11241100x80000000000000003860317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.768{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5892b68997f87b2021-12-22 11:49:56.768root 11241100x80000000000000003860318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.768{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d555ae6a3c05fb2021-12-22 11:49:56.768root 11241100x80000000000000003860319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.768{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b598e19e9dfdb6f42021-12-22 11:49:56.768root 11241100x80000000000000003860320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.768{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cacc70b7afd4afc2021-12-22 11:49:56.768root 11241100x80000000000000003860321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.768{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5afa2d592621642021-12-22 11:49:56.768root 11241100x80000000000000003860322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.768{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9901d04d126b202021-12-22 11:49:56.768root 11241100x80000000000000003860323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.768{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b2add4f96b6cd42021-12-22 11:49:56.768root 11241100x80000000000000003860324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.768{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32451bf391834b462021-12-22 11:49:56.768root 11241100x80000000000000003860325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.768{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2e51a130667d9d2021-12-22 11:49:56.768root 11241100x80000000000000003860326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.769{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c094b76a618cb7992021-12-22 11:49:56.769root 11241100x80000000000000003860327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.769{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46cc6dc4eb4cb8c32021-12-22 11:49:56.769root 11241100x80000000000000003860328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.769{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9140e3e7dcbc412021-12-22 11:49:56.769root 11241100x80000000000000003860329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.769{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9451c69a21456f92021-12-22 11:49:56.769root 11241100x80000000000000003860330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.769{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0942e5603fc4e46d2021-12-22 11:49:56.769root 11241100x80000000000000003860331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.769{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1e62c60b39df7f2021-12-22 11:49:56.769root 11241100x80000000000000003860332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.769{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365f22be504f270b2021-12-22 11:49:56.769root 11241100x80000000000000003860333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.769{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb701ce2bb0bf412021-12-22 11:49:56.769root 11241100x80000000000000003860334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.769{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1268993295f44ca2021-12-22 11:49:56.769root 11241100x80000000000000003860335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.769{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50981226d7ee6ce72021-12-22 11:49:56.769root 11241100x80000000000000003860336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.770{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eada0a2e342642f2021-12-22 11:49:56.770root 11241100x80000000000000003860337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.770{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd93ae389489fef2021-12-22 11:49:56.770root 11241100x80000000000000003860338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.770{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22293ece1f0ab2082021-12-22 11:49:56.770root 11241100x80000000000000003860339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.770{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c63f3970d8c60b2021-12-22 11:49:56.770root 11241100x80000000000000003860340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.770{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d72eb2a9b93c7812021-12-22 11:49:56.770root 11241100x80000000000000003860341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.770{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ec376ee58bd4f82021-12-22 11:49:56.770root 11241100x80000000000000003860342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.770{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85c32eb3f60c9eb2021-12-22 11:49:56.770root 11241100x80000000000000003860343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.770{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a555de5cbb36aae12021-12-22 11:49:56.770root 11241100x80000000000000003860344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.770{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1509e6ab305674a62021-12-22 11:49:56.770root 11241100x80000000000000003860345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.770{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e237c6aae5689c382021-12-22 11:49:56.770root 11241100x80000000000000003860346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.771{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d330bc2d3dfbb1e2021-12-22 11:49:56.771root 11241100x80000000000000003860347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.771{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830328650a4bfa282021-12-22 11:49:56.771root 11241100x80000000000000003860348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.771{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec3f50e2d1043ab2021-12-22 11:49:56.771root 11241100x80000000000000003860349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.771{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdcf6cc811f88fb02021-12-22 11:49:56.771root 11241100x80000000000000003860350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.771{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc16a405e63a5ae2021-12-22 11:49:56.771root 11241100x80000000000000003860351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.771{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44456731c54234082021-12-22 11:49:56.771root 11241100x80000000000000003860352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.771{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e5151218a45a112021-12-22 11:49:56.771root 11241100x80000000000000003860353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.771{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edba566c635abbc32021-12-22 11:49:56.771root 11241100x80000000000000003860354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.772{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ace527439542e1d2021-12-22 11:49:56.772root 11241100x80000000000000003860355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.772{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66720f9950e824692021-12-22 11:49:56.772root 11241100x80000000000000003860356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.772{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e90a077f1143b62021-12-22 11:49:56.772root 11241100x80000000000000003860357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.772{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57adb31d6291b3fe2021-12-22 11:49:56.772root 11241100x80000000000000003860358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.772{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cefcdc036df88bff2021-12-22 11:49:56.772root 11241100x80000000000000003860359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.772{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328bd11d2c28d0b32021-12-22 11:49:56.772root 11241100x80000000000000003860360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.772{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a2824905a026772021-12-22 11:49:56.772root 11241100x80000000000000003860361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.772{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d73998431a641b2021-12-22 11:49:56.772root 11241100x80000000000000003860362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.772{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dbca2f4966ff4542021-12-22 11:49:56.772root 11241100x80000000000000003860363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.772{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6256c7f74b203ebe2021-12-22 11:49:56.772root 11241100x80000000000000003860364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.773{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247a65b2e144d0fb2021-12-22 11:49:56.773root 11241100x80000000000000003860365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.773{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370082495e6cd7192021-12-22 11:49:56.773root 11241100x80000000000000003860366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.773{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8baf75f0b00306162021-12-22 11:49:56.773root 11241100x80000000000000003860367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.773{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee19570e2cd5d5bb2021-12-22 11:49:56.773root 11241100x80000000000000003860368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.773{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e4af427fde59e62021-12-22 11:49:56.773root 11241100x80000000000000003860369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.773{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da35d0706285b30a2021-12-22 11:49:56.773root 11241100x80000000000000003860370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.773{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae222617f65393a42021-12-22 11:49:56.773root 11241100x80000000000000003860371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.773{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c920f1cf6cd7462021-12-22 11:49:56.773root 11241100x80000000000000003860372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.773{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e9451466f1488d2021-12-22 11:49:56.773root 11241100x80000000000000003860373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.774{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bc711ad4b0fa672021-12-22 11:49:56.774root 11241100x80000000000000003860374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.774{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc728a3cf9241842021-12-22 11:49:56.774root 11241100x80000000000000003860375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.774{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4b6b426f6dec902021-12-22 11:49:56.774root 11241100x80000000000000003860376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.774{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3335152b459ebc2021-12-22 11:49:56.774root 11241100x80000000000000003860377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.774{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f25676ee5c0c2102021-12-22 11:49:56.774root 11241100x80000000000000003860378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.774{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07fb5799ebdef36f2021-12-22 11:49:56.774root 11241100x80000000000000003860379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.774{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd9fbd02e04ae8f2021-12-22 11:49:56.774root 11241100x80000000000000003860380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.774{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64d784e5ddeda112021-12-22 11:49:56.774root 11241100x80000000000000003860381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.775{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bde330533ae18002021-12-22 11:49:56.775root 11241100x80000000000000003860382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.775{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09af21e1d555ba42021-12-22 11:49:56.775root 11241100x80000000000000003860383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.775{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905c62920ca7abf72021-12-22 11:49:56.775root 11241100x80000000000000003860384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.775{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8723b48fdd8054f52021-12-22 11:49:56.775root 11241100x80000000000000003860385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.775{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f812600bdaa491132021-12-22 11:49:56.775root 11241100x80000000000000003860386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.775{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de78711bfacabfd2021-12-22 11:49:56.775root 11241100x80000000000000003860387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.775{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c777a99dbcf7ec9e2021-12-22 11:49:56.775root 11241100x80000000000000003860388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.776{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67ba520429a99542021-12-22 11:49:56.776root 11241100x80000000000000003860389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.776{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f6b37528404fa42021-12-22 11:49:56.776root 11241100x80000000000000003860390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:56.776{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1c4a50d031f4fe2021-12-22 11:49:56.776root 11241100x80000000000000003860391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391e24b3973e11402021-12-22 11:49:57.193root 11241100x80000000000000003860392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0195faa43499fda42021-12-22 11:49:57.193root 11241100x80000000000000003860393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ffd2cb71a2855932021-12-22 11:49:57.193root 11241100x80000000000000003860394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25bb4f8e0c0f89112021-12-22 11:49:57.193root 11241100x80000000000000003860395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705f10c5ffbe0cfc2021-12-22 11:49:57.193root 11241100x80000000000000003860396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82649b2e4c9b27982021-12-22 11:49:57.193root 11241100x80000000000000003860397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d4c5ed9f08928f2021-12-22 11:49:57.193root 11241100x80000000000000003860398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149b51cec7ee81512021-12-22 11:49:57.193root 11241100x80000000000000003860399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd576c5b9921e932021-12-22 11:49:57.193root 11241100x80000000000000003860400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02de7fd3fbd3730e2021-12-22 11:49:57.194root 11241100x80000000000000003860401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1488602659e1ff9c2021-12-22 11:49:57.194root 11241100x80000000000000003860402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54169f63a18a32322021-12-22 11:49:57.194root 11241100x80000000000000003860403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458ce7d70c2f99832021-12-22 11:49:57.194root 11241100x80000000000000003860404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a469694cd127722021-12-22 11:49:57.194root 11241100x80000000000000003860405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45be82ac1629c8072021-12-22 11:49:57.194root 11241100x80000000000000003860406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403ae9ae8f3f824d2021-12-22 11:49:57.194root 11241100x80000000000000003860407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc8e165003f42a82021-12-22 11:49:57.194root 11241100x80000000000000003860408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab586ad13afac8ff2021-12-22 11:49:57.194root 11241100x80000000000000003860409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e64ce501ae4b8d2021-12-22 11:49:57.194root 11241100x80000000000000003860410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b9f62684e7e77192021-12-22 11:49:57.194root 11241100x80000000000000003860411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b290fbae087b97d2021-12-22 11:49:57.195root 11241100x80000000000000003860412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37485e17a7a306f12021-12-22 11:49:57.195root 11241100x80000000000000003860413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f8cb711e69e8512021-12-22 11:49:57.195root 11241100x80000000000000003860414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f97b3991fe75a42021-12-22 11:49:57.195root 11241100x80000000000000003860415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac2cde484e535a22021-12-22 11:49:57.195root 11241100x80000000000000003860416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115bb74ea30315c92021-12-22 11:49:57.195root 11241100x80000000000000003860417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fdfee8cfed207d12021-12-22 11:49:57.195root 11241100x80000000000000003860418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057bcebfa3a841a42021-12-22 11:49:57.195root 11241100x80000000000000003860419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc3a4afdb1f20522021-12-22 11:49:57.196root 11241100x80000000000000003860420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4835204a7d71ed22021-12-22 11:49:57.196root 11241100x80000000000000003860421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdccd454440453352021-12-22 11:49:57.196root 11241100x80000000000000003860422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bfb8b6a9058e96a2021-12-22 11:49:57.196root 11241100x80000000000000003860423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f826285808890eca2021-12-22 11:49:57.196root 11241100x80000000000000003860424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3bd3f862ae7e5272021-12-22 11:49:57.196root 11241100x80000000000000003860425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84481dde5de74d82021-12-22 11:49:57.196root 11241100x80000000000000003860426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4962ea7593ed47e2021-12-22 11:49:57.196root 11241100x80000000000000003860427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b71631d2f598db2021-12-22 11:49:57.196root 11241100x80000000000000003860428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245238b8d924ee352021-12-22 11:49:57.196root 11241100x80000000000000003860429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047e8cef41f86a2f2021-12-22 11:49:57.197root 11241100x80000000000000003860430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a3a44e9dfa27b42021-12-22 11:49:57.197root 11241100x80000000000000003860431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a704fb504aceb32021-12-22 11:49:57.197root 11241100x80000000000000003860432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39834e60b27976122021-12-22 11:49:57.197root 11241100x80000000000000003860433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad04b913f0fd02752021-12-22 11:49:57.197root 11241100x80000000000000003860434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4d6612a7f35b322021-12-22 11:49:57.197root 11241100x80000000000000003860435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ef2630f588b3d72021-12-22 11:49:57.197root 11241100x80000000000000003860436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474ccb9f988252ec2021-12-22 11:49:57.197root 11241100x80000000000000003860437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b812dbaf6b9d5262021-12-22 11:49:57.197root 11241100x80000000000000003860438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c34a21e47bc55f72021-12-22 11:49:57.197root 11241100x80000000000000003860439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81baddfc43c68cc2021-12-22 11:49:57.198root 11241100x80000000000000003860440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37b5fc7ebc8369c2021-12-22 11:49:57.198root 11241100x80000000000000003860441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20859f4db170cf582021-12-22 11:49:57.198root 11241100x80000000000000003860442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0027319c917a8e082021-12-22 11:49:57.198root 11241100x80000000000000003860443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b36729872b7a122021-12-22 11:49:57.198root 11241100x80000000000000003860444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331c8288a2d59f392021-12-22 11:49:57.198root 11241100x80000000000000003860445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d74a79e8c7f08be2021-12-22 11:49:57.198root 11241100x80000000000000003860446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce72ae602ffb06e2021-12-22 11:49:57.198root 11241100x80000000000000003860447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e1901486120dd42021-12-22 11:49:57.198root 11241100x80000000000000003860448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10dc110227fc73342021-12-22 11:49:57.199root 11241100x80000000000000003860449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8cbbe98f640cbf2021-12-22 11:49:57.199root 11241100x80000000000000003860450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c0f48d474fd77c2021-12-22 11:49:57.199root 11241100x80000000000000003860451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbdc2059b5d2205a2021-12-22 11:49:57.199root 11241100x80000000000000003860452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fdb0cc96c8a12ac2021-12-22 11:49:57.199root 11241100x80000000000000003860453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe9945a333a2e332021-12-22 11:49:57.199root 11241100x80000000000000003860454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b925243e0e656132021-12-22 11:49:57.199root 11241100x80000000000000003860455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8655b2f5ccdc93ee2021-12-22 11:49:57.199root 11241100x80000000000000003860456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51aeef744e48c7042021-12-22 11:49:57.200root 11241100x80000000000000003860457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29f2015507013802021-12-22 11:49:57.200root 11241100x80000000000000003860458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fcfdb800b729f6d2021-12-22 11:49:57.200root 11241100x80000000000000003860459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ec9b207a28edcd2021-12-22 11:49:57.200root 11241100x80000000000000003860460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916c8a6f8c7066ca2021-12-22 11:49:57.200root 11241100x80000000000000003860461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6653905d0137ef1f2021-12-22 11:49:57.200root 11241100x80000000000000003860462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfeff00018f73bc2021-12-22 11:49:57.200root 11241100x80000000000000003860463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fbaf5b540d5784c2021-12-22 11:49:57.200root 11241100x80000000000000003860464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d323ecf378736bd2021-12-22 11:49:57.200root 11241100x80000000000000003860465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9710cf27a0f7792021-12-22 11:49:57.200root 11241100x80000000000000003860466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f97c128b0dae862021-12-22 11:49:57.201root 11241100x80000000000000003860467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0c8818709b62cd2021-12-22 11:49:57.201root 11241100x80000000000000003860468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1742a83aeadb9dcf2021-12-22 11:49:57.201root 11241100x80000000000000003860469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfdc50dd010d048b2021-12-22 11:49:57.201root 11241100x80000000000000003860470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c07abd63bec904a2021-12-22 11:49:57.201root 11241100x80000000000000003860471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d82fa55a860e522021-12-22 11:49:57.201root 11241100x80000000000000003860472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ca6c11108febd92021-12-22 11:49:57.201root 11241100x80000000000000003860473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41db0917b8cd6aae2021-12-22 11:49:57.201root 11241100x80000000000000003860474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86d777d6fdfccb72021-12-22 11:49:57.201root 11241100x80000000000000003860475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bbacdd1c04828752021-12-22 11:49:57.202root 11241100x80000000000000003860476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3378815d4c890f2e2021-12-22 11:49:57.202root 11241100x80000000000000003860477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b04384680e160de2021-12-22 11:49:57.202root 11241100x80000000000000003860478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931cd55cfd1e3dd82021-12-22 11:49:57.202root 11241100x80000000000000003860479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10eb999899d8aaf42021-12-22 11:49:57.202root 11241100x80000000000000003860480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca87732291440c332021-12-22 11:49:57.203root 11241100x80000000000000003860481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675c7c8f1046047b2021-12-22 11:49:57.203root 11241100x80000000000000003860482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3f0066fd1ce8bc2021-12-22 11:49:57.203root 11241100x80000000000000003860483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e77efab7ffd17f32021-12-22 11:49:57.203root 11241100x80000000000000003860484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7cd56930d8b53ed2021-12-22 11:49:57.203root 11241100x80000000000000003860485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca92412bcd7e7e32021-12-22 11:49:57.203root 11241100x80000000000000003860486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9afb6e1d46e034902021-12-22 11:49:57.203root 11241100x80000000000000003860487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95592826da85a3b2021-12-22 11:49:57.203root 11241100x80000000000000003860488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9dc69c147f4d2f2021-12-22 11:49:57.204root 11241100x80000000000000003860489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064283b04f6ed74b2021-12-22 11:49:57.204root 11241100x80000000000000003860490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1871a7eac44838ec2021-12-22 11:49:57.204root 11241100x80000000000000003860491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7ccfad9673391b2021-12-22 11:49:57.204root 11241100x80000000000000003860492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a423183f6f76aea32021-12-22 11:49:57.204root 11241100x80000000000000003860493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6c1207ab00177b2021-12-22 11:49:57.204root 11241100x80000000000000003860494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d24e3182f6b27e2021-12-22 11:49:57.205root 11241100x80000000000000003860495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0904226cd731d0492021-12-22 11:49:57.205root 11241100x80000000000000003860496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65dc27152a7c75f2021-12-22 11:49:57.205root 11241100x80000000000000003860497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4736104da5e9eceb2021-12-22 11:49:57.205root 11241100x80000000000000003860498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7646e2142a99e2922021-12-22 11:49:57.205root 11241100x80000000000000003860499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e548c7ce302879492021-12-22 11:49:57.206root 11241100x80000000000000003860500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c20143b9984df12021-12-22 11:49:57.206root 11241100x80000000000000003860501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27887c1b86cb9422021-12-22 11:49:57.206root 11241100x80000000000000003860502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765b329bc6ad956d2021-12-22 11:49:57.206root 11241100x80000000000000003860503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43eae50572f746d2021-12-22 11:49:57.206root 11241100x80000000000000003860504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a695349542e40abf2021-12-22 11:49:57.206root 11241100x80000000000000003860505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f384aa84c7a01a2021-12-22 11:49:57.207root 11241100x80000000000000003860506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f429702c00611e2021-12-22 11:49:57.207root 11241100x80000000000000003860507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62f964f8fb97a842021-12-22 11:49:57.207root 11241100x80000000000000003860508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958d0a5063733e452021-12-22 11:49:57.207root 11241100x80000000000000003860509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b366eb074fac98c12021-12-22 11:49:57.207root 11241100x80000000000000003860510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7949678d4a5c312021-12-22 11:49:57.207root 11241100x80000000000000003860511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3acc62bebded66552021-12-22 11:49:57.207root 11241100x80000000000000003860512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d232ba87952fcf062021-12-22 11:49:57.207root 11241100x80000000000000003860513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d481f1dbd213266a2021-12-22 11:49:57.207root 11241100x80000000000000003860514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8a2113e2476bfb2021-12-22 11:49:57.207root 11241100x80000000000000003860515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955a6f936c5e70162021-12-22 11:49:57.208root 11241100x80000000000000003860516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f103f08f7783373b2021-12-22 11:49:57.208root 11241100x80000000000000003860517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4fa3a054d81f7172021-12-22 11:49:57.208root 11241100x80000000000000003860518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d94934b67401992021-12-22 11:49:57.208root 11241100x80000000000000003860519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc740a73c299a6512021-12-22 11:49:57.208root 11241100x80000000000000003860520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0a18d00d0307b22021-12-22 11:49:57.208root 11241100x80000000000000003860521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679c0d8e8135f2772021-12-22 11:49:57.208root 11241100x80000000000000003860522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f642bd8f0ab72f22021-12-22 11:49:57.209root 11241100x80000000000000003860523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2889370081e1d5a02021-12-22 11:49:57.209root 11241100x80000000000000003860524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05e05f09c58fd102021-12-22 11:49:57.209root 11241100x80000000000000003860525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab33e82903e67cee2021-12-22 11:49:57.209root 11241100x80000000000000003860526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa3dd9945302cb62021-12-22 11:49:57.209root 11241100x80000000000000003860527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e96ea3abde83bae2021-12-22 11:49:57.209root 11241100x80000000000000003860528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d54604f955c0602021-12-22 11:49:57.209root 11241100x80000000000000003860529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7525ec7874645aca2021-12-22 11:49:57.209root 11241100x80000000000000003860530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48926378c93023c2021-12-22 11:49:57.209root 11241100x80000000000000003860531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01c1f4e0ac01de92021-12-22 11:49:57.210root 11241100x80000000000000003860532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869e75219617e7862021-12-22 11:49:57.210root 11241100x80000000000000003860533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa339d2e284201142021-12-22 11:49:57.210root 11241100x80000000000000003860534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a825df32acc775d2021-12-22 11:49:57.210root 11241100x80000000000000003860535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97d94612dae894d2021-12-22 11:49:57.210root 11241100x80000000000000003860536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6184dc6079a6a0312021-12-22 11:49:57.210root 11241100x80000000000000003860537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f5a7b355520ad52021-12-22 11:49:57.210root 11241100x80000000000000003860538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4d0499879f39f62021-12-22 11:49:57.211root 11241100x80000000000000003860539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfd26b11d8efca42021-12-22 11:49:57.211root 11241100x80000000000000003860540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85f073c486ea5342021-12-22 11:49:57.211root 11241100x80000000000000003860541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e87fa5bfe1d9962021-12-22 11:49:57.211root 11241100x80000000000000003860542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b71c580798f6d8c2021-12-22 11:49:57.212root 11241100x80000000000000003860543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d384cf7bd081412021-12-22 11:49:57.212root 11241100x80000000000000003860544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679c5a712c4d4b9e2021-12-22 11:49:57.212root 11241100x80000000000000003860545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd65f762bee8415e2021-12-22 11:49:57.212root 11241100x80000000000000003860546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460096221c5718e32021-12-22 11:49:57.212root 11241100x80000000000000003860547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb6659e486561d42021-12-22 11:49:57.212root 11241100x80000000000000003860548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7a6efdc29352362021-12-22 11:49:57.212root 11241100x80000000000000003860549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff45553b0ebf32bd2021-12-22 11:49:57.213root 11241100x80000000000000003860550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568420966ff040d32021-12-22 11:49:57.213root 11241100x80000000000000003860551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b74d5901f0a3c62021-12-22 11:49:57.213root 11241100x80000000000000003860552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b7864dc5f4bfd62021-12-22 11:49:57.213root 11241100x80000000000000003860553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaee7ac54a123c532021-12-22 11:49:57.213root 11241100x80000000000000003860554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d21202d5b6376fb2021-12-22 11:49:57.213root 11241100x80000000000000003860555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbe2d18cd8dab192021-12-22 11:49:57.214root 11241100x80000000000000003860556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5b9e88131cff1f2021-12-22 11:49:57.214root 11241100x80000000000000003860557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e4d4cd7976d12e2021-12-22 11:49:57.214root 11241100x80000000000000003860558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1083c16d186dbe2021-12-22 11:49:57.214root 11241100x80000000000000003860559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e90697b4bada082021-12-22 11:49:57.214root 11241100x80000000000000003860560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88369135744dbce72021-12-22 11:49:57.214root 11241100x80000000000000003860561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b756793aba9b6e2021-12-22 11:49:57.214root 11241100x80000000000000003860562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5a911ec39665112021-12-22 11:49:57.215root 11241100x80000000000000003860563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0f98034ac4f9e82021-12-22 11:49:57.215root 11241100x80000000000000003860564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa8bf174f155f922021-12-22 11:49:57.215root 11241100x80000000000000003860565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40d2cf57e1c50972021-12-22 11:49:57.215root 11241100x80000000000000003860566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a271c01f19a18362021-12-22 11:49:57.215root 11241100x80000000000000003860567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3b659b633c42a82021-12-22 11:49:57.216root 11241100x80000000000000003860568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ad58b9144b50b22021-12-22 11:49:57.216root 11241100x80000000000000003860569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30dca37d177031292021-12-22 11:49:57.216root 11241100x80000000000000003860570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0deaa5e67474e4e2021-12-22 11:49:57.216root 11241100x80000000000000003860571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e074b0b32ec6e52021-12-22 11:49:57.216root 11241100x80000000000000003860572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7873165e9bc367652021-12-22 11:49:57.217root 11241100x80000000000000003860573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af387b1e1100b0bd2021-12-22 11:49:57.217root 11241100x80000000000000003860574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40339b66e57ad2fc2021-12-22 11:49:57.217root 11241100x80000000000000003860575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd3051753da9e9e2021-12-22 11:49:57.217root 11241100x80000000000000003860576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1805b1052440b42021-12-22 11:49:57.217root 11241100x80000000000000003860577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d34ca1702cb62d2021-12-22 11:49:57.217root 11241100x80000000000000003860578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8cf64ef09bdbaa62021-12-22 11:49:57.217root 11241100x80000000000000003860579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c622bb97d77f1d2021-12-22 11:49:57.217root 11241100x80000000000000003860580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ab747c311a25c02021-12-22 11:49:57.218root 11241100x80000000000000003860581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e844e2ab29c5901b2021-12-22 11:49:57.218root 11241100x80000000000000003860582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b913513be235d1682021-12-22 11:49:57.218root 11241100x80000000000000003860583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5d66b798e7e8782021-12-22 11:49:57.218root 11241100x80000000000000003860584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b136db79245ce822021-12-22 11:49:57.218root 11241100x80000000000000003860585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdfa4a293592db7a2021-12-22 11:49:57.218root 11241100x80000000000000003860586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4dcb5cea9dd4f82021-12-22 11:49:57.218root 11241100x80000000000000003860587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64486dfa50bc3c72021-12-22 11:49:57.218root 11241100x80000000000000003860588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07216da4484ccf62021-12-22 11:49:57.218root 11241100x80000000000000003860589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7621a7c78d3a0e2021-12-22 11:49:57.219root 11241100x80000000000000003860590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4dd916b539e16c2021-12-22 11:49:57.219root 11241100x80000000000000003860591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967e225b64b1601f2021-12-22 11:49:57.219root 11241100x80000000000000003860592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7192769b77dd31632021-12-22 11:49:57.219root 11241100x80000000000000003860593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec61c15f9b6c0c8f2021-12-22 11:49:57.220root 11241100x80000000000000003860594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b115cafdc43d5e272021-12-22 11:49:57.220root 11241100x80000000000000003860595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e51436c4aab119d2021-12-22 11:49:57.220root 11241100x80000000000000003860596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d45d23dd5e82c632021-12-22 11:49:57.220root 11241100x80000000000000003860597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984d83d5b06f41772021-12-22 11:49:57.220root 11241100x80000000000000003860598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d416203b1b63b5272021-12-22 11:49:57.220root 11241100x80000000000000003860599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9757344a375060c2021-12-22 11:49:57.220root 11241100x80000000000000003860600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2126b459efcff6aa2021-12-22 11:49:57.220root 11241100x80000000000000003860601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b51c9c0a6e4fe22021-12-22 11:49:57.220root 11241100x80000000000000003860602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710ef4697f3040b92021-12-22 11:49:57.220root 11241100x80000000000000003860603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ec94ab1fde61692021-12-22 11:49:57.220root 11241100x80000000000000003860604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c71a0bd0bb8fc9e2021-12-22 11:49:57.220root 11241100x80000000000000003860605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cc9843f34d42bf2021-12-22 11:49:57.221root 11241100x80000000000000003860606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6ed3cc23da3ad02021-12-22 11:49:57.221root 11241100x80000000000000003860607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c48facec6aab702021-12-22 11:49:57.221root 11241100x80000000000000003860608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd455e98bf493972021-12-22 11:49:57.221root 11241100x80000000000000003860609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43b83633502cf742021-12-22 11:49:57.221root 11241100x80000000000000003860610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd5b1da031619b22021-12-22 11:49:57.221root 11241100x80000000000000003860611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf645f0da90ede72021-12-22 11:49:57.221root 11241100x80000000000000003860612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c3368a445da4e32021-12-22 11:49:57.221root 11241100x80000000000000003860613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd84c356125c4b792021-12-22 11:49:57.221root 11241100x80000000000000003860614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ad3cefbbd207102021-12-22 11:49:57.221root 11241100x80000000000000003860615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11472b54f93540002021-12-22 11:49:57.221root 11241100x80000000000000003860616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff904c645c764be42021-12-22 11:49:57.221root 11241100x80000000000000003860617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac852c65bf69f3072021-12-22 11:49:57.221root 11241100x80000000000000003860618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eeb811c851b32332021-12-22 11:49:57.222root 11241100x80000000000000003860619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac90175b115f10c2021-12-22 11:49:57.222root 11241100x80000000000000003860620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8f10ffd4b14b112021-12-22 11:49:57.222root 11241100x80000000000000003860621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c699d69fa67d0ca2021-12-22 11:49:57.222root 11241100x80000000000000003860622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f1bb598b1cbaf72021-12-22 11:49:57.222root 11241100x80000000000000003860623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321c5f7538f6b9e02021-12-22 11:49:57.222root 11241100x80000000000000003860624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f36067b3051324d2021-12-22 11:49:57.222root 11241100x80000000000000003860625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12de117154e90a472021-12-22 11:49:57.223root 11241100x80000000000000003860626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659ffdbb3ea3589d2021-12-22 11:49:57.223root 11241100x80000000000000003860627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4f072e9f2bd16b2021-12-22 11:49:57.223root 11241100x80000000000000003860628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ffee77ff6a12452021-12-22 11:49:57.223root 11241100x80000000000000003860629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae64536d81f2a892021-12-22 11:49:57.224root 11241100x80000000000000003860630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d254b925aff6edd42021-12-22 11:49:57.224root 11241100x80000000000000003860631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a45c7653b49f752021-12-22 11:49:57.224root 11241100x80000000000000003860632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc5f971cfc4c65d2021-12-22 11:49:57.224root 11241100x80000000000000003860633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8dc1caf395b0ff2021-12-22 11:49:57.224root 11241100x80000000000000003860634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6a1252f52820f52021-12-22 11:49:57.224root 11241100x80000000000000003860635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa9a3d4a5dd9a422021-12-22 11:49:57.225root 11241100x80000000000000003860636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f78940099e0ce12021-12-22 11:49:57.225root 11241100x80000000000000003860637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eadeec01590277182021-12-22 11:49:57.225root 11241100x80000000000000003860638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae758f2fa98fd6892021-12-22 11:49:57.225root 11241100x80000000000000003860639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3cab3cb65441582021-12-22 11:49:57.225root 11241100x80000000000000003860640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba95ac1c2f4e1992021-12-22 11:49:57.225root 11241100x80000000000000003860641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b13dea7dfdaeef2021-12-22 11:49:57.226root 11241100x80000000000000003860642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e99aa02ce38dd32021-12-22 11:49:57.226root 11241100x80000000000000003860643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2683afe34abee4412021-12-22 11:49:57.226root 11241100x80000000000000003860644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8e4fd52700eac72021-12-22 11:49:57.226root 11241100x80000000000000003860645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad57a9cd889f4722021-12-22 11:49:57.226root 11241100x80000000000000003860646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c7f929a2b56569b2021-12-22 11:49:57.227root 11241100x80000000000000003860647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f79aab0a97df3632021-12-22 11:49:57.227root 11241100x80000000000000003860648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4170c75d470488512021-12-22 11:49:57.227root 11241100x80000000000000003860649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31034c56c730f9ac2021-12-22 11:49:57.227root 11241100x80000000000000003860650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b370678585ebe42e2021-12-22 11:49:57.227root 11241100x80000000000000003860651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebb8200a13e00842021-12-22 11:49:57.227root 11241100x80000000000000003860652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206f9b1ca8f4755a2021-12-22 11:49:57.227root 11241100x80000000000000003860653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767513bf8c22e6a12021-12-22 11:49:57.227root 11241100x80000000000000003860654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4058b36af7af94242021-12-22 11:49:57.227root 11241100x80000000000000003860655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc609e9cb9ff50ff2021-12-22 11:49:57.228root 11241100x80000000000000003860656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fab451beba486d52021-12-22 11:49:57.228root 11241100x80000000000000003860657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94688a9d8bb1068c2021-12-22 11:49:57.228root 11241100x80000000000000003860658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd49a10cd3f71ff52021-12-22 11:49:57.228root 11241100x80000000000000003860659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db5a3114556730d2021-12-22 11:49:57.228root 11241100x80000000000000003860660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e883392cdbb6772021-12-22 11:49:57.228root 11241100x80000000000000003860661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09bf74e80fd54092021-12-22 11:49:57.228root 11241100x80000000000000003860662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21b2aa0997bbad62021-12-22 11:49:57.228root 11241100x80000000000000003860663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ddf5e0b66d405462021-12-22 11:49:57.228root 11241100x80000000000000003860664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7490a93959061632021-12-22 11:49:57.228root 11241100x80000000000000003860665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cadc717c783aa09d2021-12-22 11:49:57.229root 11241100x80000000000000003860666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc60238b082f9ce92021-12-22 11:49:57.229root 11241100x80000000000000003860667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1921dedbcebfc22021-12-22 11:49:57.229root 11241100x80000000000000003860668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c419c7da1cc817d2021-12-22 11:49:57.229root 11241100x80000000000000003860669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86359f38f45e94002021-12-22 11:49:57.229root 11241100x80000000000000003860670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a574021210d88f3e2021-12-22 11:49:57.229root 11241100x80000000000000003860671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc3c4c184e2244e2021-12-22 11:49:57.229root 11241100x80000000000000003860672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d300b61104c19002021-12-22 11:49:57.229root 11241100x80000000000000003860673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8a53ffaf1b94012021-12-22 11:49:57.229root 11241100x80000000000000003860674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720381eca32a2c5a2021-12-22 11:49:57.229root 11241100x80000000000000003860675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430633da5fa86fa62021-12-22 11:49:57.230root 11241100x80000000000000003860676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08aaa70dfbbc79662021-12-22 11:49:57.230root 11241100x80000000000000003860677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f37061abf64f162021-12-22 11:49:57.230root 11241100x80000000000000003860678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9178a1ed54092c482021-12-22 11:49:57.230root 11241100x80000000000000003860679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fbb20941cd6dce32021-12-22 11:49:57.230root 11241100x80000000000000003860680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5084afec2bb918112021-12-22 11:49:57.230root 11241100x80000000000000003860681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0893f67d54765e2021-12-22 11:49:57.230root 11241100x80000000000000003860682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6262a62822cdef2b2021-12-22 11:49:57.231root 11241100x80000000000000003860683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7166074d74405b02021-12-22 11:49:57.231root 11241100x80000000000000003860684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53132d78bbc2ebb02021-12-22 11:49:57.231root 11241100x80000000000000003860685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6752283a08b01f52021-12-22 11:49:57.231root 11241100x80000000000000003860686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e018127d8452e5f2021-12-22 11:49:57.231root 11241100x80000000000000003860687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7ab14d1e1590ce2021-12-22 11:49:57.231root 11241100x80000000000000003860688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab3217660eb4df32021-12-22 11:49:57.231root 11241100x80000000000000003860689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2a0e7bf8ecaf1c2021-12-22 11:49:57.232root 11241100x80000000000000003860690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6bd2425794661b2021-12-22 11:49:57.232root 11241100x80000000000000003860691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c085117a01fcc88d2021-12-22 11:49:57.232root 11241100x80000000000000003860692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02cbf3f02e37c9d2021-12-22 11:49:57.232root 11241100x80000000000000003860693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418a2823f8e495cb2021-12-22 11:49:57.232root 11241100x80000000000000003860694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f3285ee40543f32021-12-22 11:49:57.232root 11241100x80000000000000003860695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe3b1bc34b0b0ad2021-12-22 11:49:57.232root 11241100x80000000000000003860696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933ff16359dc837f2021-12-22 11:49:57.232root 11241100x80000000000000003860697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d155b82496b11ab2021-12-22 11:49:57.232root 11241100x80000000000000003860698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a772a4bdb77411e22021-12-22 11:49:57.232root 11241100x80000000000000003860699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ffb23ddb6def0d2021-12-22 11:49:57.233root 11241100x80000000000000003860700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3570a80d2fd4983c2021-12-22 11:49:57.233root 11241100x80000000000000003860701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a932dccae82bd5e52021-12-22 11:49:57.233root 11241100x80000000000000003860702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f05e401c94ab172021-12-22 11:49:57.233root 11241100x80000000000000003860703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0916b70df2487c2021-12-22 11:49:57.233root 11241100x80000000000000003860704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe2ea1e2d859b012021-12-22 11:49:57.233root 11241100x80000000000000003860705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158204723eaa2bbe2021-12-22 11:49:57.234root 11241100x80000000000000003860706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f17b097edab23e2021-12-22 11:49:57.234root 11241100x80000000000000003860707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a145be5d828a19702021-12-22 11:49:57.234root 11241100x80000000000000003860708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ba45a019af18b62021-12-22 11:49:57.234root 11241100x80000000000000003860709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3ff7f1fe7accd72021-12-22 11:49:57.234root 11241100x80000000000000003860710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d9f3718866f7fb2021-12-22 11:49:57.234root 11241100x80000000000000003860711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704bfcf80c3f887f2021-12-22 11:49:57.234root 11241100x80000000000000003860712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3483b68dc6ccba72021-12-22 11:49:57.235root 11241100x80000000000000003860713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3b8c88ea1e6d3b2021-12-22 11:49:57.235root 11241100x80000000000000003860714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86178db2190f15bd2021-12-22 11:49:57.235root 11241100x80000000000000003860715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b0a0fc2994c16e2021-12-22 11:49:57.235root 11241100x80000000000000003860716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f5b0726313f9be2021-12-22 11:49:57.235root 11241100x80000000000000003860717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e7e2e8f4d6d9112021-12-22 11:49:57.235root 11241100x80000000000000003860718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075eed33019f40d82021-12-22 11:49:57.236root 11241100x80000000000000003860719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86bc2e762633e2b42021-12-22 11:49:57.236root 11241100x80000000000000003860720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8bfb2288f683ce2021-12-22 11:49:57.236root 11241100x80000000000000003860721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ec5540ded72bcf2021-12-22 11:49:57.236root 11241100x80000000000000003860722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ff685145419cff2021-12-22 11:49:57.236root 11241100x80000000000000003860723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643663bce734eda92021-12-22 11:49:57.236root 11241100x80000000000000003860724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7161423f40b6a20c2021-12-22 11:49:57.237root 11241100x80000000000000003860725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f298601a659b5402021-12-22 11:49:57.237root 11241100x80000000000000003860726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adea1751f59966a92021-12-22 11:49:57.237root 11241100x80000000000000003860727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0778ff515d492192021-12-22 11:49:57.237root 11241100x80000000000000003860728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69f5eb78e5edfcb2021-12-22 11:49:57.237root 11241100x80000000000000003860729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30405412f3433be2021-12-22 11:49:57.237root 11241100x80000000000000003860730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f9e8720294fa872021-12-22 11:49:57.237root 11241100x80000000000000003860731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6638e6070eba87f82021-12-22 11:49:57.238root 11241100x80000000000000003860732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8492b80a16525a542021-12-22 11:49:57.238root 11241100x80000000000000003860733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a6ee68d7540a292021-12-22 11:49:57.238root 11241100x80000000000000003860734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c78ee6951a096112021-12-22 11:49:57.238root 11241100x80000000000000003860735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccaaa89ceca9f0fa2021-12-22 11:49:57.238root 11241100x80000000000000003860736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe52b3da4478b0712021-12-22 11:49:57.238root 11241100x80000000000000003860737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e9bb2866d9743b2021-12-22 11:49:57.238root 11241100x80000000000000003860738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4226196c271306a92021-12-22 11:49:57.238root 11241100x80000000000000003860739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62e699f1add70c32021-12-22 11:49:57.238root 11241100x80000000000000003860740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:49:57.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b4af9013887e7d2021-12-22 11:49:57.238root 534500x80000000000000003860809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:17.502{00000000-0000-0000-0000-000000000000}19109<unknown process>ubuntu 11241100x80000000000000003860810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:17.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a55ddc11771668e2021-12-22 11:50:17.942root 154100x80000000000000003860811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:17.971{ec2b6afe-10f9-61c3-086e-0050c0550000}19110/usr/bin/sudo-----sudo ./run_hook.sh/home/ubuntuubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 354300x80000000000000003860812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:17.975{ec2b6afe-10f9-61c3-086e-0050c0550000}19110/usr/bin/sudoubuntuudptruefalse127.0.0.1-53749-false127.0.0.53-53- 354300x80000000000000003860813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:17.975{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-57858-false10.0.0.2-53- 354300x80000000000000003860814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:17.975{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-60256-false10.0.0.2-53- 354300x80000000000000003860815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:17.978{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudpfalsefalse10.0.0.2-53-false10.0.1.25-60256- 354300x80000000000000003860816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:17.978{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudpfalsefalse10.0.0.2-53-false10.0.1.25-57858- 354300x80000000000000003860817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:17.978{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-53749- 354300x80000000000000003860818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:17.978{ec2b6afe-10f9-61c3-086e-0050c0550000}19110/usr/bin/sudoubuntuudpfalsefalse127.0.0.53-53-false127.0.0.1-44774- 354300x80000000000000003860819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:17.978{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-44774- 354300x80000000000000003860820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:17.978{ec2b6afe-10f9-61c3-086e-0050c0550000}19110/usr/bin/sudoubuntuudptruefalse127.0.0.1-44774-false127.0.0.53-53- 154100x80000000000000003860821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:17.982{ec2b6afe-10f9-61c3-6852-c6e090550000}19111/bin/dash-----sh ./run_hook.sh/home/ubunturoot{ec2b6afe-0000-0000-0000-000000000000}033no level-{ec2b6afe-10f9-61c3-086e-0050c0550000}19110/usr/bin/sudosudoubuntu 154100x80000000000000003860822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:17.983{ec2b6afe-10f9-61c3-68a2-934c3c560000}19112/bin/dash-----sh ./dll_hook.sh/home/ubunturoot{ec2b6afe-0000-0000-0000-000000000000}033no level-{ec2b6afe-10f9-61c3-6852-c6e090550000}19111/bin/dashshroot 154100x80000000000000003860823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:17.984{ec2b6afe-10f9-61c3-1049-c4f289550000}19113/home/ubuntu/prog-----./prog/home/ubunturoot{ec2b6afe-0000-0000-0000-000000000000}033no level-{ec2b6afe-10f9-61c3-68a2-934c3c560000}19112/bin/dashshroot 534500x80000000000000003860824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:17.984{ec2b6afe-10f9-61c3-1049-c4f289550000}19113/home/ubuntu/progroot 534500x80000000000000003860825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:17.984{ec2b6afe-10f9-61c3-68a2-934c3c560000}19112/bin/dashroot 534500x80000000000000003860826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:17.984{ec2b6afe-10f9-61c3-6852-c6e090550000}19111/bin/dashroot 534500x80000000000000003860827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:17.985{ec2b6afe-10f9-61c3-086e-0050c0550000}19110/usr/bin/sudoroot 354300x80000000000000003860828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.128{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55524-false10.0.1.12-8000- 11241100x80000000000000003860829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f94d1adc125778c2021-12-22 11:50:18.443root 11241100x80000000000000003860830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79297d351b9c29c2021-12-22 11:50:18.443root 11241100x80000000000000003860831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b98f73dc8d35b82021-12-22 11:50:18.443root 11241100x80000000000000003860832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841388be9e84b6652021-12-22 11:50:18.444root 11241100x80000000000000003860833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199d0dd38483b3992021-12-22 11:50:18.444root 11241100x80000000000000003860834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d96bea7902ad49e2021-12-22 11:50:18.444root 11241100x80000000000000003860835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7fc8c8571d7f212021-12-22 11:50:18.444root 11241100x80000000000000003860836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eeba84ecec607672021-12-22 11:50:18.444root 11241100x80000000000000003860837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7b08e8e5efaab32021-12-22 11:50:18.444root 11241100x80000000000000003860838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027fcbc82fe850c52021-12-22 11:50:18.444root 11241100x80000000000000003860839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e698374084413f2021-12-22 11:50:18.444root 11241100x80000000000000003860840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfea7c92e947b832021-12-22 11:50:18.445root 11241100x80000000000000003860841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83bf0b6aa7ea9f72021-12-22 11:50:18.445root 11241100x80000000000000003860842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a548681af2d86c22021-12-22 11:50:18.446root 11241100x80000000000000003860843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49de91aaaee94c92021-12-22 11:50:18.446root 11241100x80000000000000003860844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426f2bad87a65f842021-12-22 11:50:18.446root 11241100x80000000000000003860845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5538ee28959e2202021-12-22 11:50:18.446root 11241100x80000000000000003860846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b729a8a0fd4c9f2021-12-22 11:50:18.446root 11241100x80000000000000003860847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a07250d07af90ea2021-12-22 11:50:18.446root 11241100x80000000000000003860848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c677e441076e3f02021-12-22 11:50:18.943root 11241100x80000000000000003860849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22598e602d31c0fc2021-12-22 11:50:18.943root 11241100x80000000000000003860850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3a3f1e2938f7c42021-12-22 11:50:18.943root 11241100x80000000000000003860851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7baddd8f9028aaeb2021-12-22 11:50:18.943root 11241100x80000000000000003860852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864bd7510b2a6a2a2021-12-22 11:50:18.944root 11241100x80000000000000003860853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e236a24f3185a64d2021-12-22 11:50:18.944root 11241100x80000000000000003860854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce3111c3a49dc9b2021-12-22 11:50:18.944root 11241100x80000000000000003860855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b7670ee7f44bacf2021-12-22 11:50:18.944root 11241100x80000000000000003860856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d0e7d970b3d1372021-12-22 11:50:18.944root 11241100x80000000000000003860857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fada2969654b3d2a2021-12-22 11:50:18.944root 11241100x80000000000000003860858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3c2fa97b7997fe2021-12-22 11:50:18.944root 11241100x80000000000000003860859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8467d8b7b683a7672021-12-22 11:50:18.944root 11241100x80000000000000003860860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc2640230dc549a2021-12-22 11:50:18.944root 11241100x80000000000000003860861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1391b24ebaf09422021-12-22 11:50:18.944root 11241100x80000000000000003860862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3362e0bcb3a7a3952021-12-22 11:50:18.944root 11241100x80000000000000003860863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6809265811f71b2021-12-22 11:50:18.944root 11241100x80000000000000003860864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8da8df3c8443bcf2021-12-22 11:50:18.944root 11241100x80000000000000003860865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b53a35eca35e3972021-12-22 11:50:18.944root 11241100x80000000000000003860866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e3087abec5d5ad2021-12-22 11:50:18.944root 11241100x80000000000000003860867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a920833dda7324ef2021-12-22 11:50:19.443root 11241100x80000000000000003860868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25758873dbc57332021-12-22 11:50:19.443root 11241100x80000000000000003860869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4d0f6cb33a6aa92021-12-22 11:50:19.443root 11241100x80000000000000003860870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e155981797603f2021-12-22 11:50:19.444root 11241100x80000000000000003860871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f1f1d64d37fbfa2021-12-22 11:50:19.444root 11241100x80000000000000003860872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f5ae919bdb8a072021-12-22 11:50:19.444root 11241100x80000000000000003860873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177e54e047a56d9f2021-12-22 11:50:19.444root 11241100x80000000000000003860874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329445cd42aa46672021-12-22 11:50:19.444root 11241100x80000000000000003860875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d606f23b3d290e232021-12-22 11:50:19.444root 11241100x80000000000000003860876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282128687930151f2021-12-22 11:50:19.444root 11241100x80000000000000003860877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5516615d511f60a42021-12-22 11:50:19.444root 11241100x80000000000000003860878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4c03daf2df198f2021-12-22 11:50:19.444root 11241100x80000000000000003860879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5cf2b9aacf981c72021-12-22 11:50:19.444root 11241100x80000000000000003860880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8bfaff10ee552f02021-12-22 11:50:19.444root 11241100x80000000000000003860881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebfcf5e8fa2bd4b72021-12-22 11:50:19.444root 11241100x80000000000000003860882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7c320368f0d41b2021-12-22 11:50:19.444root 11241100x80000000000000003860883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13e318ce69f82a72021-12-22 11:50:19.445root 11241100x80000000000000003860884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1712221594aa819f2021-12-22 11:50:19.445root 11241100x80000000000000003860885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6755e46ed9386c802021-12-22 11:50:19.445root 11241100x80000000000000003860886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d44cf26f362d4b7a2021-12-22 11:50:19.943root 11241100x80000000000000003860887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9a99f04a8b2d222021-12-22 11:50:19.943root 11241100x80000000000000003860888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d94292b202630c2021-12-22 11:50:19.943root 11241100x80000000000000003860889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb84320e42b16b272021-12-22 11:50:19.944root 11241100x80000000000000003860890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c753a668aeb1e32021-12-22 11:50:19.944root 11241100x80000000000000003860891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e64bb95c33838ab2021-12-22 11:50:19.944root 11241100x80000000000000003860892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c76e77a8e84c4b52021-12-22 11:50:19.944root 11241100x80000000000000003860893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4da8e65282fa6cb2021-12-22 11:50:19.944root 11241100x80000000000000003860894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779ea7ef7a1b49792021-12-22 11:50:19.944root 11241100x80000000000000003860895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb9ae1f55387d152021-12-22 11:50:19.944root 11241100x80000000000000003860896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856526c83d534aee2021-12-22 11:50:19.944root 11241100x80000000000000003860897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8f79c93cf68ff22021-12-22 11:50:19.944root 11241100x80000000000000003860898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7996122537505a2021-12-22 11:50:19.944root 11241100x80000000000000003860899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbcc39239b983572021-12-22 11:50:19.944root 11241100x80000000000000003860900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26aa737c81c18ad72021-12-22 11:50:19.944root 11241100x80000000000000003860901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9279c51e315bf5d12021-12-22 11:50:19.944root 11241100x80000000000000003860902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229364d1887e360c2021-12-22 11:50:19.945root 11241100x80000000000000003860903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db141a805356182b2021-12-22 11:50:19.945root 11241100x80000000000000003860904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c832e711197cf5c2021-12-22 11:50:19.945root 11241100x80000000000000003860905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09d8dd4dddd90e52021-12-22 11:50:19.946root 11241100x80000000000000003860906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e239071475d16f2021-12-22 11:50:19.951root 11241100x80000000000000003860907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea85c82487f0593f2021-12-22 11:50:19.951root 11241100x80000000000000003860908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3f9411f8fdf9d72021-12-22 11:50:19.951root 11241100x80000000000000003860909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07f30b73a9695242021-12-22 11:50:19.951root 11241100x80000000000000003860910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5cdee4983dc3882021-12-22 11:50:19.951root 11241100x80000000000000003860911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c7df2cfcb958272021-12-22 11:50:19.951root 11241100x80000000000000003860912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e0608111af6d922021-12-22 11:50:19.952root 11241100x80000000000000003860913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e0cf95dd7e1f172021-12-22 11:50:19.952root 11241100x80000000000000003860914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a24fbb041b40882021-12-22 11:50:19.952root 11241100x80000000000000003860915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d4101142d7b0882021-12-22 11:50:19.952root 11241100x80000000000000003860916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e40e58eff5611b02021-12-22 11:50:19.952root 11241100x80000000000000003860917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7faeb2ab44ee94d52021-12-22 11:50:19.952root 11241100x80000000000000003860918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0599b43a7171a2e72021-12-22 11:50:19.952root 11241100x80000000000000003860919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aab73b1346de83c2021-12-22 11:50:19.952root 11241100x80000000000000003860920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f987247870b7af3a2021-12-22 11:50:19.952root 11241100x80000000000000003860921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3afab20da5dc46ee2021-12-22 11:50:19.952root 11241100x80000000000000003860922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d4cf0eb111632a2021-12-22 11:50:19.953root 11241100x80000000000000003860923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:19.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d225145af714f94f2021-12-22 11:50:19.953root 11241100x80000000000000003860924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fbf089f09049b22021-12-22 11:50:20.443root 11241100x80000000000000003860925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbe5c7c0d07be872021-12-22 11:50:20.443root 11241100x80000000000000003860926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e607a2433aaf5af52021-12-22 11:50:20.444root 11241100x80000000000000003860927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c933e397fd2e20bb2021-12-22 11:50:20.444root 11241100x80000000000000003860928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f87a704f5801be2021-12-22 11:50:20.444root 11241100x80000000000000003860929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94132a52a4b9033a2021-12-22 11:50:20.444root 11241100x80000000000000003860930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf392ca5758371f52021-12-22 11:50:20.444root 11241100x80000000000000003860931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aff0b7cb535ff492021-12-22 11:50:20.444root 11241100x80000000000000003860932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33878d3024870d8d2021-12-22 11:50:20.445root 11241100x80000000000000003860933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4330430d3258612021-12-22 11:50:20.445root 11241100x80000000000000003860934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43fe4d2f92f20dd2021-12-22 11:50:20.445root 11241100x80000000000000003860935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95bb24f438057ac2021-12-22 11:50:20.445root 11241100x80000000000000003860936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2bcb08de996dcf22021-12-22 11:50:20.445root 11241100x80000000000000003860937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331558f6af5112d72021-12-22 11:50:20.445root 11241100x80000000000000003860938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3faa1df38d2c622021-12-22 11:50:20.445root 11241100x80000000000000003860939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11412c1d7828cc52021-12-22 11:50:20.445root 11241100x80000000000000003860940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8541ff0af9e23a3a2021-12-22 11:50:20.445root 11241100x80000000000000003860941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8ecf853fabb9f62021-12-22 11:50:20.445root 11241100x80000000000000003860942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785d24ba244e05db2021-12-22 11:50:20.445root 11241100x80000000000000003860943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032fba3a2b84c7992021-12-22 11:50:20.943root 11241100x80000000000000003860944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e938ced28b8069e2021-12-22 11:50:20.943root 11241100x80000000000000003860945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8182211897fd0e92021-12-22 11:50:20.943root 11241100x80000000000000003860946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0858b93d5979d0752021-12-22 11:50:20.943root 11241100x80000000000000003860947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24de8891bc547522021-12-22 11:50:20.944root 11241100x80000000000000003860948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771207afa76f8bdb2021-12-22 11:50:20.944root 11241100x80000000000000003860949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efefd3aa533540412021-12-22 11:50:20.944root 11241100x80000000000000003860950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc63fade4a5163f82021-12-22 11:50:20.944root 11241100x80000000000000003860951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5242bd955b14fdb2021-12-22 11:50:20.944root 11241100x80000000000000003860952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327c7602ed2835e42021-12-22 11:50:20.944root 11241100x80000000000000003860953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ddd9435c386f092021-12-22 11:50:20.944root 11241100x80000000000000003860954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c395200ee033f52021-12-22 11:50:20.944root 11241100x80000000000000003860955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c649d13461f7f02021-12-22 11:50:20.944root 11241100x80000000000000003860956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78be805233e15b52021-12-22 11:50:20.944root 11241100x80000000000000003860957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e26b977a0e424ed2021-12-22 11:50:20.944root 11241100x80000000000000003860958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f5f31d1331d2622021-12-22 11:50:20.944root 11241100x80000000000000003860959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a14412ab6cfcca2021-12-22 11:50:20.944root 11241100x80000000000000003860960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228684d7abdca63b2021-12-22 11:50:20.944root 11241100x80000000000000003860961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d923294881b89d2021-12-22 11:50:20.945root 11241100x80000000000000003860962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8760501a38df4d5a2021-12-22 11:50:21.443root 11241100x80000000000000003860963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4beff4f95a6e49652021-12-22 11:50:21.443root 11241100x80000000000000003860964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce1bb151a9e8cdf2021-12-22 11:50:21.443root 11241100x80000000000000003860965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be9cb8bf6090cca2021-12-22 11:50:21.443root 11241100x80000000000000003860966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59140575e4103f942021-12-22 11:50:21.444root 11241100x80000000000000003860967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a21e8c0b84d8e0b2021-12-22 11:50:21.444root 11241100x80000000000000003860968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa970a20a8532082021-12-22 11:50:21.444root 11241100x80000000000000003860969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9525c684c2b609572021-12-22 11:50:21.444root 11241100x80000000000000003860970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb37f061a603fc562021-12-22 11:50:21.444root 11241100x80000000000000003860971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b06eed7c0ed0fcb2021-12-22 11:50:21.444root 11241100x80000000000000003860972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d1dea840e3cfc52021-12-22 11:50:21.444root 11241100x80000000000000003860973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f9169a23262ddb2021-12-22 11:50:21.444root 11241100x80000000000000003860974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab52a09c1ed957f2021-12-22 11:50:21.444root 11241100x80000000000000003860975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573d5a804474cd002021-12-22 11:50:21.444root 11241100x80000000000000003860976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93ce626b6db21672021-12-22 11:50:21.444root 11241100x80000000000000003860977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0413be2c46647cd12021-12-22 11:50:21.444root 11241100x80000000000000003860978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ccd85c0c88b01fb2021-12-22 11:50:21.444root 11241100x80000000000000003860979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.effbe803d4a241f42021-12-22 11:50:21.444root 11241100x80000000000000003860980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ac6cebeeb162d02021-12-22 11:50:21.444root 11241100x80000000000000003860981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f0fabfd5cc76742021-12-22 11:50:21.943root 11241100x80000000000000003860982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375454d85ac53c3a2021-12-22 11:50:21.943root 11241100x80000000000000003860983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4523f3df69f97dd92021-12-22 11:50:21.943root 11241100x80000000000000003860984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93860a3e54d3785a2021-12-22 11:50:21.944root 11241100x80000000000000003860985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654817eff830c3fd2021-12-22 11:50:21.944root 11241100x80000000000000003860986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5aabc85d2df53b2021-12-22 11:50:21.944root 11241100x80000000000000003860987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625b982d6a6b0dd92021-12-22 11:50:21.944root 11241100x80000000000000003860988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cba1b2b3ba2b2dd2021-12-22 11:50:21.944root 11241100x80000000000000003860989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea800179694d280f2021-12-22 11:50:21.944root 11241100x80000000000000003860990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb2a199929333b02021-12-22 11:50:21.944root 11241100x80000000000000003860991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868c87779b39473b2021-12-22 11:50:21.944root 11241100x80000000000000003860992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2996fb089fd48bec2021-12-22 11:50:21.944root 11241100x80000000000000003860993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5e7106e82bee972021-12-22 11:50:21.945root 11241100x80000000000000003860994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30bad7f05c7176f2021-12-22 11:50:21.945root 11241100x80000000000000003860995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806c856ba96c774c2021-12-22 11:50:21.945root 11241100x80000000000000003860996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff69b34396e783b2021-12-22 11:50:21.945root 11241100x80000000000000003860997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10926431583a0c6c2021-12-22 11:50:21.945root 11241100x80000000000000003860998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da69621f5048ddb2021-12-22 11:50:21.945root 11241100x80000000000000003860999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0189e1c79c0e2c52021-12-22 11:50:21.945root 11241100x80000000000000003861000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aadd48f0da902622021-12-22 11:50:22.443root 11241100x80000000000000003861001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b3fd9fdef376842021-12-22 11:50:22.443root 11241100x80000000000000003861002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89c68ec281040742021-12-22 11:50:22.443root 11241100x80000000000000003861003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af192cd8ea187352021-12-22 11:50:22.444root 11241100x80000000000000003861004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52df923eef3141f62021-12-22 11:50:22.444root 11241100x80000000000000003861005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01253fc172c23752021-12-22 11:50:22.444root 11241100x80000000000000003861006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5d63b934bd03142021-12-22 11:50:22.444root 11241100x80000000000000003861007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d91839d68988ce62021-12-22 11:50:22.444root 11241100x80000000000000003861008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400166beee9ef53b2021-12-22 11:50:22.444root 11241100x80000000000000003861009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed6f8848b351ba72021-12-22 11:50:22.444root 11241100x80000000000000003861010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6dc4bd660e7c1a2021-12-22 11:50:22.444root 11241100x80000000000000003861011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8402cc02c8c4b32021-12-22 11:50:22.444root 11241100x80000000000000003861012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d26f417cfa87f202021-12-22 11:50:22.444root 11241100x80000000000000003861013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374a64c01cf015472021-12-22 11:50:22.444root 11241100x80000000000000003861014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342f3d78eaa438152021-12-22 11:50:22.444root 11241100x80000000000000003861015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6621796c0e46152021-12-22 11:50:22.444root 11241100x80000000000000003861016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2384523f0d5e6b432021-12-22 11:50:22.444root 11241100x80000000000000003861017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4bbc31c5a82c6c2021-12-22 11:50:22.444root 11241100x80000000000000003861018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a919011f1f3a41282021-12-22 11:50:22.444root 11241100x80000000000000003861019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07db3bdcebc31f5d2021-12-22 11:50:22.943root 11241100x80000000000000003861020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd48f8ed1dab3142021-12-22 11:50:22.943root 11241100x80000000000000003861021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832b0e195f7d653c2021-12-22 11:50:22.943root 11241100x80000000000000003861022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fceba525086cec12021-12-22 11:50:22.944root 11241100x80000000000000003861023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21fb4b1ae82c713b2021-12-22 11:50:22.944root 11241100x80000000000000003861024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7174111ee917c72021-12-22 11:50:22.944root 11241100x80000000000000003861025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ce6dd2b0e555592021-12-22 11:50:22.944root 11241100x80000000000000003861026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8a8012f88156012021-12-22 11:50:22.944root 11241100x80000000000000003861027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db3850406814fa12021-12-22 11:50:22.944root 11241100x80000000000000003861028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668b2f30ccd59d602021-12-22 11:50:22.944root 11241100x80000000000000003861029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50e28591e04e7382021-12-22 11:50:22.944root 11241100x80000000000000003861030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d25fab0dd14c5c2021-12-22 11:50:22.944root 11241100x80000000000000003861031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee45ec5226630352021-12-22 11:50:22.944root 11241100x80000000000000003861032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8dee4eeb1ce4d92021-12-22 11:50:22.944root 11241100x80000000000000003861033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac8d547306da8412021-12-22 11:50:22.944root 11241100x80000000000000003861034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbd7fb78100fe362021-12-22 11:50:22.944root 11241100x80000000000000003861035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165a63d7e683ee242021-12-22 11:50:22.944root 11241100x80000000000000003861036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4b6ab016c3e8572021-12-22 11:50:22.944root 11241100x80000000000000003861037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2d505b4d864de62021-12-22 11:50:22.944root 11241100x80000000000000003861038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e777d5245e64d9e2021-12-22 11:50:23.443root 11241100x80000000000000003861039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d63b8a55767d3d2021-12-22 11:50:23.443root 11241100x80000000000000003861040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024cd185de8197a62021-12-22 11:50:23.443root 11241100x80000000000000003861041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75fb16d530ec52a32021-12-22 11:50:23.443root 11241100x80000000000000003861042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a764728a6c293c2021-12-22 11:50:23.444root 11241100x80000000000000003861043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde002098199900e2021-12-22 11:50:23.444root 11241100x80000000000000003861044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9683a7e5c430e47f2021-12-22 11:50:23.444root 11241100x80000000000000003861045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e93546dcb945fd22021-12-22 11:50:23.444root 11241100x80000000000000003861046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c632a6391c6c1e72021-12-22 11:50:23.444root 11241100x80000000000000003861047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9060c0ac89e03fb2021-12-22 11:50:23.444root 11241100x80000000000000003861048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085c082bc7b8f0c92021-12-22 11:50:23.444root 11241100x80000000000000003861049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb0167baedec1162021-12-22 11:50:23.444root 11241100x80000000000000003861050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a83e3271a4028e2021-12-22 11:50:23.444root 11241100x80000000000000003861051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a713caa4138dc5a12021-12-22 11:50:23.444root 11241100x80000000000000003861052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ea2a9432b8cb982021-12-22 11:50:23.444root 11241100x80000000000000003861053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32041bf6a37a15492021-12-22 11:50:23.444root 11241100x80000000000000003861054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b086d27d2c5def8e2021-12-22 11:50:23.444root 11241100x80000000000000003861055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c3e928076f45342021-12-22 11:50:23.444root 11241100x80000000000000003861056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b38fa7de162ba92021-12-22 11:50:23.444root 11241100x80000000000000003861057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9d0583c8ad237f2021-12-22 11:50:23.943root 11241100x80000000000000003861058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea838eba7169a5d2021-12-22 11:50:23.943root 11241100x80000000000000003861059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224ac22c37273b732021-12-22 11:50:23.943root 11241100x80000000000000003861060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547343085f2597ac2021-12-22 11:50:23.944root 11241100x80000000000000003861061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49fe04edb41c5f9e2021-12-22 11:50:23.944root 11241100x80000000000000003861062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b980d7f63b114262021-12-22 11:50:23.944root 11241100x80000000000000003861063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3a0e4554a8090c2021-12-22 11:50:23.944root 11241100x80000000000000003861064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3128d2329dd033ca2021-12-22 11:50:23.944root 11241100x80000000000000003861065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f16d7ccf0910c862021-12-22 11:50:23.944root 11241100x80000000000000003861066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccbd20e693e6bc032021-12-22 11:50:23.944root 11241100x80000000000000003861067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88e2b429f30943f2021-12-22 11:50:23.944root 11241100x80000000000000003861068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c733be4db65a839e2021-12-22 11:50:23.944root 11241100x80000000000000003861069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240c947c4e34fc612021-12-22 11:50:23.944root 11241100x80000000000000003861070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0790ef2d3a4857a82021-12-22 11:50:23.944root 11241100x80000000000000003861071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249730203a703eb62021-12-22 11:50:23.944root 11241100x80000000000000003861072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37a891d797f011a2021-12-22 11:50:23.944root 11241100x80000000000000003861073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d53b7de787846892021-12-22 11:50:23.944root 11241100x80000000000000003861074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8946973d8de8f52021-12-22 11:50:23.944root 11241100x80000000000000003861075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6001192d364d7f452021-12-22 11:50:23.945root 354300x80000000000000003861076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.040{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55526-false10.0.1.12-8000- 11241100x80000000000000003861077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c597606d7f81c9152021-12-22 11:50:24.443root 11241100x80000000000000003861078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30fbfe2fe1b544772021-12-22 11:50:24.443root 11241100x80000000000000003861079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169c63f1bc3ccf762021-12-22 11:50:24.443root 11241100x80000000000000003861080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296767a480d5f2612021-12-22 11:50:24.443root 11241100x80000000000000003861081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f338b1ab6495572021-12-22 11:50:24.443root 11241100x80000000000000003861082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d821bfd098e14062021-12-22 11:50:24.443root 11241100x80000000000000003861083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a20e6d8777a97192021-12-22 11:50:24.443root 11241100x80000000000000003861084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f2d1ef12d988ee2021-12-22 11:50:24.443root 11241100x80000000000000003861085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725eb561f4d33ebb2021-12-22 11:50:24.443root 11241100x80000000000000003861086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f891ea251280472021-12-22 11:50:24.444root 11241100x80000000000000003861087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9159839603261a62021-12-22 11:50:24.444root 11241100x80000000000000003861088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e5e7c11c52fe132021-12-22 11:50:24.444root 11241100x80000000000000003861089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8800260c4d408d2021-12-22 11:50:24.444root 11241100x80000000000000003861090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a15122628e8e542021-12-22 11:50:24.444root 11241100x80000000000000003861091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08434f463b8c90ea2021-12-22 11:50:24.444root 11241100x80000000000000003861092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f991d9c1caca5ee2021-12-22 11:50:24.444root 11241100x80000000000000003861093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed369a1730fb2a932021-12-22 11:50:24.445root 11241100x80000000000000003861094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870dfe982773cddb2021-12-22 11:50:24.445root 11241100x80000000000000003861095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b5072d1001e3892021-12-22 11:50:24.445root 11241100x80000000000000003861096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ea7384c4e99bcf2021-12-22 11:50:24.445root 11241100x80000000000000003861097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e40628b7f252c892021-12-22 11:50:24.445root 11241100x80000000000000003861098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b955bb4c8e97d862021-12-22 11:50:24.445root 11241100x80000000000000003861099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330f4dea5f4cc1fc2021-12-22 11:50:24.445root 11241100x80000000000000003861100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4c9eac7f92e9602021-12-22 11:50:24.445root 11241100x80000000000000003861101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3dbd39fcc448fe22021-12-22 11:50:24.445root 11241100x80000000000000003861102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a034e6ea555647a2021-12-22 11:50:24.445root 11241100x80000000000000003861103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a70cc8cb6a6ee52021-12-22 11:50:24.445root 11241100x80000000000000003861104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c934b6669f47ac2021-12-22 11:50:24.943root 11241100x80000000000000003861105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0465114bec3de07d2021-12-22 11:50:24.943root 11241100x80000000000000003861106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b3030744152d672021-12-22 11:50:24.943root 11241100x80000000000000003861107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278f8f0db8bf26ad2021-12-22 11:50:24.943root 11241100x80000000000000003861108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d376c7ad8551cec2021-12-22 11:50:24.943root 11241100x80000000000000003861109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9242261001e5392021-12-22 11:50:24.944root 11241100x80000000000000003861110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1797deb86a4f02632021-12-22 11:50:24.944root 11241100x80000000000000003861111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39c6d91376b2d412021-12-22 11:50:24.944root 11241100x80000000000000003861112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4930f45845de182021-12-22 11:50:24.944root 11241100x80000000000000003861113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e16db5227fe258e2021-12-22 11:50:24.944root 11241100x80000000000000003861114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff8e661c79b6bbb2021-12-22 11:50:24.944root 11241100x80000000000000003861115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848f5e2cba9c51ef2021-12-22 11:50:24.944root 11241100x80000000000000003861116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef61ed18a5ea1da32021-12-22 11:50:24.944root 11241100x80000000000000003861117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ff91a32eb610b92021-12-22 11:50:24.944root 11241100x80000000000000003861118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4899775163556c2021-12-22 11:50:24.944root 11241100x80000000000000003861119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b16eaf419440b582021-12-22 11:50:24.944root 11241100x80000000000000003861120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea67afa896178c712021-12-22 11:50:24.944root 11241100x80000000000000003861121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20e29f7b58fb7f72021-12-22 11:50:24.944root 11241100x80000000000000003861122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8719642fc7b6f8212021-12-22 11:50:24.944root 11241100x80000000000000003861123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e320029cef11b962021-12-22 11:50:24.944root 11241100x80000000000000003861124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd54c6f71b52e2ea2021-12-22 11:50:25.443root 11241100x80000000000000003861125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4024d3919b62443a2021-12-22 11:50:25.443root 11241100x80000000000000003861126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d20726576561ed2021-12-22 11:50:25.443root 11241100x80000000000000003861127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a26ba35e2c9a522021-12-22 11:50:25.444root 11241100x80000000000000003861128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7caf571767062e632021-12-22 11:50:25.444root 11241100x80000000000000003861129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cd8c25e876ba032021-12-22 11:50:25.444root 11241100x80000000000000003861130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57affa41941d8a132021-12-22 11:50:25.444root 11241100x80000000000000003861131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087672dbc288db672021-12-22 11:50:25.444root 11241100x80000000000000003861132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31765c1d65513c6b2021-12-22 11:50:25.444root 11241100x80000000000000003861133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4915d00ea191fa2021-12-22 11:50:25.444root 11241100x80000000000000003861134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f064225e91275b62021-12-22 11:50:25.444root 11241100x80000000000000003861135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7824e83726b4db0c2021-12-22 11:50:25.445root 11241100x80000000000000003861136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0e231ddb136b732021-12-22 11:50:25.445root 11241100x80000000000000003861137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c05777f3f248e402021-12-22 11:50:25.445root 11241100x80000000000000003861138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f341037fe0f6f3c02021-12-22 11:50:25.445root 11241100x80000000000000003861139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa32e387f373afda2021-12-22 11:50:25.445root 11241100x80000000000000003861140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b34069a0482eb902021-12-22 11:50:25.446root 11241100x80000000000000003861141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155ac83cabf03afd2021-12-22 11:50:25.446root 11241100x80000000000000003861142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c4a02f3e0c99b12021-12-22 11:50:25.446root 11241100x80000000000000003861143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb27f8d7c849b3302021-12-22 11:50:25.446root 11241100x80000000000000003861144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9053fc4683a8aa822021-12-22 11:50:25.943root 11241100x80000000000000003861145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eeabe5afcfb4c072021-12-22 11:50:25.943root 11241100x80000000000000003861146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07eb83f5ff153ee22021-12-22 11:50:25.943root 11241100x80000000000000003861147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d237c5040b65562021-12-22 11:50:25.943root 11241100x80000000000000003861148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2048d941b4b7455e2021-12-22 11:50:25.944root 11241100x80000000000000003861149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccaf026f7f3d09472021-12-22 11:50:25.944root 11241100x80000000000000003861150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137cb10e698471382021-12-22 11:50:25.944root 11241100x80000000000000003861151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2160b82d2d90ae2021-12-22 11:50:25.944root 11241100x80000000000000003861152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e59abac860ea40b2021-12-22 11:50:25.944root 11241100x80000000000000003861153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b9fefc6498cc5a2021-12-22 11:50:25.944root 11241100x80000000000000003861154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995e26305155e9702021-12-22 11:50:25.944root 11241100x80000000000000003861155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6075b985ace462a2021-12-22 11:50:25.944root 11241100x80000000000000003861156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e3b7a8429141b52021-12-22 11:50:25.944root 11241100x80000000000000003861157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a6ae1cebacdb6d2021-12-22 11:50:25.945root 11241100x80000000000000003861158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80dd8ad2c5b436462021-12-22 11:50:25.945root 11241100x80000000000000003861159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3765f382700045a02021-12-22 11:50:25.945root 11241100x80000000000000003861160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01de9f824bbdc662021-12-22 11:50:25.945root 11241100x80000000000000003861161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef47d5f06a643e0a2021-12-22 11:50:25.945root 11241100x80000000000000003861162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3804f1c486dce052021-12-22 11:50:25.946root 11241100x80000000000000003861163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b81cec9d037be62021-12-22 11:50:25.946root 11241100x80000000000000003861164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.686032b4aa45161c2021-12-22 11:50:26.443root 11241100x80000000000000003861165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0188d5c4f1ff7de2021-12-22 11:50:26.443root 11241100x80000000000000003861166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fad14a4ddf4d61e2021-12-22 11:50:26.444root 11241100x80000000000000003861167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8ad7d59f31354f2021-12-22 11:50:26.444root 11241100x80000000000000003861168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.964bac08ffe7f8e02021-12-22 11:50:26.444root 11241100x80000000000000003861169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7edda751d38d54c32021-12-22 11:50:26.444root 11241100x80000000000000003861170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bf6da9433072d52021-12-22 11:50:26.445root 11241100x80000000000000003861171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d464e1fb82540acc2021-12-22 11:50:26.445root 11241100x80000000000000003861172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9984c62fc5d62de2021-12-22 11:50:26.445root 11241100x80000000000000003861173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d9f355cb632c2f2021-12-22 11:50:26.445root 11241100x80000000000000003861174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8287343c9abddcf52021-12-22 11:50:26.445root 11241100x80000000000000003861175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069222f1be72399e2021-12-22 11:50:26.445root 11241100x80000000000000003861176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03dab8f5be94587c2021-12-22 11:50:26.445root 11241100x80000000000000003861177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f6f81f1f017ebb2021-12-22 11:50:26.445root 11241100x80000000000000003861178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b5a2f329b636f92021-12-22 11:50:26.446root 11241100x80000000000000003861179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90da2fe28bb5422b2021-12-22 11:50:26.446root 11241100x80000000000000003861180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a52293f156f5812021-12-22 11:50:26.446root 11241100x80000000000000003861181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9d4d82c780df6c2021-12-22 11:50:26.446root 11241100x80000000000000003861182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ad6cbf684ce68f2021-12-22 11:50:26.446root 11241100x80000000000000003861183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae075b072c2f2122021-12-22 11:50:26.446root 11241100x80000000000000003861184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b16be7c63f8f03c2021-12-22 11:50:26.943root 11241100x80000000000000003861185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c2c5f8c7ed2fc42021-12-22 11:50:26.943root 11241100x80000000000000003861186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f1fbb81b5d4f112021-12-22 11:50:26.944root 11241100x80000000000000003861187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347e9a3982de2ca12021-12-22 11:50:26.944root 11241100x80000000000000003861188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd52e72acb6b9db02021-12-22 11:50:26.944root 11241100x80000000000000003861189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51fc86f0acf5092b2021-12-22 11:50:26.944root 11241100x80000000000000003861190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f256ed89861f0872021-12-22 11:50:26.944root 11241100x80000000000000003861191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b130261782d62f7e2021-12-22 11:50:26.945root 11241100x80000000000000003861192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71dc1556c9aa37362021-12-22 11:50:26.945root 11241100x80000000000000003861193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd3743d51410904a2021-12-22 11:50:26.945root 11241100x80000000000000003861194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007ffa13d8fd300f2021-12-22 11:50:26.945root 11241100x80000000000000003861195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f922d56b9127280f2021-12-22 11:50:26.945root 11241100x80000000000000003861196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459a63d679cbc6a22021-12-22 11:50:26.945root 11241100x80000000000000003861197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417f23a9b4ef57062021-12-22 11:50:26.945root 11241100x80000000000000003861198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73fdf35fa1c9e3552021-12-22 11:50:26.945root 11241100x80000000000000003861199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37ae389d0bba7d82021-12-22 11:50:26.945root 11241100x80000000000000003861200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1310d99e7bf53602021-12-22 11:50:26.945root 11241100x80000000000000003861201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5030f38eaaf5152021-12-22 11:50:26.945root 11241100x80000000000000003861202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66078ef81d1916372021-12-22 11:50:26.946root 11241100x80000000000000003861203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7020c60206150a152021-12-22 11:50:26.946root 11241100x80000000000000003861204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca10328be0c03e062021-12-22 11:50:27.443root 11241100x80000000000000003861205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1982eebe96fe66a2021-12-22 11:50:27.443root 11241100x80000000000000003861206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5885938ce84bdc702021-12-22 11:50:27.443root 11241100x80000000000000003861207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14fe85c8054919742021-12-22 11:50:27.443root 11241100x80000000000000003861208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca38b101c80719d2021-12-22 11:50:27.444root 11241100x80000000000000003861209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e77fce23e3bea72021-12-22 11:50:27.444root 11241100x80000000000000003861210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9d1d8e09bfccf32021-12-22 11:50:27.444root 11241100x80000000000000003861211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d37f7d7c0a55dcc2021-12-22 11:50:27.444root 11241100x80000000000000003861212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c026238a236c432021-12-22 11:50:27.444root 11241100x80000000000000003861213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c824af436d9fd5d2021-12-22 11:50:27.444root 11241100x80000000000000003861214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8735d6fe418bf0e92021-12-22 11:50:27.444root 11241100x80000000000000003861215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738ff6070ee97f072021-12-22 11:50:27.444root 11241100x80000000000000003861216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613f4e8f3e982e842021-12-22 11:50:27.444root 11241100x80000000000000003861217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8279f2c21e0f98db2021-12-22 11:50:27.444root 11241100x80000000000000003861218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a034633291c7af2021-12-22 11:50:27.444root 11241100x80000000000000003861219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f760615f389aa02021-12-22 11:50:27.444root 11241100x80000000000000003861220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63436bc42bef4e502021-12-22 11:50:27.444root 11241100x80000000000000003861221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2833a660d0be7572021-12-22 11:50:27.444root 11241100x80000000000000003861222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e538e69d089f572021-12-22 11:50:27.444root 11241100x80000000000000003861223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329dbb34d67b7ad32021-12-22 11:50:27.444root 11241100x80000000000000003861224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0987097244cbc42021-12-22 11:50:27.943root 11241100x80000000000000003861225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7787facbef0b502021-12-22 11:50:27.943root 11241100x80000000000000003861226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad96e99b1ac8bf102021-12-22 11:50:27.943root 11241100x80000000000000003861227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6526338d48e97a32021-12-22 11:50:27.944root 11241100x80000000000000003861228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b907203aa710ea322021-12-22 11:50:27.944root 11241100x80000000000000003861229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce2e273f7c1360a2021-12-22 11:50:27.944root 11241100x80000000000000003861230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbfb881345a4ae332021-12-22 11:50:27.944root 11241100x80000000000000003861231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85079c5ed3611eb72021-12-22 11:50:27.944root 11241100x80000000000000003861232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcfcf3079d4900182021-12-22 11:50:27.944root 11241100x80000000000000003861233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1402bc5d2e1433c2021-12-22 11:50:27.944root 11241100x80000000000000003861234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e66260814e1d962021-12-22 11:50:27.944root 11241100x80000000000000003861235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5a63ea34185c862021-12-22 11:50:27.944root 11241100x80000000000000003861236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cbc4e22eb78a4932021-12-22 11:50:27.944root 11241100x80000000000000003861237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a52f2b724d2a1232021-12-22 11:50:27.944root 11241100x80000000000000003861238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbdaed26d039b8d42021-12-22 11:50:27.944root 11241100x80000000000000003861239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313b155fe8cb9bbf2021-12-22 11:50:27.944root 11241100x80000000000000003861240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8f809a8940109b2021-12-22 11:50:27.944root 11241100x80000000000000003861241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9589174898bb592021-12-22 11:50:27.944root 11241100x80000000000000003861242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39add4acaf3e49192021-12-22 11:50:27.944root 11241100x80000000000000003861243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3762a9c35ba6ceb52021-12-22 11:50:27.945root 11241100x80000000000000003861244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c81178764fdaeb82021-12-22 11:50:28.443root 11241100x80000000000000003861245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445ae3566272bbb52021-12-22 11:50:28.443root 11241100x80000000000000003861246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08b506bc14298622021-12-22 11:50:28.443root 11241100x80000000000000003861247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b529a7397202af6d2021-12-22 11:50:28.443root 11241100x80000000000000003861248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516cb66843db8a742021-12-22 11:50:28.444root 11241100x80000000000000003861249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b61f29ce63d72702021-12-22 11:50:28.444root 11241100x80000000000000003861250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1557e3fc3c221a2021-12-22 11:50:28.444root 11241100x80000000000000003861251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615ff8fadc9bfc702021-12-22 11:50:28.444root 11241100x80000000000000003861252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d02d04e6956b21b2021-12-22 11:50:28.444root 11241100x80000000000000003861253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c55794435b689a2021-12-22 11:50:28.444root 11241100x80000000000000003861254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136e7b7b7758ccf52021-12-22 11:50:28.444root 11241100x80000000000000003861255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122be063306b12712021-12-22 11:50:28.444root 11241100x80000000000000003861256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae8bf914ef489882021-12-22 11:50:28.444root 11241100x80000000000000003861257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a025bc6aa9d37cd12021-12-22 11:50:28.444root 11241100x80000000000000003861258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc82183c7318cb32021-12-22 11:50:28.444root 11241100x80000000000000003861259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282d489d6c84b47a2021-12-22 11:50:28.444root 11241100x80000000000000003861260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e8d21db90b83272021-12-22 11:50:28.444root 11241100x80000000000000003861261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61246236b15813b2021-12-22 11:50:28.444root 11241100x80000000000000003861262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f0d15f6c77b4372021-12-22 11:50:28.444root 11241100x80000000000000003861263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3307e7183a755062021-12-22 11:50:28.444root 11241100x80000000000000003861264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3417b947479a9bc2021-12-22 11:50:28.943root 11241100x80000000000000003861265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8f0fcaabfcdcb02021-12-22 11:50:28.943root 11241100x80000000000000003861266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b048b92dbc18f42021-12-22 11:50:28.943root 11241100x80000000000000003861267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b23076c540d1f52021-12-22 11:50:28.944root 11241100x80000000000000003861268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4da8b1f3d9d0202021-12-22 11:50:28.944root 11241100x80000000000000003861269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b66460263352ab2021-12-22 11:50:28.944root 11241100x80000000000000003861270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b1560f1ccc716f2021-12-22 11:50:28.944root 11241100x80000000000000003861271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b234b1ef3bd4492021-12-22 11:50:28.944root 11241100x80000000000000003861272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84198d327ead6d662021-12-22 11:50:28.944root 11241100x80000000000000003861273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1aa825d75ca70982021-12-22 11:50:28.944root 11241100x80000000000000003861274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da615ddc44656f732021-12-22 11:50:28.944root 11241100x80000000000000003861275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a38b9457487ab62021-12-22 11:50:28.944root 11241100x80000000000000003861276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97bd2ef88515efef2021-12-22 11:50:28.944root 11241100x80000000000000003861277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bcb753700e76b992021-12-22 11:50:28.944root 11241100x80000000000000003861278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82f6381686d739a2021-12-22 11:50:28.944root 11241100x80000000000000003861279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e3ee97a0a2b48f2021-12-22 11:50:28.944root 11241100x80000000000000003861280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930dbebdfe14c4172021-12-22 11:50:28.944root 11241100x80000000000000003861281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90fffee459313d2d2021-12-22 11:50:28.944root 11241100x80000000000000003861282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3457851d2a68f1322021-12-22 11:50:28.944root 11241100x80000000000000003861283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55087060fc77c6082021-12-22 11:50:28.945root 354300x80000000000000003861284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.152{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55528-false10.0.1.12-8000- 11241100x80000000000000003861285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3b8ea46d309b942021-12-22 11:50:29.443root 11241100x80000000000000003861286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbaa886fa7fdd9e2021-12-22 11:50:29.443root 11241100x80000000000000003861287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8d75b04eea8df42021-12-22 11:50:29.443root 11241100x80000000000000003861288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167d27cdafe9cc652021-12-22 11:50:29.444root 11241100x80000000000000003861289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b38b28a48f3d672021-12-22 11:50:29.444root 11241100x80000000000000003861290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa15f011e372ad232021-12-22 11:50:29.444root 11241100x80000000000000003861291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64fa62f6d7d8222d2021-12-22 11:50:29.444root 11241100x80000000000000003861292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe37cb813c0544f2021-12-22 11:50:29.444root 11241100x80000000000000003861293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4202cc2fbf3dfe7a2021-12-22 11:50:29.444root 11241100x80000000000000003861294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ebb49462bc4ec02021-12-22 11:50:29.444root 11241100x80000000000000003861295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee21d3afc25aaab2021-12-22 11:50:29.444root 11241100x80000000000000003861296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d254d84155d2c5ae2021-12-22 11:50:29.444root 11241100x80000000000000003861297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04878bf0c077d0ce2021-12-22 11:50:29.445root 11241100x80000000000000003861298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a751895a5dc9090b2021-12-22 11:50:29.445root 11241100x80000000000000003861299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef47bd1777a2c4692021-12-22 11:50:29.445root 11241100x80000000000000003861300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642cd517c818ed5b2021-12-22 11:50:29.445root 11241100x80000000000000003861301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d165eaf31f249f662021-12-22 11:50:29.445root 11241100x80000000000000003861302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de0ef1ba05fc8262021-12-22 11:50:29.445root 11241100x80000000000000003861303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b170f1f921cb948d2021-12-22 11:50:29.445root 11241100x80000000000000003861304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff2cbe83b3580702021-12-22 11:50:29.445root 11241100x80000000000000003861305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2231318c311d01172021-12-22 11:50:29.445root 11241100x80000000000000003861306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064e0ae2d3f76f312021-12-22 11:50:29.943root 11241100x80000000000000003861307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163fe62d3daa70b02021-12-22 11:50:29.943root 11241100x80000000000000003861308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031b28b9baa292d52021-12-22 11:50:29.943root 11241100x80000000000000003861309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6643b75ca5398132021-12-22 11:50:29.943root 11241100x80000000000000003861310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b1231cc4d0a8182021-12-22 11:50:29.944root 11241100x80000000000000003861311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2141d3e14416c0c82021-12-22 11:50:29.944root 11241100x80000000000000003861312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df54586acf877802021-12-22 11:50:29.944root 11241100x80000000000000003861313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b64ad3647171a212021-12-22 11:50:29.944root 11241100x80000000000000003861314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f529c86f80999f2021-12-22 11:50:29.944root 11241100x80000000000000003861315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb93ba2289301742021-12-22 11:50:29.944root 11241100x80000000000000003861316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc24703e3c02b882021-12-22 11:50:29.944root 11241100x80000000000000003861317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29e355cd8355fe92021-12-22 11:50:29.944root 11241100x80000000000000003861318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0355a052542a136f2021-12-22 11:50:29.944root 11241100x80000000000000003861319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9dbe00e821be27e2021-12-22 11:50:29.944root 11241100x80000000000000003861320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2447d6214f972f462021-12-22 11:50:29.944root 11241100x80000000000000003861321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b355195960993152021-12-22 11:50:29.944root 11241100x80000000000000003861322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148f707c5cf257aa2021-12-22 11:50:29.944root 11241100x80000000000000003861323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3889163fdf7c832021-12-22 11:50:29.944root 11241100x80000000000000003861324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96478bd734523112021-12-22 11:50:29.944root 11241100x80000000000000003861325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f73847b81ffde62021-12-22 11:50:29.944root 11241100x80000000000000003861326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3ea325e87b91722021-12-22 11:50:29.945root 11241100x80000000000000003861327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7bbb2b512dc55012021-12-22 11:50:30.443root 11241100x80000000000000003861328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd588642f7c252b2021-12-22 11:50:30.443root 11241100x80000000000000003861329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f0a7dab9bcb7e62021-12-22 11:50:30.443root 11241100x80000000000000003861330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b812b3317703882021-12-22 11:50:30.444root 11241100x80000000000000003861331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9878370c9fb4ba982021-12-22 11:50:30.444root 11241100x80000000000000003861332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e1ece49d0e16152021-12-22 11:50:30.444root 11241100x80000000000000003861333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8730374e34f7acfd2021-12-22 11:50:30.444root 11241100x80000000000000003861334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9059d669003e7ea72021-12-22 11:50:30.444root 11241100x80000000000000003861335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3876381c3fc4c62021-12-22 11:50:30.444root 11241100x80000000000000003861336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c671a39c16b3012021-12-22 11:50:30.444root 11241100x80000000000000003861337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2711ab5de371b8be2021-12-22 11:50:30.444root 11241100x80000000000000003861338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4916db5958da90f62021-12-22 11:50:30.444root 11241100x80000000000000003861339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9c20cf6456f3b42021-12-22 11:50:30.444root 11241100x80000000000000003861340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e41fc435e39eaa52021-12-22 11:50:30.444root 11241100x80000000000000003861341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b2535b9b66b0062021-12-22 11:50:30.444root 11241100x80000000000000003861342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2fd3a41be322772021-12-22 11:50:30.444root 11241100x80000000000000003861343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38752f6a93a5c2512021-12-22 11:50:30.444root 11241100x80000000000000003861344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd95d0e53101a9e2021-12-22 11:50:30.444root 11241100x80000000000000003861345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aafd74e36e2bedb2021-12-22 11:50:30.444root 11241100x80000000000000003861346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7892655c45722abd2021-12-22 11:50:30.445root 11241100x80000000000000003861347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e042be4c0c4f402021-12-22 11:50:30.445root 11241100x80000000000000003861348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89423c774cd0aa82021-12-22 11:50:30.943root 11241100x80000000000000003861349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80778f66be6e29112021-12-22 11:50:30.943root 11241100x80000000000000003861350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2874195b5ce47cc12021-12-22 11:50:30.943root 11241100x80000000000000003861351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c848d36ebb72c9a02021-12-22 11:50:30.943root 11241100x80000000000000003861352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef765707ef9620ed2021-12-22 11:50:30.944root 11241100x80000000000000003861353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a53b169657999532021-12-22 11:50:30.944root 11241100x80000000000000003861354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0afcb242877d0f92021-12-22 11:50:30.944root 11241100x80000000000000003861355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbcc4db33fa8ba562021-12-22 11:50:30.944root 11241100x80000000000000003861356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1162c67ec8f5be92021-12-22 11:50:30.944root 11241100x80000000000000003861357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee5a0a97a8468e22021-12-22 11:50:30.944root 11241100x80000000000000003861358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65fad55eec806042021-12-22 11:50:30.944root 11241100x80000000000000003861359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766bb45eb9cb5ed62021-12-22 11:50:30.944root 11241100x80000000000000003861360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac51d8f94cccf4652021-12-22 11:50:30.944root 11241100x80000000000000003861361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60463a2db6c060412021-12-22 11:50:30.944root 11241100x80000000000000003861362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c246617c904ed22021-12-22 11:50:30.945root 11241100x80000000000000003861363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e6bbd9bb6d9b9b2021-12-22 11:50:30.945root 11241100x80000000000000003861364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717eccd31756937f2021-12-22 11:50:30.945root 11241100x80000000000000003861365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c71a7d733c42a2f2021-12-22 11:50:30.945root 11241100x80000000000000003861366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c09b97e70e6f9a52021-12-22 11:50:30.945root 11241100x80000000000000003861367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97aa515d842aa7812021-12-22 11:50:30.946root 11241100x80000000000000003861368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2cfef8d78d39b332021-12-22 11:50:30.946root 11241100x80000000000000003861369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c8139e456162232021-12-22 11:50:30.946root 11241100x80000000000000003861370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5b0b03937322982021-12-22 11:50:31.443root 11241100x80000000000000003861371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8427f089881b6d7e2021-12-22 11:50:31.443root 11241100x80000000000000003861372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d573cd0ca6de0032021-12-22 11:50:31.443root 11241100x80000000000000003861373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcaeabe6bcfeb922021-12-22 11:50:31.443root 11241100x80000000000000003861374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1fbfebf4b312e1f2021-12-22 11:50:31.443root 11241100x80000000000000003861375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65469fc4afd30892021-12-22 11:50:31.444root 11241100x80000000000000003861376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15934651e248e6b2021-12-22 11:50:31.444root 11241100x80000000000000003861377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab744eefe9554222021-12-22 11:50:31.444root 11241100x80000000000000003861378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3ed692b27f850e2021-12-22 11:50:31.444root 11241100x80000000000000003861379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf4273edeeea3632021-12-22 11:50:31.444root 11241100x80000000000000003861380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644a8c11683f897e2021-12-22 11:50:31.444root 11241100x80000000000000003861381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8789f09b915620ae2021-12-22 11:50:31.444root 11241100x80000000000000003861382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4d6982fcaa2f0c2021-12-22 11:50:31.444root 11241100x80000000000000003861383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079c0598fc1262c12021-12-22 11:50:31.444root 11241100x80000000000000003861384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5757627a41f683092021-12-22 11:50:31.444root 11241100x80000000000000003861385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f573cead576f2902021-12-22 11:50:31.445root 11241100x80000000000000003861386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfaf3c6d37bd41942021-12-22 11:50:31.445root 11241100x80000000000000003861387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7394d93a9f49c5d02021-12-22 11:50:31.445root 11241100x80000000000000003861388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6da8256b18a5b4a2021-12-22 11:50:31.445root 11241100x80000000000000003861389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df221d16aa81d602021-12-22 11:50:31.445root 11241100x80000000000000003861390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be55499c5ed326de2021-12-22 11:50:31.445root 11241100x80000000000000003861391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3d3e873196e7452021-12-22 11:50:31.445root 11241100x80000000000000003861392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95238847f81544e82021-12-22 11:50:31.445root 11241100x80000000000000003861393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5d540dd86265752021-12-22 11:50:31.446root 11241100x80000000000000003861394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d23c4c2e66992562021-12-22 11:50:31.446root 11241100x80000000000000003861395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2dc69f9f7f36ba2021-12-22 11:50:31.446root 11241100x80000000000000003861396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fa615e0cc23d072021-12-22 11:50:31.446root 11241100x80000000000000003861397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb489e2bacd4d3972021-12-22 11:50:31.446root 11241100x80000000000000003861398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c7fd091da346f32021-12-22 11:50:31.446root 11241100x80000000000000003861399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5258d49d84b82fd22021-12-22 11:50:31.446root 11241100x80000000000000003861400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4e3a31ad4099522021-12-22 11:50:31.943root 11241100x80000000000000003861401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36d1e67d10ce9ba2021-12-22 11:50:31.943root 11241100x80000000000000003861402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6d45af38581fd12021-12-22 11:50:31.943root 11241100x80000000000000003861403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc2ac05719b60642021-12-22 11:50:31.943root 11241100x80000000000000003861404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae09d67c50340e6a2021-12-22 11:50:31.943root 11241100x80000000000000003861405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4f0175e8fca2eb2021-12-22 11:50:31.943root 11241100x80000000000000003861406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83184ebf97eea0ff2021-12-22 11:50:31.943root 11241100x80000000000000003861407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d13c3fc1827035a2021-12-22 11:50:31.943root 11241100x80000000000000003861408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde9a25f96da96552021-12-22 11:50:31.943root 11241100x80000000000000003861409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9739853f00d075e42021-12-22 11:50:31.944root 11241100x80000000000000003861410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5470a20e6b18d1f52021-12-22 11:50:31.944root 11241100x80000000000000003861411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a8e3975fd0fda12021-12-22 11:50:31.944root 11241100x80000000000000003861412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e6e378b40bc4872021-12-22 11:50:31.944root 11241100x80000000000000003861413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c27e10ac3fb9e442021-12-22 11:50:31.944root 11241100x80000000000000003861414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00e41fe04bd5f292021-12-22 11:50:31.944root 11241100x80000000000000003861415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcddbca3b4c678062021-12-22 11:50:31.944root 11241100x80000000000000003861416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e41101109733502021-12-22 11:50:31.944root 11241100x80000000000000003861417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a3a514891fe9032021-12-22 11:50:31.944root 11241100x80000000000000003861418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3d1229c9244f652021-12-22 11:50:31.944root 11241100x80000000000000003861419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8f75d9e9052d8a2021-12-22 11:50:31.945root 11241100x80000000000000003861420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fb5815503cde392021-12-22 11:50:31.945root 11241100x80000000000000003861421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d7c2ce5b8c342b2021-12-22 11:50:31.945root 11241100x80000000000000003861422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297440b4e949b6fd2021-12-22 11:50:32.443root 11241100x80000000000000003861423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c56ee2ed45e55072021-12-22 11:50:32.443root 11241100x80000000000000003861424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7faecc6f8f9920fc2021-12-22 11:50:32.443root 11241100x80000000000000003861425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb945f627211c4b2021-12-22 11:50:32.443root 11241100x80000000000000003861426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248193bc5d38e6502021-12-22 11:50:32.444root 11241100x80000000000000003861427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7552f8a3eb43532021-12-22 11:50:32.444root 11241100x80000000000000003861428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501a13ec15b29d9f2021-12-22 11:50:32.444root 11241100x80000000000000003861429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f9c233b8d61f5e2021-12-22 11:50:32.444root 11241100x80000000000000003861430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccda83f6dbb55f132021-12-22 11:50:32.444root 11241100x80000000000000003861431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae598e94a1683ca2021-12-22 11:50:32.444root 11241100x80000000000000003861432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b3901c8ce660ae2021-12-22 11:50:32.444root 11241100x80000000000000003861433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064d34e4b8c95ab72021-12-22 11:50:32.444root 11241100x80000000000000003861434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773817a3471d5f7a2021-12-22 11:50:32.444root 11241100x80000000000000003861435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b62d269f1b1e0642021-12-22 11:50:32.444root 11241100x80000000000000003861436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2068891fd5c10fe2021-12-22 11:50:32.444root 11241100x80000000000000003861437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42293b0c34031252021-12-22 11:50:32.444root 11241100x80000000000000003861438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e797449b105b66a2021-12-22 11:50:32.444root 11241100x80000000000000003861439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179592fe2f433f5f2021-12-22 11:50:32.444root 11241100x80000000000000003861440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6207c9879bcdfb1e2021-12-22 11:50:32.444root 11241100x80000000000000003861441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbd96e3ba4878b62021-12-22 11:50:32.445root 11241100x80000000000000003861442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03481d171e5f4d8c2021-12-22 11:50:32.445root 11241100x80000000000000003861443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980aa1393f6f9d242021-12-22 11:50:32.943root 11241100x80000000000000003861444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2286fbaebc425c2021-12-22 11:50:32.943root 11241100x80000000000000003861445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f800bacfa8420eb2021-12-22 11:50:32.943root 11241100x80000000000000003861446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840fc3b1365632de2021-12-22 11:50:32.943root 11241100x80000000000000003861447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf87ba0e7377c952021-12-22 11:50:32.943root 11241100x80000000000000003861448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4afda44d7a547c2021-12-22 11:50:32.944root 11241100x80000000000000003861449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb08e823fef46b72021-12-22 11:50:32.944root 11241100x80000000000000003861450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4756c3f21794c52021-12-22 11:50:32.944root 11241100x80000000000000003861451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c878659627d4545a2021-12-22 11:50:32.944root 11241100x80000000000000003861452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b749738f3dac1e2021-12-22 11:50:32.944root 11241100x80000000000000003861453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6db24ff6eeb391a2021-12-22 11:50:32.944root 11241100x80000000000000003861454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b496f08a5d34ab2021-12-22 11:50:32.944root 11241100x80000000000000003861455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3533397e6c168dc52021-12-22 11:50:32.944root 11241100x80000000000000003861456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1132e984613071892021-12-22 11:50:32.944root 11241100x80000000000000003861457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9797bb1225b3237e2021-12-22 11:50:32.944root 11241100x80000000000000003861458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f283fec00a5154c2021-12-22 11:50:32.945root 11241100x80000000000000003861459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd798998081a5c02021-12-22 11:50:32.945root 11241100x80000000000000003861460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f6bdfbd28cae212021-12-22 11:50:32.945root 11241100x80000000000000003861461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c6548bef318fc32021-12-22 11:50:32.945root 11241100x80000000000000003861462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a550af4288e1a02a2021-12-22 11:50:32.945root 11241100x80000000000000003861463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730fe7f26b41d0e12021-12-22 11:50:32.945root 11241100x80000000000000003861464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.141{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-22 11:50:33.141root 11241100x80000000000000003861465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c77caae28d93382021-12-22 11:50:33.443root 11241100x80000000000000003861466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b505cceebf60b1452021-12-22 11:50:33.443root 11241100x80000000000000003861467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8384be38ef1558f2021-12-22 11:50:33.443root 11241100x80000000000000003861468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cec04ed983797c72021-12-22 11:50:33.443root 11241100x80000000000000003861469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abba0d310b226242021-12-22 11:50:33.443root 11241100x80000000000000003861470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b11de47a0771722021-12-22 11:50:33.443root 11241100x80000000000000003861471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae0766ebfc75bef2021-12-22 11:50:33.444root 11241100x80000000000000003861472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773d4322cc719cfc2021-12-22 11:50:33.444root 11241100x80000000000000003861473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41619f42198b267a2021-12-22 11:50:33.444root 11241100x80000000000000003861474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05da54434b0434102021-12-22 11:50:33.444root 11241100x80000000000000003861475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc05c93a5a40ea72021-12-22 11:50:33.444root 11241100x80000000000000003861476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae62d764a8380d12021-12-22 11:50:33.444root 11241100x80000000000000003861477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38fb131134e965832021-12-22 11:50:33.444root 11241100x80000000000000003861478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985bcbd7dbecf8472021-12-22 11:50:33.444root 11241100x80000000000000003861479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923ffeabd9eb2f002021-12-22 11:50:33.444root 11241100x80000000000000003861480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2dd6adcb2580e092021-12-22 11:50:33.444root 11241100x80000000000000003861481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b520fba5ffde942021-12-22 11:50:33.445root 11241100x80000000000000003861482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a13dae9ce0b3032021-12-22 11:50:33.445root 11241100x80000000000000003861483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e394dbbf5cd0ae2021-12-22 11:50:33.445root 11241100x80000000000000003861484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d90ad07766c12e2021-12-22 11:50:33.445root 11241100x80000000000000003861485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2dc52e52af2c5a2021-12-22 11:50:33.445root 11241100x80000000000000003861486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8670a9f44df7cf4d2021-12-22 11:50:33.445root 11241100x80000000000000003861487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79297bab540a1b7c2021-12-22 11:50:33.943root 11241100x80000000000000003861488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4a045ea2281c832021-12-22 11:50:33.943root 11241100x80000000000000003861489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f45f5c8160e6222021-12-22 11:50:33.944root 11241100x80000000000000003861490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0cafe1fbbf701452021-12-22 11:50:33.944root 11241100x80000000000000003861491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a55b7e3cc81526a2021-12-22 11:50:33.944root 11241100x80000000000000003861492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddcc0c2327c066552021-12-22 11:50:33.945root 11241100x80000000000000003861493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36254f1cadb26612021-12-22 11:50:33.945root 11241100x80000000000000003861494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04c7a8c1c34b82e2021-12-22 11:50:33.945root 11241100x80000000000000003861495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f764b53a2dfcc272021-12-22 11:50:33.945root 11241100x80000000000000003861496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1a69ad7a8d738c2021-12-22 11:50:33.945root 11241100x80000000000000003861497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7303a3165eae3d642021-12-22 11:50:33.945root 11241100x80000000000000003861498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31f93885b9a4c742021-12-22 11:50:33.945root 11241100x80000000000000003861499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049eb0c7d0e6b6672021-12-22 11:50:33.945root 11241100x80000000000000003861500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3af645decb5d3072021-12-22 11:50:33.945root 11241100x80000000000000003861501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11614b8ec232af402021-12-22 11:50:33.946root 11241100x80000000000000003861502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c26c2b270784832021-12-22 11:50:33.946root 11241100x80000000000000003861503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342ffa04014400632021-12-22 11:50:33.946root 11241100x80000000000000003861504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4179fdaa3577df12021-12-22 11:50:33.946root 11241100x80000000000000003861505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f457008e426f0de2021-12-22 11:50:33.946root 11241100x80000000000000003861506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3d86ca2eac890c2021-12-22 11:50:33.946root 11241100x80000000000000003861507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe943b2c9de04592021-12-22 11:50:33.946root 11241100x80000000000000003861508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9586e6aa61b283fb2021-12-22 11:50:33.946root 354300x80000000000000003861509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:33.980{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-42594-false10.0.1.12-8089- 354300x80000000000000003861510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.224{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55532-false10.0.1.12-8000- 11241100x80000000000000003861511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3a06e8c0afeb162021-12-22 11:50:34.224root 11241100x80000000000000003861512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a516b681050e1bfd2021-12-22 11:50:34.225root 11241100x80000000000000003861513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9401806824620dcf2021-12-22 11:50:34.225root 11241100x80000000000000003861514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28592e301cdd62772021-12-22 11:50:34.225root 11241100x80000000000000003861515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22fd9648006322c52021-12-22 11:50:34.225root 11241100x80000000000000003861516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8fbfcce65c61042021-12-22 11:50:34.226root 11241100x80000000000000003861517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d1533d3a75604e2021-12-22 11:50:34.226root 11241100x80000000000000003861518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e8f4cf5a4a8ced2021-12-22 11:50:34.226root 11241100x80000000000000003861519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005e85adeb24201b2021-12-22 11:50:34.226root 11241100x80000000000000003861520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8c8569121609712021-12-22 11:50:34.226root 11241100x80000000000000003861521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6358d387e4614a6f2021-12-22 11:50:34.226root 11241100x80000000000000003861522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1428b2e44c63af832021-12-22 11:50:34.226root 11241100x80000000000000003861523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d39c189c449e64c2021-12-22 11:50:34.226root 11241100x80000000000000003861524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab437d96e12d4b92021-12-22 11:50:34.227root 11241100x80000000000000003861525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111fb51ef0b802cb2021-12-22 11:50:34.227root 11241100x80000000000000003861526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a486fb252fb5ddb2021-12-22 11:50:34.227root 11241100x80000000000000003861527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3029656cd95a3e32021-12-22 11:50:34.227root 11241100x80000000000000003861528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0700bfc106dc8bb02021-12-22 11:50:34.227root 11241100x80000000000000003861529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9e001f558d1dfa2021-12-22 11:50:34.227root 11241100x80000000000000003861530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddc2a92a1b374732021-12-22 11:50:34.227root 11241100x80000000000000003861531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e53f7d8831c08782021-12-22 11:50:34.227root 11241100x80000000000000003861532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c009ef9e5a3c3e212021-12-22 11:50:34.228root 11241100x80000000000000003861533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56143f9c572847682021-12-22 11:50:34.228root 11241100x80000000000000003861534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d9b82c23a2b3312021-12-22 11:50:34.228root 11241100x80000000000000003861535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f20383399d1fe202021-12-22 11:50:34.228root 11241100x80000000000000003861536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4d67b80dbc68b32021-12-22 11:50:34.228root 11241100x80000000000000003861537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e4d844e4d331e52021-12-22 11:50:34.228root 154100x80000000000000003861538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.649{ec2b6afe-110a-61c3-68b4-68c805560000}19114/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 11241100x80000000000000003861539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.651{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500b35b1f83f332f2021-12-22 11:50:34.651root 11241100x80000000000000003861540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.651{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5ee98e32662c1d2021-12-22 11:50:34.651root 11241100x80000000000000003861541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.651{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8529852972d2eb62021-12-22 11:50:34.651root 11241100x80000000000000003861542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.651{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2c9855ed2a45c52021-12-22 11:50:34.651root 11241100x80000000000000003861543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.651{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9592268bf63664a2021-12-22 11:50:34.651root 11241100x80000000000000003861544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.651{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1796bc0caa88ff62021-12-22 11:50:34.651root 11241100x80000000000000003861545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.651{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3935e0ce4d0584252021-12-22 11:50:34.651root 11241100x80000000000000003861546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.651{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc34baf892ac3d112021-12-22 11:50:34.651root 11241100x80000000000000003861547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.651{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d274a557894b8a2021-12-22 11:50:34.651root 11241100x80000000000000003861548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.652{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073564085b0707f02021-12-22 11:50:34.652root 11241100x80000000000000003861549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.652{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18683a0a2b462bab2021-12-22 11:50:34.652root 11241100x80000000000000003861550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.652{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3446eaa4ffd7a22021-12-22 11:50:34.652root 11241100x80000000000000003861551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.652{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deedb4a20682862b2021-12-22 11:50:34.652root 11241100x80000000000000003861552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.652{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e351fe6be0d11512021-12-22 11:50:34.652root 11241100x80000000000000003861553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.652{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c1197786e7287c2021-12-22 11:50:34.652root 11241100x80000000000000003861554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.652{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5a4a6ef12d34812021-12-22 11:50:34.652root 11241100x80000000000000003861555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.652{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dae065119d74d902021-12-22 11:50:34.652root 11241100x80000000000000003861556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.652{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc13dda9ba6a5fd2021-12-22 11:50:34.652root 11241100x80000000000000003861557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.652{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe7a591bcd6d75a2021-12-22 11:50:34.652root 11241100x80000000000000003861558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.654{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0511c3639ccd9b8a2021-12-22 11:50:34.654root 11241100x80000000000000003861559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.654{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95353ceb07d8bd892021-12-22 11:50:34.654root 11241100x80000000000000003861560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.654{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67f993863b5aff52021-12-22 11:50:34.654root 11241100x80000000000000003861561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.654{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc58285e2202d8c2021-12-22 11:50:34.654root 11241100x80000000000000003861562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.654{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2abf707f85f3ae2021-12-22 11:50:34.654root 11241100x80000000000000003861563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.654{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570ef6c6a785aed42021-12-22 11:50:34.654root 534500x80000000000000003861564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.672{ec2b6afe-110a-61c3-68b4-68c805560000}19114/bin/psroot 11241100x80000000000000003861565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e255ce5baf250e82021-12-22 11:50:34.943root 11241100x80000000000000003861566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f4f59b359a00ea2021-12-22 11:50:34.943root 11241100x80000000000000003861567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a47a0f15bd2c812021-12-22 11:50:34.943root 11241100x80000000000000003861568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3c41c0e90de86c2021-12-22 11:50:34.943root 11241100x80000000000000003861569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1283def13a0a523e2021-12-22 11:50:34.944root 11241100x80000000000000003861570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723ec88559fa7a9d2021-12-22 11:50:34.944root 11241100x80000000000000003861571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00659e07aa0814682021-12-22 11:50:34.944root 11241100x80000000000000003861572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86d20908f3539a32021-12-22 11:50:34.944root 11241100x80000000000000003861573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc2951a72946c782021-12-22 11:50:34.944root 11241100x80000000000000003861574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4408af739ba536f2021-12-22 11:50:34.944root 11241100x80000000000000003861575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c651e137e0c6a82021-12-22 11:50:34.944root 11241100x80000000000000003861576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f26250036396ba2021-12-22 11:50:34.944root 11241100x80000000000000003861577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55af665f76f661982021-12-22 11:50:34.944root 11241100x80000000000000003861578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440acdd0d53ad6a72021-12-22 11:50:34.944root 11241100x80000000000000003861579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ae0288115172302021-12-22 11:50:34.944root 11241100x80000000000000003861580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6b34241583438c2021-12-22 11:50:34.944root 11241100x80000000000000003861581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3d105aebf585cc2021-12-22 11:50:34.944root 11241100x80000000000000003861582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe8645a884e465a2021-12-22 11:50:34.944root 11241100x80000000000000003861583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33340475afdba4ba2021-12-22 11:50:34.945root 11241100x80000000000000003861584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6cb2cb035dfd002021-12-22 11:50:34.945root 11241100x80000000000000003861585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b366bc51906e9e682021-12-22 11:50:34.945root 11241100x80000000000000003861586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.405956678e00818b2021-12-22 11:50:34.945root 11241100x80000000000000003861587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7637fa52e54278202021-12-22 11:50:34.945root 11241100x80000000000000003861588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9baf36a7d30bd5102021-12-22 11:50:34.945root 11241100x80000000000000003861589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69089a5d402d4b2c2021-12-22 11:50:34.945root 11241100x80000000000000003861590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55e2fed9a461cf52021-12-22 11:50:34.945root 11241100x80000000000000003861591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f47e6dd1c41aa02021-12-22 11:50:35.443root 11241100x80000000000000003861592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212314a18a21593b2021-12-22 11:50:35.443root 11241100x80000000000000003861593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc697e76ce14cae2021-12-22 11:50:35.443root 11241100x80000000000000003861594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1afac7aeca82074c2021-12-22 11:50:35.443root 11241100x80000000000000003861595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef21c9d0d946f562021-12-22 11:50:35.444root 11241100x80000000000000003861596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49aeabf8324d71572021-12-22 11:50:35.444root 11241100x80000000000000003861597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43eb6eb1105889d32021-12-22 11:50:35.444root 11241100x80000000000000003861598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b663262ba2e0cf422021-12-22 11:50:35.444root 11241100x80000000000000003861599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00dbefd1799bcab32021-12-22 11:50:35.444root 11241100x80000000000000003861600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7d746391a5d5722021-12-22 11:50:35.444root 11241100x80000000000000003861601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ef51fcac18f02f2021-12-22 11:50:35.444root 11241100x80000000000000003861602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c7b1c8eba6f5b32021-12-22 11:50:35.444root 11241100x80000000000000003861603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28588fae998251042021-12-22 11:50:35.444root 11241100x80000000000000003861604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526eaa2f20313abe2021-12-22 11:50:35.444root 11241100x80000000000000003861605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64876ec048a3d2a02021-12-22 11:50:35.444root 11241100x80000000000000003861606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e13111c994f19aa42021-12-22 11:50:35.444root 11241100x80000000000000003861607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075e3d98883323972021-12-22 11:50:35.444root 11241100x80000000000000003861608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66a41dca3063f932021-12-22 11:50:35.444root 11241100x80000000000000003861609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba95fb70360ea7d52021-12-22 11:50:35.444root 11241100x80000000000000003861610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063cae9d861c690c2021-12-22 11:50:35.445root 11241100x80000000000000003861611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9816b2fb282e97442021-12-22 11:50:35.445root 11241100x80000000000000003861612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362be0f0067272762021-12-22 11:50:35.445root 11241100x80000000000000003861613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad628582a0d3c9872021-12-22 11:50:35.445root 11241100x80000000000000003861614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5c1b07e9a15bc62021-12-22 11:50:35.445root 11241100x80000000000000003861615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a158bc1812380782021-12-22 11:50:35.445root 11241100x80000000000000003861616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2c224479a402dc2021-12-22 11:50:35.445root 11241100x80000000000000003861617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2457328675818f52021-12-22 11:50:35.943root 11241100x80000000000000003861618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a0b76d29e2593a2021-12-22 11:50:35.943root 11241100x80000000000000003861619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4f614758a187ee2021-12-22 11:50:35.943root 11241100x80000000000000003861620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b870f4f6344afd892021-12-22 11:50:35.943root 11241100x80000000000000003861621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db02e81c526abf42021-12-22 11:50:35.943root 11241100x80000000000000003861622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397b9f76eceb8dc52021-12-22 11:50:35.944root 11241100x80000000000000003861623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae9c9cf937306262021-12-22 11:50:35.944root 11241100x80000000000000003861624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5fdb936d7982cb2021-12-22 11:50:35.944root 11241100x80000000000000003861625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5459d55e6b9fe1b62021-12-22 11:50:35.944root 11241100x80000000000000003861626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9275751bbca1dbb72021-12-22 11:50:35.944root 11241100x80000000000000003861627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e2d97d394332372021-12-22 11:50:35.944root 11241100x80000000000000003861628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b860df8e5c334782021-12-22 11:50:35.944root 11241100x80000000000000003861629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024423f5ad97e29d2021-12-22 11:50:35.944root 11241100x80000000000000003861630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6a6faa55245ed72021-12-22 11:50:35.944root 11241100x80000000000000003861631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c460e26d1b7cd1dc2021-12-22 11:50:35.944root 11241100x80000000000000003861632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d87fab8a76c58cd2021-12-22 11:50:35.944root 11241100x80000000000000003861633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce57c339740063282021-12-22 11:50:35.944root 11241100x80000000000000003861634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82df765f4a2bc9c2021-12-22 11:50:35.944root 11241100x80000000000000003861635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa258c47c4d0993e2021-12-22 11:50:35.944root 11241100x80000000000000003861636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79111ff3792cae232021-12-22 11:50:35.945root 11241100x80000000000000003861637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d5fbd91fc030e22021-12-22 11:50:35.945root 11241100x80000000000000003861638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153fc01a4172ed202021-12-22 11:50:35.945root 11241100x80000000000000003861639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1bf2c6d906b07c22021-12-22 11:50:35.945root 11241100x80000000000000003861640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7e5029629b73f32021-12-22 11:50:35.945root 11241100x80000000000000003861641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1620dae7817d76bb2021-12-22 11:50:35.945root 11241100x80000000000000003861642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2871550229bedaa02021-12-22 11:50:35.945root 11241100x80000000000000003861643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15dded4f3ed3b6a2021-12-22 11:50:36.443root 11241100x80000000000000003861644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab9e6ed3295c0b42021-12-22 11:50:36.443root 11241100x80000000000000003861645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6112931b46218e382021-12-22 11:50:36.443root 11241100x80000000000000003861646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b17b76d7e41a2dd2021-12-22 11:50:36.443root 11241100x80000000000000003861647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc113008894ad39b2021-12-22 11:50:36.444root 11241100x80000000000000003861648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706c7f91a0838c112021-12-22 11:50:36.444root 11241100x80000000000000003861649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71adae45aced88702021-12-22 11:50:36.444root 11241100x80000000000000003861650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c837918ac7d5c9f52021-12-22 11:50:36.444root 11241100x80000000000000003861651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624d49ab923e2f582021-12-22 11:50:36.444root 11241100x80000000000000003861652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745a5ac096815a202021-12-22 11:50:36.444root 11241100x80000000000000003861653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9347b216d68f83182021-12-22 11:50:36.444root 11241100x80000000000000003861654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54eb741d60df70072021-12-22 11:50:36.444root 11241100x80000000000000003861655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d0f07f48fc95f82021-12-22 11:50:36.444root 11241100x80000000000000003861656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da7547d1d4fbb032021-12-22 11:50:36.444root 11241100x80000000000000003861657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1283a0c210d2c42021-12-22 11:50:36.444root 11241100x80000000000000003861658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b007af13b53fa22021-12-22 11:50:36.444root 11241100x80000000000000003861659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8c17ce66cc6da32021-12-22 11:50:36.444root 11241100x80000000000000003861660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e3d0c5b7cb03802021-12-22 11:50:36.444root 11241100x80000000000000003861661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f300e22bf2f54d2021-12-22 11:50:36.445root 11241100x80000000000000003861662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fa8ca70f89e4d42021-12-22 11:50:36.445root 11241100x80000000000000003861663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd24e0d387ba6f62021-12-22 11:50:36.445root 11241100x80000000000000003861664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55141917305322dc2021-12-22 11:50:36.445root 11241100x80000000000000003861665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02e40b8772980ca2021-12-22 11:50:36.445root 11241100x80000000000000003861666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c810b73cb153e292021-12-22 11:50:36.445root 11241100x80000000000000003861667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303e2450e340875d2021-12-22 11:50:36.445root 11241100x80000000000000003861668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064dd7fe49c5acb12021-12-22 11:50:36.445root 11241100x80000000000000003861669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176da1e7060c6d3c2021-12-22 11:50:36.943root 11241100x80000000000000003861670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b476d5b9fa48bd22021-12-22 11:50:36.943root 11241100x80000000000000003861671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ccf81b8cb31e07a2021-12-22 11:50:36.943root 11241100x80000000000000003861672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05699cd3624118092021-12-22 11:50:36.943root 11241100x80000000000000003861673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2a43ca1a9717482021-12-22 11:50:36.944root 11241100x80000000000000003861674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa88e72f0f6503d72021-12-22 11:50:36.944root 11241100x80000000000000003861675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a30274207123f3a2021-12-22 11:50:36.944root 11241100x80000000000000003861676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d3d55ebaeab0a72021-12-22 11:50:36.944root 11241100x80000000000000003861677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df627e6782285b292021-12-22 11:50:36.944root 11241100x80000000000000003861678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c7af9bd1109eba2021-12-22 11:50:36.944root 11241100x80000000000000003861679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e78fbead0b5e5e2021-12-22 11:50:36.945root 11241100x80000000000000003861680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2985945d954167522021-12-22 11:50:36.945root 11241100x80000000000000003861681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361e30fb40049bdb2021-12-22 11:50:36.945root 11241100x80000000000000003861682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0361d8d83f1eddca2021-12-22 11:50:36.945root 11241100x80000000000000003861683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f071269f6148811f2021-12-22 11:50:36.946root 11241100x80000000000000003861684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa03b21e446b58a2021-12-22 11:50:36.946root 11241100x80000000000000003861685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534738df537d81962021-12-22 11:50:36.946root 11241100x80000000000000003861686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5086a0cf7e38c42021-12-22 11:50:36.946root 11241100x80000000000000003861687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616bb47e12e9e9632021-12-22 11:50:36.946root 11241100x80000000000000003861688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f858c8f366cc7cb2021-12-22 11:50:36.947root 11241100x80000000000000003861689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38937c9dc6459322021-12-22 11:50:36.947root 11241100x80000000000000003861690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803e0764799988cb2021-12-22 11:50:36.947root 11241100x80000000000000003861691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234a9b630640a1332021-12-22 11:50:36.948root 11241100x80000000000000003861692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7252bc556ba196212021-12-22 11:50:36.948root 11241100x80000000000000003861693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03acbb8e122f85742021-12-22 11:50:36.948root 11241100x80000000000000003861694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960e2b6dc2df75802021-12-22 11:50:36.948root 11241100x80000000000000003861695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8cde11b99c9c6e82021-12-22 11:50:37.443root 11241100x80000000000000003861696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183490a5d935fed32021-12-22 11:50:37.443root 11241100x80000000000000003861697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1759bbb79152701f2021-12-22 11:50:37.443root 11241100x80000000000000003861698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a370d8748b4c52f02021-12-22 11:50:37.443root 11241100x80000000000000003861699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081e457cf603b6342021-12-22 11:50:37.444root 11241100x80000000000000003861700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c5e96091b3a01b2021-12-22 11:50:37.444root 11241100x80000000000000003861701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8889abbc7d1a8c32021-12-22 11:50:37.444root 11241100x80000000000000003861702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe6821211eed65e2021-12-22 11:50:37.444root 11241100x80000000000000003861703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a11bb5d644edc22021-12-22 11:50:37.444root 11241100x80000000000000003861704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766ae4b0cc2203d92021-12-22 11:50:37.444root 11241100x80000000000000003861705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81eb2560a5ec0b072021-12-22 11:50:37.444root 11241100x80000000000000003861706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9a716e8b43420d2021-12-22 11:50:37.444root 11241100x80000000000000003861707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858baf91ceda61a42021-12-22 11:50:37.444root 11241100x80000000000000003861708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9781a4c94195e82021-12-22 11:50:37.444root 11241100x80000000000000003861709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299bf407b336f5b52021-12-22 11:50:37.444root 11241100x80000000000000003861710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8c6eeacd52acbc2021-12-22 11:50:37.444root 11241100x80000000000000003861711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a8b848e41062812021-12-22 11:50:37.444root 11241100x80000000000000003861712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428ae869e40db1912021-12-22 11:50:37.444root 11241100x80000000000000003861713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122b28ea8d80b3d72021-12-22 11:50:37.444root 11241100x80000000000000003861714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988c45d73b4b9b372021-12-22 11:50:37.445root 11241100x80000000000000003861715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c97155b40830d62021-12-22 11:50:37.445root 11241100x80000000000000003861716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b939de34a903a1262021-12-22 11:50:37.445root 11241100x80000000000000003861717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e756a71a8ffefd2021-12-22 11:50:37.445root 11241100x80000000000000003861718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb8a9bc3368065c2021-12-22 11:50:37.445root 11241100x80000000000000003861719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9622b58a7b4972602021-12-22 11:50:37.445root 11241100x80000000000000003861720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e56e09e2433b3d2021-12-22 11:50:37.445root 11241100x80000000000000003861721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85bc078195bc2692021-12-22 11:50:37.943root 11241100x80000000000000003861722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6bb900a5ef04d02021-12-22 11:50:37.944root 11241100x80000000000000003861723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6c79cac45915652021-12-22 11:50:37.944root 11241100x80000000000000003861724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df66f8fc86d9081b2021-12-22 11:50:37.944root 11241100x80000000000000003861725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9e9a63af91863f2021-12-22 11:50:37.945root 11241100x80000000000000003861726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafc87a975b406772021-12-22 11:50:37.945root 11241100x80000000000000003861727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8fecc486e4e15d2021-12-22 11:50:37.945root 11241100x80000000000000003861728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ff3a9965db03d82021-12-22 11:50:37.946root 11241100x80000000000000003861729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56bf013164a85bc2021-12-22 11:50:37.946root 11241100x80000000000000003861730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48f24dff8e303bb2021-12-22 11:50:37.946root 11241100x80000000000000003861731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50fdb78b912ff192021-12-22 11:50:37.947root 11241100x80000000000000003861732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647e7400719185872021-12-22 11:50:37.947root 11241100x80000000000000003861733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab8bd4893d81b2f2021-12-22 11:50:37.947root 11241100x80000000000000003861734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d02be108f3afe222021-12-22 11:50:37.948root 11241100x80000000000000003861735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1f96596d87f8522021-12-22 11:50:37.948root 11241100x80000000000000003861736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12816fe5082b3132021-12-22 11:50:37.948root 11241100x80000000000000003861737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19cfcbfecfd8ed8c2021-12-22 11:50:37.949root 11241100x80000000000000003861738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a928f4922e9fbf4f2021-12-22 11:50:37.949root 11241100x80000000000000003861739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0090f355c9c82f1b2021-12-22 11:50:37.949root 11241100x80000000000000003861740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49838781359673e72021-12-22 11:50:37.949root 11241100x80000000000000003861741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21a6636b798d4262021-12-22 11:50:37.949root 11241100x80000000000000003861742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e515bd279e9533932021-12-22 11:50:37.949root 11241100x80000000000000003861743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da1d61755548f5b2021-12-22 11:50:37.950root 11241100x80000000000000003861744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35d0de8feea031e2021-12-22 11:50:37.950root 11241100x80000000000000003861745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc905210219138f22021-12-22 11:50:37.950root 11241100x80000000000000003861746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:37.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9df27057c0c7442021-12-22 11:50:37.950root 11241100x80000000000000003861747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5e1b90f038a0e42021-12-22 11:50:38.444root 11241100x80000000000000003861748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4382366566ed0a3a2021-12-22 11:50:38.444root 11241100x80000000000000003861749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545686871fa8c7c92021-12-22 11:50:38.445root 11241100x80000000000000003861750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1324fdcc1d105d842021-12-22 11:50:38.445root 11241100x80000000000000003861751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c255e51cdb306f2021-12-22 11:50:38.445root 11241100x80000000000000003861752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693da3f8f45a80862021-12-22 11:50:38.445root 11241100x80000000000000003861753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9545901f414d09d42021-12-22 11:50:38.445root 11241100x80000000000000003861754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a8d4a6113d3df72021-12-22 11:50:38.445root 11241100x80000000000000003861755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036f19b9c09e1e342021-12-22 11:50:38.445root 11241100x80000000000000003861756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10d2b5d830b58782021-12-22 11:50:38.446root 11241100x80000000000000003861757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec3379fef49b29f2021-12-22 11:50:38.446root 11241100x80000000000000003861758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766b6041e13d2d512021-12-22 11:50:38.446root 11241100x80000000000000003861759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ecfc4b5e24a346a2021-12-22 11:50:38.446root 11241100x80000000000000003861760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fcb2593bf2db7672021-12-22 11:50:38.446root 11241100x80000000000000003861761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b735d67dd2013eb42021-12-22 11:50:38.446root 11241100x80000000000000003861762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014b57bdec728b112021-12-22 11:50:38.446root 11241100x80000000000000003861763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e6966638533c5a2021-12-22 11:50:38.447root 11241100x80000000000000003861764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadc130dd8af308b2021-12-22 11:50:38.447root 11241100x80000000000000003861765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad94b75545b17062021-12-22 11:50:38.447root 11241100x80000000000000003861766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd75ee0c30e417712021-12-22 11:50:38.447root 11241100x80000000000000003861767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16920f042142cac42021-12-22 11:50:38.447root 11241100x80000000000000003861768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1abcbeab01036e82021-12-22 11:50:38.447root 11241100x80000000000000003861769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb29def0bb8d9262021-12-22 11:50:38.447root 11241100x80000000000000003861770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65d25fc94741d262021-12-22 11:50:38.448root 11241100x80000000000000003861771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a2a5ef50c2d3122021-12-22 11:50:38.448root 11241100x80000000000000003861772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0f29d35581b4132021-12-22 11:50:38.448root 11241100x80000000000000003861773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c89611b875b2f52021-12-22 11:50:38.943root 11241100x80000000000000003861774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6acacde28a5b39902021-12-22 11:50:38.944root 11241100x80000000000000003861775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb564cf72336dd052021-12-22 11:50:38.944root 11241100x80000000000000003861776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50526d3cdf4476db2021-12-22 11:50:38.944root 11241100x80000000000000003861777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c977590d8ffaadf2021-12-22 11:50:38.945root 11241100x80000000000000003861778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd96da8a95bacea2021-12-22 11:50:38.945root 11241100x80000000000000003861779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce61d277dcad4c7e2021-12-22 11:50:38.945root 11241100x80000000000000003861780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170652682ea36fcf2021-12-22 11:50:38.945root 11241100x80000000000000003861781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940b6e0fea005e562021-12-22 11:50:38.946root 11241100x80000000000000003861782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93e89c99593cd772021-12-22 11:50:38.946root 11241100x80000000000000003861783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e034f33abe2c6d2021-12-22 11:50:38.946root 11241100x80000000000000003861784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c562e0274889d732021-12-22 11:50:38.946root 11241100x80000000000000003861785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b87352640617902021-12-22 11:50:38.946root 11241100x80000000000000003861786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c5a2be9208cab82021-12-22 11:50:38.946root 11241100x80000000000000003861787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b593115be3c88e12021-12-22 11:50:38.946root 11241100x80000000000000003861788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce9171af3b37c2e2021-12-22 11:50:38.947root 11241100x80000000000000003861789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61953335c27c7a982021-12-22 11:50:38.947root 11241100x80000000000000003861790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0f3a5fb488e2f92021-12-22 11:50:38.947root 11241100x80000000000000003861791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400c4313fb9abc3e2021-12-22 11:50:38.947root 11241100x80000000000000003861792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d38a2d1d19e53c2021-12-22 11:50:38.947root 11241100x80000000000000003861793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03be0ad66a670bb42021-12-22 11:50:38.948root 11241100x80000000000000003861794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e20566896bf5e252021-12-22 11:50:38.948root 11241100x80000000000000003861795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd8c80740c121172021-12-22 11:50:38.948root 11241100x80000000000000003861796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329660b874b5038b2021-12-22 11:50:38.948root 11241100x80000000000000003861797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51bdf178d36f0db2021-12-22 11:50:38.949root 11241100x80000000000000003861798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed92a8352b9b006e2021-12-22 11:50:38.949root 11241100x80000000000000003861799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632757c31b879f042021-12-22 11:50:38.949root 23542300x80000000000000003861800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:38.980{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000003861801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.228{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55534-false10.0.1.12-8000- 11241100x80000000000000003861802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b716378a498624c2021-12-22 11:50:39.229root 11241100x80000000000000003861803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbc3f0e7cb128352021-12-22 11:50:39.229root 11241100x80000000000000003861804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c1e82224bb72e52021-12-22 11:50:39.230root 11241100x80000000000000003861805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10da71385e41ad2b2021-12-22 11:50:39.230root 11241100x80000000000000003861806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3c92179bc04f412021-12-22 11:50:39.230root 11241100x80000000000000003861807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216a8083f0e9c69e2021-12-22 11:50:39.230root 11241100x80000000000000003861808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47f3ca24e56e8f92021-12-22 11:50:39.231root 11241100x80000000000000003861809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33abb1432f87f142021-12-22 11:50:39.231root 11241100x80000000000000003861810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c139bbd8f492b0b72021-12-22 11:50:39.231root 11241100x80000000000000003861811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd56997036c76e762021-12-22 11:50:39.231root 11241100x80000000000000003861812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0317fd194fdd41bb2021-12-22 11:50:39.231root 11241100x80000000000000003861813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776d3ff3ca3d65a22021-12-22 11:50:39.231root 11241100x80000000000000003861814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee5a7ab4307df962021-12-22 11:50:39.232root 11241100x80000000000000003861815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8f84d2567534082021-12-22 11:50:39.232root 11241100x80000000000000003861816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fa11006007c1472021-12-22 11:50:39.232root 11241100x80000000000000003861817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1929163fb68e92a2021-12-22 11:50:39.232root 11241100x80000000000000003861818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941f43d3db9f3abe2021-12-22 11:50:39.232root 11241100x80000000000000003861819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7026e6fff9bf21c52021-12-22 11:50:39.232root 11241100x80000000000000003861820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d254f829c9e90072021-12-22 11:50:39.232root 11241100x80000000000000003861821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd9ea7ce246de542021-12-22 11:50:39.232root 11241100x80000000000000003861822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0713f0521c0820962021-12-22 11:50:39.232root 11241100x80000000000000003861823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4879167df2084dc2021-12-22 11:50:39.232root 11241100x80000000000000003861824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c284a5af86f442a62021-12-22 11:50:39.232root 11241100x80000000000000003861825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432e80edd8c4fc4c2021-12-22 11:50:39.232root 11241100x80000000000000003861826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de75ff3b42d3802f2021-12-22 11:50:39.232root 11241100x80000000000000003861827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49873a63044986ff2021-12-22 11:50:39.232root 11241100x80000000000000003861828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f15a6e97f8f93f2021-12-22 11:50:39.233root 11241100x80000000000000003861829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f1acbcf905cc38b2021-12-22 11:50:39.233root 11241100x80000000000000003861830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d326d88fd7e567bb2021-12-22 11:50:39.233root 11241100x80000000000000003861831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9ed4247751c4ea2021-12-22 11:50:39.233root 11241100x80000000000000003861832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d6303077f1ace02021-12-22 11:50:39.233root 11241100x80000000000000003861833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d8d8443d208cde2021-12-22 11:50:39.233root 11241100x80000000000000003861834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986ecb9e44a9c8f82021-12-22 11:50:39.694root 11241100x80000000000000003861835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce309bfb2c56dbf72021-12-22 11:50:39.694root 11241100x80000000000000003861836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f75848ffa76af9b2021-12-22 11:50:39.694root 11241100x80000000000000003861837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9932ec3d90e328c12021-12-22 11:50:39.694root 11241100x80000000000000003861838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2edec8c73ad1c18a2021-12-22 11:50:39.694root 11241100x80000000000000003861839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd67825b917f8bda2021-12-22 11:50:39.694root 11241100x80000000000000003861840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ac0cb4717280112021-12-22 11:50:39.695root 11241100x80000000000000003861841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec95764d830455a2021-12-22 11:50:39.695root 11241100x80000000000000003861842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b657aef64b07681b2021-12-22 11:50:39.695root 11241100x80000000000000003861843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c07bf55056f8ce52021-12-22 11:50:39.695root 11241100x80000000000000003861844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7545666c35411aa32021-12-22 11:50:39.695root 11241100x80000000000000003861845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968c051cd3e8b0012021-12-22 11:50:39.696root 11241100x80000000000000003861846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ec7e987e93c3052021-12-22 11:50:39.696root 11241100x80000000000000003861847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884bc7750547a9c72021-12-22 11:50:39.696root 11241100x80000000000000003861848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499416a68bd3a3332021-12-22 11:50:39.696root 11241100x80000000000000003861849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfe6e0d148d93b72021-12-22 11:50:39.696root 11241100x80000000000000003861850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898f9be7ef6007aa2021-12-22 11:50:39.696root 11241100x80000000000000003861851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d004432e8d40322021-12-22 11:50:39.696root 11241100x80000000000000003861852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb167c7140edba512021-12-22 11:50:39.696root 11241100x80000000000000003861853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02dfd1edb2fc1312021-12-22 11:50:39.696root 11241100x80000000000000003861854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d7710c48bb27672021-12-22 11:50:39.697root 11241100x80000000000000003861855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d1f0eaf50aabe22021-12-22 11:50:39.697root 11241100x80000000000000003861856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc99b3852ec9871e2021-12-22 11:50:39.697root 11241100x80000000000000003861857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bfc68edb961e0ed2021-12-22 11:50:39.697root 11241100x80000000000000003861858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3035da8a32d1ca2021-12-22 11:50:39.697root 11241100x80000000000000003861859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5804132b77eafdca2021-12-22 11:50:39.697root 11241100x80000000000000003861860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5827024b693ed5fa2021-12-22 11:50:39.697root 11241100x80000000000000003861861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d4f23a7555477a2021-12-22 11:50:39.697root 11241100x80000000000000003861862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067c61208be7997e2021-12-22 11:50:40.194root 11241100x80000000000000003861863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73899a979dcf61c2021-12-22 11:50:40.194root 11241100x80000000000000003861864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9986c0e23a9d56922021-12-22 11:50:40.194root 11241100x80000000000000003861865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e22d170bb5f3602021-12-22 11:50:40.194root 11241100x80000000000000003861866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1f1bca65d2eee32021-12-22 11:50:40.194root 11241100x80000000000000003861867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48faeceb698c2f8b2021-12-22 11:50:40.194root 11241100x80000000000000003861868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68bf6eea05c01cb82021-12-22 11:50:40.194root 11241100x80000000000000003861869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00dae866ce8707cd2021-12-22 11:50:40.194root 11241100x80000000000000003861870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36605beb05efe06b2021-12-22 11:50:40.194root 11241100x80000000000000003861871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23203289ee03ed22021-12-22 11:50:40.194root 11241100x80000000000000003861872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14699618432bfc7a2021-12-22 11:50:40.194root 11241100x80000000000000003861873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff68093887ce2ea2021-12-22 11:50:40.194root 11241100x80000000000000003861874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608c03d67a51d4d22021-12-22 11:50:40.194root 11241100x80000000000000003861875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2afc40ac241968ce2021-12-22 11:50:40.195root 11241100x80000000000000003861876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec3ddd59912e17b2021-12-22 11:50:40.195root 11241100x80000000000000003861877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671f2ada26e43b782021-12-22 11:50:40.195root 11241100x80000000000000003861878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5dc8cc6bf2e39e2021-12-22 11:50:40.195root 11241100x80000000000000003861879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a755c00e5f7f53c12021-12-22 11:50:40.195root 11241100x80000000000000003861880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20d23073e3a762f2021-12-22 11:50:40.195root 11241100x80000000000000003861881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f107f2b20dec03362021-12-22 11:50:40.195root 11241100x80000000000000003861882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322f95c49577018d2021-12-22 11:50:40.195root 11241100x80000000000000003861883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165cc5ae7a832eb72021-12-22 11:50:40.195root 11241100x80000000000000003861884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e127aa83f722bde2021-12-22 11:50:40.195root 11241100x80000000000000003861885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06fa79502ddd2cbe2021-12-22 11:50:40.195root 11241100x80000000000000003861886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f717f4367abd842021-12-22 11:50:40.196root 11241100x80000000000000003861887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d65c0315113ff4e2021-12-22 11:50:40.196root 11241100x80000000000000003861888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab1baabddbb61102021-12-22 11:50:40.196root 11241100x80000000000000003861889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312999a7b374d5332021-12-22 11:50:40.196root 11241100x80000000000000003861890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d803c8e2a2b51e0e2021-12-22 11:50:40.694root 11241100x80000000000000003861891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dcebb19c2fde9732021-12-22 11:50:40.694root 11241100x80000000000000003861892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b26a81df25a304e2021-12-22 11:50:40.694root 11241100x80000000000000003861893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e623cd56f36b6d2021-12-22 11:50:40.694root 11241100x80000000000000003861894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9db67f33e45a442021-12-22 11:50:40.694root 11241100x80000000000000003861895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2308045b6063635e2021-12-22 11:50:40.695root 11241100x80000000000000003861896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7891640239acc582021-12-22 11:50:40.695root 11241100x80000000000000003861897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc9b280d90b41732021-12-22 11:50:40.695root 11241100x80000000000000003861898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b32bd9e2db6a1242021-12-22 11:50:40.695root 11241100x80000000000000003861899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7828ccf4d4c109772021-12-22 11:50:40.695root 11241100x80000000000000003861900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d849ecedcaa00a72021-12-22 11:50:40.695root 11241100x80000000000000003861901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2c78717e44162f2021-12-22 11:50:40.695root 11241100x80000000000000003861902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55543a96e23dcb042021-12-22 11:50:40.695root 11241100x80000000000000003861903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ac17e69468d5ea2021-12-22 11:50:40.695root 11241100x80000000000000003861904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52d5391f6240dcb2021-12-22 11:50:40.695root 11241100x80000000000000003861905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb1f02c2c3773002021-12-22 11:50:40.695root 11241100x80000000000000003861906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832cd09c9b35d4272021-12-22 11:50:40.695root 11241100x80000000000000003861907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5133d3adcb6c5b262021-12-22 11:50:40.695root 11241100x80000000000000003861908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719185cf831883bc2021-12-22 11:50:40.696root 11241100x80000000000000003861909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64fff48e95d0a70f2021-12-22 11:50:40.696root 11241100x80000000000000003861910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c36213e4b502ee7d2021-12-22 11:50:40.696root 11241100x80000000000000003861911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f30d87c168aeac02021-12-22 11:50:40.696root 11241100x80000000000000003861912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77dd6442c81323ae2021-12-22 11:50:40.696root 11241100x80000000000000003861913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1694f43ee6c3d12021-12-22 11:50:40.696root 11241100x80000000000000003861914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d1d5232e7a32532021-12-22 11:50:40.696root 11241100x80000000000000003861915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7130dd48627b1d82021-12-22 11:50:40.696root 11241100x80000000000000003861916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd728f22478e6712021-12-22 11:50:40.696root 11241100x80000000000000003861917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8edd9789fd787752021-12-22 11:50:40.696root 11241100x80000000000000003861918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd91d2498c7303a32021-12-22 11:50:41.194root 11241100x80000000000000003861919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171f21c3bb7ee7d92021-12-22 11:50:41.194root 11241100x80000000000000003861920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a6a1930b92c8b52021-12-22 11:50:41.194root 11241100x80000000000000003861921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784706fb99b3172b2021-12-22 11:50:41.194root 11241100x80000000000000003861922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019e35e79edc084f2021-12-22 11:50:41.194root 11241100x80000000000000003861923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50eff2de7122ef752021-12-22 11:50:41.194root 11241100x80000000000000003861924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbcce0a6b3e2bd62021-12-22 11:50:41.194root 11241100x80000000000000003861925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48050f94e2fa8e6f2021-12-22 11:50:41.194root 11241100x80000000000000003861926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c4d7dd2628d77b2021-12-22 11:50:41.194root 11241100x80000000000000003861927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d75502022ecfa92021-12-22 11:50:41.194root 11241100x80000000000000003861928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef4756697d0e8a22021-12-22 11:50:41.194root 11241100x80000000000000003861929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5d5ca192929f632021-12-22 11:50:41.194root 11241100x80000000000000003861930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735ecba0d5b785602021-12-22 11:50:41.194root 11241100x80000000000000003861931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3ee3e8f6f0eb522021-12-22 11:50:41.195root 11241100x80000000000000003861932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde0994b7e1e87dd2021-12-22 11:50:41.195root 11241100x80000000000000003861933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72eb68622696137e2021-12-22 11:50:41.195root 11241100x80000000000000003861934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd0d5e2e96d44f42021-12-22 11:50:41.195root 11241100x80000000000000003861935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364541905874a2322021-12-22 11:50:41.195root 11241100x80000000000000003861936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48824e8db3992fca2021-12-22 11:50:41.195root 11241100x80000000000000003861937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3de5314f7bfb9082021-12-22 11:50:41.195root 11241100x80000000000000003861938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e89638ac526f96f2021-12-22 11:50:41.195root 11241100x80000000000000003861939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba53f9b8e403dab2021-12-22 11:50:41.195root 11241100x80000000000000003861940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5e4cf118bbb5292021-12-22 11:50:41.195root 11241100x80000000000000003861941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff9bdad611bb6da2021-12-22 11:50:41.195root 11241100x80000000000000003861942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76036eefd7bf9c2f2021-12-22 11:50:41.195root 11241100x80000000000000003861943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe0b7b5e001f1dd2021-12-22 11:50:41.196root 11241100x80000000000000003861944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103f0a6f04b51f0c2021-12-22 11:50:41.196root 11241100x80000000000000003861945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae52ca6cf0e92d492021-12-22 11:50:41.196root 11241100x80000000000000003861946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b399e776460bae2021-12-22 11:50:41.694root 11241100x80000000000000003861947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ad8c0df50fc7db2021-12-22 11:50:41.694root 11241100x80000000000000003861948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe7894cc802ef5c2021-12-22 11:50:41.694root 11241100x80000000000000003861949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8091b64102fc332021-12-22 11:50:41.694root 11241100x80000000000000003861950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5633ca5c21cd9bf2021-12-22 11:50:41.694root 11241100x80000000000000003861951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d691fb65a29f7c522021-12-22 11:50:41.694root 11241100x80000000000000003861952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c0e3ccde2eb9f12021-12-22 11:50:41.694root 11241100x80000000000000003861953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689dbf6e666633182021-12-22 11:50:41.694root 11241100x80000000000000003861954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce0608fc253435d2021-12-22 11:50:41.694root 11241100x80000000000000003861955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03efa098506de2292021-12-22 11:50:41.694root 11241100x80000000000000003861956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb243cd65f78336a2021-12-22 11:50:41.695root 11241100x80000000000000003861957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fbffb9046f04b12021-12-22 11:50:41.695root 11241100x80000000000000003861958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed99fac7a6211b02021-12-22 11:50:41.695root 11241100x80000000000000003861959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c98c2d3cca9e8dd2021-12-22 11:50:41.695root 11241100x80000000000000003861960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa095aee423aced2021-12-22 11:50:41.695root 11241100x80000000000000003861961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5431d96485680dc2021-12-22 11:50:41.695root 11241100x80000000000000003861962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa293fca3bf745b62021-12-22 11:50:41.695root 11241100x80000000000000003861963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c416f0ecf119f6f92021-12-22 11:50:41.695root 11241100x80000000000000003861964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3aa1f60284345682021-12-22 11:50:41.695root 11241100x80000000000000003861965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9142dc21b7f31e722021-12-22 11:50:41.695root 11241100x80000000000000003861966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0515fb4b3ffbbd2021-12-22 11:50:41.696root 11241100x80000000000000003861967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ce360e7dde58b42021-12-22 11:50:41.696root 11241100x80000000000000003861968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a46492bd700f8e52021-12-22 11:50:41.696root 11241100x80000000000000003861969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec64ba1b722ab4f2021-12-22 11:50:41.696root 11241100x80000000000000003861970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a62dba85cce44502021-12-22 11:50:41.696root 11241100x80000000000000003861971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7561e55df8bb0c32021-12-22 11:50:41.696root 11241100x80000000000000003861972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef18a64f58a13b792021-12-22 11:50:41.696root 11241100x80000000000000003861973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17020d43f1d153882021-12-22 11:50:41.696root 11241100x80000000000000003861974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a7de37acf0b75f2021-12-22 11:50:42.194root 11241100x80000000000000003861975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db37f13681a8a642021-12-22 11:50:42.194root 11241100x80000000000000003861976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1e2d5c1c6276c22021-12-22 11:50:42.194root 11241100x80000000000000003861977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2288975ed3b3052021-12-22 11:50:42.194root 11241100x80000000000000003861978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f447982a36aae8c62021-12-22 11:50:42.194root 11241100x80000000000000003861979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eae7d4e6e37ccba2021-12-22 11:50:42.194root 11241100x80000000000000003861980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c1509973703be02021-12-22 11:50:42.194root 11241100x80000000000000003861981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc3450988d913f72021-12-22 11:50:42.194root 11241100x80000000000000003861982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887ac3fdc9ed826e2021-12-22 11:50:42.194root 11241100x80000000000000003861983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd855af36b0533392021-12-22 11:50:42.194root 11241100x80000000000000003861984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598221abc7e735472021-12-22 11:50:42.195root 11241100x80000000000000003861985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aea419a779275bb2021-12-22 11:50:42.195root 11241100x80000000000000003861986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55bfde6d4dd57ad2021-12-22 11:50:42.195root 11241100x80000000000000003861987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586b128f1b363aee2021-12-22 11:50:42.195root 11241100x80000000000000003861988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1185e18c6fe199042021-12-22 11:50:42.195root 11241100x80000000000000003861989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e005c3e690d6c4822021-12-22 11:50:42.195root 11241100x80000000000000003861990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c396f7c83f9aa8822021-12-22 11:50:42.195root 11241100x80000000000000003861991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2a0d1a2d7c26722021-12-22 11:50:42.195root 11241100x80000000000000003861992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f490f69f76197b2021-12-22 11:50:42.195root 11241100x80000000000000003861993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f802be4bb35fb552021-12-22 11:50:42.195root 11241100x80000000000000003861994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748ce58451e91be22021-12-22 11:50:42.196root 11241100x80000000000000003861995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c530a3d7e02847dc2021-12-22 11:50:42.196root 11241100x80000000000000003861996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b310382e039df6a2021-12-22 11:50:42.196root 11241100x80000000000000003861997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81968749cfcd55c12021-12-22 11:50:42.196root 11241100x80000000000000003861998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28e2fe26a1cca812021-12-22 11:50:42.196root 11241100x80000000000000003861999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3ccedb128e42f52021-12-22 11:50:42.196root 11241100x80000000000000003862000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5275a5e8756fb192021-12-22 11:50:42.196root 11241100x80000000000000003862001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682d3e265c9463462021-12-22 11:50:42.196root 11241100x80000000000000003862002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b5c020a268a1e72021-12-22 11:50:42.694root 11241100x80000000000000003862003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95402473fe35fab2021-12-22 11:50:42.694root 11241100x80000000000000003862004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef899c2628550982021-12-22 11:50:42.694root 11241100x80000000000000003862005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f2268d2fb7799b2021-12-22 11:50:42.694root 11241100x80000000000000003862006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70792d4815926a9f2021-12-22 11:50:42.694root 11241100x80000000000000003862007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95862b88f5c01dcd2021-12-22 11:50:42.694root 11241100x80000000000000003862008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a32f720445e282b2021-12-22 11:50:42.694root 11241100x80000000000000003862009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d316def5cbc74e9b2021-12-22 11:50:42.694root 11241100x80000000000000003862010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf29d06bfd2ed722021-12-22 11:50:42.694root 11241100x80000000000000003862011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656251f62c2d7a7a2021-12-22 11:50:42.694root 11241100x80000000000000003862012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6c4505bc98dbf12021-12-22 11:50:42.694root 11241100x80000000000000003862013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be319246a22e2abd2021-12-22 11:50:42.694root 11241100x80000000000000003862014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8ad5f6c82d20c12021-12-22 11:50:42.694root 11241100x80000000000000003862015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e22117109c461e2021-12-22 11:50:42.694root 11241100x80000000000000003862016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26c6b6cc284b9942021-12-22 11:50:42.694root 11241100x80000000000000003862017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3b72071e7d90242021-12-22 11:50:42.695root 11241100x80000000000000003862018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b800967087f9f1792021-12-22 11:50:42.695root 11241100x80000000000000003862019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f4868d6199db072021-12-22 11:50:42.695root 11241100x80000000000000003862020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a82d5274a93eef62021-12-22 11:50:42.695root 11241100x80000000000000003862021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf39732433f5f51e2021-12-22 11:50:42.695root 11241100x80000000000000003862022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e8ad1a24eb69992021-12-22 11:50:42.695root 11241100x80000000000000003862023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260568333dc9a3372021-12-22 11:50:42.695root 11241100x80000000000000003862024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7cf3b87ced3d0532021-12-22 11:50:42.695root 11241100x80000000000000003862025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc2a7f8388bf2782021-12-22 11:50:42.695root 11241100x80000000000000003862026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f0e68a2051c2a12021-12-22 11:50:42.695root 11241100x80000000000000003862027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7939eaedb286b4fb2021-12-22 11:50:42.695root 11241100x80000000000000003862028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b07a7e9524fec72021-12-22 11:50:42.695root 11241100x80000000000000003862029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c5422460c8ffd62021-12-22 11:50:42.695root 11241100x80000000000000003862030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f7c63c0d52a5722021-12-22 11:50:43.194root 11241100x80000000000000003862031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee65b0d5e3568cdd2021-12-22 11:50:43.194root 11241100x80000000000000003862032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725fc3d126a30f1b2021-12-22 11:50:43.194root 11241100x80000000000000003862033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4a4ae7a3721f9e2021-12-22 11:50:43.194root 11241100x80000000000000003862034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbeb92efafef8bdf2021-12-22 11:50:43.194root 11241100x80000000000000003862035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a54eb187d1d1462021-12-22 11:50:43.195root 11241100x80000000000000003862036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.decd9336b8660e8e2021-12-22 11:50:43.197root 11241100x80000000000000003862037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfa2667ecf038c32021-12-22 11:50:43.197root 11241100x80000000000000003862038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70c7c643e24d0db2021-12-22 11:50:43.197root 11241100x80000000000000003862039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc42512ef23683c22021-12-22 11:50:43.197root 11241100x80000000000000003862040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa53d128ab9c0f392021-12-22 11:50:43.198root 11241100x80000000000000003862041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f94428310d62192021-12-22 11:50:43.198root 11241100x80000000000000003862042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f70d2b455faa7412021-12-22 11:50:43.198root 11241100x80000000000000003862043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e29a07060b780a2021-12-22 11:50:43.198root 11241100x80000000000000003862044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4229eb6d9a2489f2021-12-22 11:50:43.198root 11241100x80000000000000003862045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76862ed094e4e242021-12-22 11:50:43.198root 11241100x80000000000000003862046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea4d5e19e7cbac92021-12-22 11:50:43.198root 11241100x80000000000000003862047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec562446fbdefd892021-12-22 11:50:43.198root 11241100x80000000000000003862048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d702b56f2582ad42021-12-22 11:50:43.198root 11241100x80000000000000003862049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbaab5abc3812a612021-12-22 11:50:43.198root 11241100x80000000000000003862050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3494a6fea84cc33b2021-12-22 11:50:43.198root 11241100x80000000000000003862051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b301289e426cfe2021-12-22 11:50:43.198root 11241100x80000000000000003862052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d540330565d1582021-12-22 11:50:43.198root 11241100x80000000000000003862053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9401347bf4da44132021-12-22 11:50:43.198root 11241100x80000000000000003862054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73402a00e9b5703a2021-12-22 11:50:43.198root 11241100x80000000000000003862055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d0493e87a7c1ef2021-12-22 11:50:43.199root 11241100x80000000000000003862056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4748d0edf1c68e62021-12-22 11:50:43.199root 11241100x80000000000000003862057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f24e193981d1042021-12-22 11:50:43.199root 11241100x80000000000000003862058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28071faecc26c77e2021-12-22 11:50:43.694root 11241100x80000000000000003862059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2f3aafb0c0bb032021-12-22 11:50:43.694root 11241100x80000000000000003862060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1282af168816fc2021-12-22 11:50:43.694root 11241100x80000000000000003862061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d657b9b4ff71bda2021-12-22 11:50:43.694root 11241100x80000000000000003862062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c928c03e68fa00f52021-12-22 11:50:43.694root 11241100x80000000000000003862063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e9a72b6f3944a22021-12-22 11:50:43.694root 11241100x80000000000000003862064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5ee961c2aab51f2021-12-22 11:50:43.694root 11241100x80000000000000003862065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d9fb422159f3292021-12-22 11:50:43.694root 11241100x80000000000000003862066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25a956dcb15924e2021-12-22 11:50:43.695root 11241100x80000000000000003862067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06acbfcc4e895b52021-12-22 11:50:43.695root 11241100x80000000000000003862068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3bdd8a6c06a880e2021-12-22 11:50:43.695root 11241100x80000000000000003862069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c86868fd1fda9b2021-12-22 11:50:43.695root 11241100x80000000000000003862070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36666093f77c10712021-12-22 11:50:43.695root 11241100x80000000000000003862071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382b457a4e446a202021-12-22 11:50:43.695root 11241100x80000000000000003862072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31279e2e4f670ba2021-12-22 11:50:43.695root 11241100x80000000000000003862073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e975feb9ceb65a9f2021-12-22 11:50:43.695root 11241100x80000000000000003862074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c88b3c2e6e290552021-12-22 11:50:43.695root 11241100x80000000000000003862075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e663c1e5511d72f72021-12-22 11:50:43.696root 11241100x80000000000000003862076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6853daac0397453e2021-12-22 11:50:43.696root 11241100x80000000000000003862077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25039f2bea82775b2021-12-22 11:50:43.696root 11241100x80000000000000003862078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f729b8a5a7814f3a2021-12-22 11:50:43.696root 11241100x80000000000000003862079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9496efa732e35572021-12-22 11:50:43.696root 11241100x80000000000000003862080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5924b48bdc5f182e2021-12-22 11:50:43.696root 11241100x80000000000000003862081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0241064a994fe19a2021-12-22 11:50:43.696root 11241100x80000000000000003862082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e99aa7548e4fd0b2021-12-22 11:50:43.696root 11241100x80000000000000003862083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56a11d5d31931512021-12-22 11:50:43.696root 11241100x80000000000000003862084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d971b9e0e93a856b2021-12-22 11:50:43.696root 11241100x80000000000000003862085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5cfd4b4e4be0e02021-12-22 11:50:43.696root 11241100x80000000000000003862086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77656179a2a95d062021-12-22 11:50:44.194root 11241100x80000000000000003862087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a47e66352887a32021-12-22 11:50:44.194root 11241100x80000000000000003862088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd1024e7f4fbbca2021-12-22 11:50:44.194root 11241100x80000000000000003862089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a4d302d4f2916c2021-12-22 11:50:44.194root 11241100x80000000000000003862090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0c15e8b10ae6d92021-12-22 11:50:44.194root 11241100x80000000000000003862091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc0e308519c36fb2021-12-22 11:50:44.194root 11241100x80000000000000003862092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012f3990432feccd2021-12-22 11:50:44.194root 11241100x80000000000000003862093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8305aeb1b05c5aa32021-12-22 11:50:44.194root 11241100x80000000000000003862094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e99e04d5dcdc6ce2021-12-22 11:50:44.194root 11241100x80000000000000003862095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733ea34b689bcae82021-12-22 11:50:44.194root 11241100x80000000000000003862096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15abdfe73e5a6bb82021-12-22 11:50:44.194root 11241100x80000000000000003862097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20376dbd719f7eee2021-12-22 11:50:44.195root 11241100x80000000000000003862098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b062626a72336672021-12-22 11:50:44.195root 11241100x80000000000000003862099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123c885ef3d578682021-12-22 11:50:44.195root 11241100x80000000000000003862100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af60ae4311e67732021-12-22 11:50:44.195root 11241100x80000000000000003862101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def95d0775a385f82021-12-22 11:50:44.195root 11241100x80000000000000003862102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f598db283fa3a12021-12-22 11:50:44.195root 11241100x80000000000000003862103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f032d08cb292da42021-12-22 11:50:44.195root 11241100x80000000000000003862104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ebfd72a79af0b52021-12-22 11:50:44.195root 11241100x80000000000000003862105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26f83638871cbc22021-12-22 11:50:44.195root 11241100x80000000000000003862106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529953ab8b79d0362021-12-22 11:50:44.195root 11241100x80000000000000003862107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520016decc18b60e2021-12-22 11:50:44.195root 11241100x80000000000000003862108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ab0be850a82a102021-12-22 11:50:44.195root 11241100x80000000000000003862109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48fd1890d8cfe4cc2021-12-22 11:50:44.196root 11241100x80000000000000003862110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbf1ed4f85eed442021-12-22 11:50:44.196root 11241100x80000000000000003862111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437bbbdf520cdc862021-12-22 11:50:44.196root 11241100x80000000000000003862112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c44832492bc6542021-12-22 11:50:44.196root 11241100x80000000000000003862113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8ebcb2ef1bdc182021-12-22 11:50:44.196root 11241100x80000000000000003862114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b2b0e6e9283c0e2021-12-22 11:50:44.694root 11241100x80000000000000003862115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5601bf82e02f132021-12-22 11:50:44.694root 11241100x80000000000000003862116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2395a3f93f254e2021-12-22 11:50:44.694root 11241100x80000000000000003862117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6100a5e00b0cc82d2021-12-22 11:50:44.694root 11241100x80000000000000003862118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923985b77102d92c2021-12-22 11:50:44.694root 11241100x80000000000000003862119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27bbee3bd86eb1f2021-12-22 11:50:44.694root 11241100x80000000000000003862120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef361cc3798abca32021-12-22 11:50:44.694root 11241100x80000000000000003862121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a49da22857a0ca82021-12-22 11:50:44.694root 11241100x80000000000000003862122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945d21b47f684fc52021-12-22 11:50:44.694root 11241100x80000000000000003862123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2de271dfbc2f3722021-12-22 11:50:44.694root 11241100x80000000000000003862124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e18254622cc5be32021-12-22 11:50:44.694root 11241100x80000000000000003862125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d44b2d515bac132021-12-22 11:50:44.695root 11241100x80000000000000003862126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a18882e24e7f5232021-12-22 11:50:44.695root 11241100x80000000000000003862127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90303aab0bb0436d2021-12-22 11:50:44.695root 11241100x80000000000000003862128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7383dbc5cd76e4462021-12-22 11:50:44.695root 11241100x80000000000000003862129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f116d186e75ed7d2021-12-22 11:50:44.695root 11241100x80000000000000003862130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cdf9f97181fda0b2021-12-22 11:50:44.695root 11241100x80000000000000003862131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2e80d13d6cef962021-12-22 11:50:44.695root 11241100x80000000000000003862132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a930d9ef95a1bb8e2021-12-22 11:50:44.695root 11241100x80000000000000003862133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd6bb785b0303272021-12-22 11:50:44.695root 11241100x80000000000000003862134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7748dbfaf2989b4c2021-12-22 11:50:44.695root 11241100x80000000000000003862135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622db810670570662021-12-22 11:50:44.695root 11241100x80000000000000003862136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e87064698eeace2021-12-22 11:50:44.695root 11241100x80000000000000003862137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31d1eaa2c5aca832021-12-22 11:50:44.696root 11241100x80000000000000003862138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f528884e22761c92021-12-22 11:50:44.696root 11241100x80000000000000003862139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c00785a903f9bc2021-12-22 11:50:44.696root 11241100x80000000000000003862140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844fbe36fb54c7de2021-12-22 11:50:44.696root 11241100x80000000000000003862141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aefdb81be8e6441c2021-12-22 11:50:44.696root 354300x80000000000000003862142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.087{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55536-false10.0.1.12-8000- 11241100x80000000000000003862143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae8a4b4a06df14b2021-12-22 11:50:45.088root 11241100x80000000000000003862144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd247861dd72e8f72021-12-22 11:50:45.088root 11241100x80000000000000003862145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ecc01bc823a3002021-12-22 11:50:45.088root 11241100x80000000000000003862146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e29b17a4709cde2021-12-22 11:50:45.088root 11241100x80000000000000003862147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693576fcec113c8b2021-12-22 11:50:45.088root 11241100x80000000000000003862148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3e8e633018b8f62021-12-22 11:50:45.088root 11241100x80000000000000003862149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5ea26714df90ee2021-12-22 11:50:45.089root 11241100x80000000000000003862150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdcd6b430c9c537c2021-12-22 11:50:45.089root 11241100x80000000000000003862151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ac27e7438aaf2d2021-12-22 11:50:45.089root 11241100x80000000000000003862152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972590dbc3b212732021-12-22 11:50:45.089root 11241100x80000000000000003862153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b887c6a4ddda8f3a2021-12-22 11:50:45.089root 11241100x80000000000000003862154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed4bff2a78e0f2a2021-12-22 11:50:45.089root 11241100x80000000000000003862155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a18bf0851c7f8a62021-12-22 11:50:45.089root 11241100x80000000000000003862156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83862db8d8284fa2021-12-22 11:50:45.089root 11241100x80000000000000003862157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2ce671d00c0a3f2021-12-22 11:50:45.089root 11241100x80000000000000003862158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6668fcdcf5667e7b2021-12-22 11:50:45.089root 11241100x80000000000000003862159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6db095605ffdead2021-12-22 11:50:45.090root 11241100x80000000000000003862160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9acc07a77c357e82021-12-22 11:50:45.090root 11241100x80000000000000003862161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ffd98e18b78f55e2021-12-22 11:50:45.090root 11241100x80000000000000003862162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15ad286d819ea882021-12-22 11:50:45.090root 11241100x80000000000000003862163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49d353f1496190e2021-12-22 11:50:45.090root 11241100x80000000000000003862164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd1eea6dc744d812021-12-22 11:50:45.090root 11241100x80000000000000003862165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65abfaea09b6eb622021-12-22 11:50:45.090root 11241100x80000000000000003862166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf45fd153db8de62021-12-22 11:50:45.090root 11241100x80000000000000003862167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1357cdc4541589562021-12-22 11:50:45.090root 11241100x80000000000000003862168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68304d4cb8db50f2021-12-22 11:50:45.090root 11241100x80000000000000003862169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5991770ae4f0e72021-12-22 11:50:45.090root 11241100x80000000000000003862170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b062b4df1d6bcb542021-12-22 11:50:45.091root 11241100x80000000000000003862171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.739501bbf09020d52021-12-22 11:50:45.091root 11241100x80000000000000003862172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52d926d8b48f0752021-12-22 11:50:45.091root 11241100x80000000000000003862173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8946fdcc2fe042f52021-12-22 11:50:45.091root 11241100x80000000000000003862174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe575702d2a50862021-12-22 11:50:45.092root 11241100x80000000000000003862175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe3c96add66b8622021-12-22 11:50:45.092root 11241100x80000000000000003862176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229fdef06de3bbc22021-12-22 11:50:45.093root 11241100x80000000000000003862177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d427cc844c2dcee2021-12-22 11:50:45.093root 11241100x80000000000000003862178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5023f5acd93415452021-12-22 11:50:45.093root 11241100x80000000000000003862179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17da8efaf6de7a142021-12-22 11:50:45.093root 11241100x80000000000000003862180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398726f727a5ff932021-12-22 11:50:45.093root 11241100x80000000000000003862181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b41de5ee9d43c32021-12-22 11:50:45.093root 11241100x80000000000000003862182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c51686a245d55d2021-12-22 11:50:45.094root 11241100x80000000000000003862183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5235c7deb3656e4f2021-12-22 11:50:45.094root 11241100x80000000000000003862184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695adab3a5b63bb42021-12-22 11:50:45.094root 11241100x80000000000000003862185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e363242e894b91a22021-12-22 11:50:45.094root 11241100x80000000000000003862186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae328af56a196bc82021-12-22 11:50:45.094root 11241100x80000000000000003862187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1576ffa5f4d41cd72021-12-22 11:50:45.095root 11241100x80000000000000003862188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d605e8c559681602021-12-22 11:50:45.095root 11241100x80000000000000003862189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640e35bd380fcfa42021-12-22 11:50:45.095root 11241100x80000000000000003862190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa8ec039590b5a32021-12-22 11:50:45.095root 11241100x80000000000000003862191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfffd828d03c01fb2021-12-22 11:50:45.095root 11241100x80000000000000003862192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65966fa1cc9328b72021-12-22 11:50:45.443root 11241100x80000000000000003862193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c5990d0201e4c72021-12-22 11:50:45.443root 11241100x80000000000000003862194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed43104afe256182021-12-22 11:50:45.443root 11241100x80000000000000003862195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200e14e96380261b2021-12-22 11:50:45.443root 11241100x80000000000000003862196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f733a56e421fea292021-12-22 11:50:45.443root 11241100x80000000000000003862197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02bd7e3c3ea5517b2021-12-22 11:50:45.444root 11241100x80000000000000003862198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f11660fa61f8d522021-12-22 11:50:45.444root 11241100x80000000000000003862199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09172fc9f2c49f742021-12-22 11:50:45.444root 11241100x80000000000000003862200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef2e3e5787699dec2021-12-22 11:50:45.444root 11241100x80000000000000003862201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc3ef1fa59afebc2021-12-22 11:50:45.444root 11241100x80000000000000003862202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42a6c8a94072f8c2021-12-22 11:50:45.444root 11241100x80000000000000003862203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd9dda0c0d483052021-12-22 11:50:45.444root 11241100x80000000000000003862204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360fa58931ba05af2021-12-22 11:50:45.444root 11241100x80000000000000003862205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c898b049e60f902021-12-22 11:50:45.444root 11241100x80000000000000003862206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6baed6ad3178238d2021-12-22 11:50:45.444root 11241100x80000000000000003862207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14030fee1688777d2021-12-22 11:50:45.444root 11241100x80000000000000003862208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048d207a1dfc23222021-12-22 11:50:45.444root 11241100x80000000000000003862209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb96bddab433eb02021-12-22 11:50:45.444root 11241100x80000000000000003862210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c601bbed151db55d2021-12-22 11:50:45.444root 11241100x80000000000000003862211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8e779d95391d462021-12-22 11:50:45.444root 11241100x80000000000000003862212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f9be81e5070a862021-12-22 11:50:45.445root 11241100x80000000000000003862213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a892c256e7c7ff52021-12-22 11:50:45.445root 11241100x80000000000000003862214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0726c4df3c671d12021-12-22 11:50:45.445root 11241100x80000000000000003862215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3f5392e797ca2d2021-12-22 11:50:45.445root 11241100x80000000000000003862216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a6eef328f6dc2a2021-12-22 11:50:45.445root 11241100x80000000000000003862217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5da0a1ac49a162b2021-12-22 11:50:45.445root 11241100x80000000000000003862218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d81ce2d64fcfe72021-12-22 11:50:45.445root 11241100x80000000000000003862219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b528f6aca286e902021-12-22 11:50:45.445root 11241100x80000000000000003862220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75e1e96c3b45e582021-12-22 11:50:45.445root 11241100x80000000000000003862221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ff3300b1a71ff62021-12-22 11:50:45.943root 11241100x80000000000000003862222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd9a7d70c0adb8a2021-12-22 11:50:45.943root 11241100x80000000000000003862223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5b70ac2083175d2021-12-22 11:50:45.943root 11241100x80000000000000003862224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169133c813ec4f822021-12-22 11:50:45.943root 11241100x80000000000000003862225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c135ea1c220a36a72021-12-22 11:50:45.943root 11241100x80000000000000003862226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9220c460448350212021-12-22 11:50:45.944root 11241100x80000000000000003862227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ba2ec0b0490c452021-12-22 11:50:45.944root 11241100x80000000000000003862228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60914699612d47d32021-12-22 11:50:45.944root 11241100x80000000000000003862229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543c2cc1006c0a6e2021-12-22 11:50:45.944root 11241100x80000000000000003862230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b202d6de4671e62021-12-22 11:50:45.944root 11241100x80000000000000003862231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77137913b99728552021-12-22 11:50:45.944root 11241100x80000000000000003862232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8100916c4b816d2021-12-22 11:50:45.944root 11241100x80000000000000003862233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f773c436ea95b09e2021-12-22 11:50:45.944root 11241100x80000000000000003862234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30bedc69f5c0b9312021-12-22 11:50:45.944root 11241100x80000000000000003862235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1e9f87b3d06b7d2021-12-22 11:50:45.944root 11241100x80000000000000003862236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906aa5ff463140fe2021-12-22 11:50:45.944root 11241100x80000000000000003862237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417b04bd604cbb442021-12-22 11:50:45.944root 11241100x80000000000000003862238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85db13a5e7c03bac2021-12-22 11:50:45.944root 11241100x80000000000000003862239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b918e107c540bf52021-12-22 11:50:45.944root 11241100x80000000000000003862240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5e532e43a959ae2021-12-22 11:50:45.944root 11241100x80000000000000003862241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb5dc689ffe223b2021-12-22 11:50:45.945root 11241100x80000000000000003862242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6496a983a9ae9622021-12-22 11:50:45.945root 11241100x80000000000000003862243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307d53ef2908b1042021-12-22 11:50:45.945root 11241100x80000000000000003862244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e9072e597d9ea22021-12-22 11:50:45.945root 11241100x80000000000000003862245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90721400163b3edb2021-12-22 11:50:45.945root 11241100x80000000000000003862246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c15ef7d13391a02021-12-22 11:50:45.945root 11241100x80000000000000003862247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0c42b0fcec95ba2021-12-22 11:50:45.945root 11241100x80000000000000003862248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a178f69534fb3a42021-12-22 11:50:45.945root 11241100x80000000000000003862249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0a9640a530d8062021-12-22 11:50:45.945root 11241100x80000000000000003862250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c558ac9e51cd62922021-12-22 11:50:46.443root 11241100x80000000000000003862251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ed285ab7af85762021-12-22 11:50:46.443root 11241100x80000000000000003862252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4229c09628cb4212021-12-22 11:50:46.444root 11241100x80000000000000003862253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9f150e27c218202021-12-22 11:50:46.444root 11241100x80000000000000003862254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d08de35d8a2ad92021-12-22 11:50:46.444root 11241100x80000000000000003862255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214847449d52c9ea2021-12-22 11:50:46.444root 11241100x80000000000000003862256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f35e3ffc4c86152021-12-22 11:50:46.444root 11241100x80000000000000003862257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f27347901934d842021-12-22 11:50:46.444root 11241100x80000000000000003862258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3013bd357572ee242021-12-22 11:50:46.445root 11241100x80000000000000003862259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8e28e5fc9a7ff12021-12-22 11:50:46.445root 11241100x80000000000000003862260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afaefa6eb8fa00702021-12-22 11:50:46.445root 11241100x80000000000000003862261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39bffd533566d5882021-12-22 11:50:46.445root 11241100x80000000000000003862262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569bfdcc19dfffbe2021-12-22 11:50:46.445root 11241100x80000000000000003862263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87779d7cb4d0a6442021-12-22 11:50:46.445root 11241100x80000000000000003862264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd910536f0d2b732021-12-22 11:50:46.445root 11241100x80000000000000003862265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0732051907f26d2021-12-22 11:50:46.445root 11241100x80000000000000003862266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788de873da715a022021-12-22 11:50:46.446root 11241100x80000000000000003862267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4590c0d37cd23f2021-12-22 11:50:46.446root 11241100x80000000000000003862268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711b8d96ac7b3f322021-12-22 11:50:46.446root 11241100x80000000000000003862269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe017e65c61b846d2021-12-22 11:50:46.446root 11241100x80000000000000003862270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472523d6840d3b702021-12-22 11:50:46.447root 11241100x80000000000000003862271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180adc7184f6648e2021-12-22 11:50:46.447root 11241100x80000000000000003862272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2529aa7b74a942de2021-12-22 11:50:46.447root 11241100x80000000000000003862273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673626a886e4b1bd2021-12-22 11:50:46.448root 11241100x80000000000000003862274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1fac714b5ceec9f2021-12-22 11:50:46.448root 11241100x80000000000000003862275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75c0bb8bb4879ec2021-12-22 11:50:46.448root 11241100x80000000000000003862276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa8f52493f8bb9a2021-12-22 11:50:46.448root 11241100x80000000000000003862277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bc4f05f09e47362021-12-22 11:50:46.448root 11241100x80000000000000003862278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0db4c7fe17ca5042021-12-22 11:50:46.448root 11241100x80000000000000003862279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17786ddd40e2fc4d2021-12-22 11:50:46.943root 11241100x80000000000000003862280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8980bc0c06aec72021-12-22 11:50:46.943root 11241100x80000000000000003862281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4af7b0317a073b2021-12-22 11:50:46.943root 11241100x80000000000000003862282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e3d93198046d9b2021-12-22 11:50:46.943root 11241100x80000000000000003862283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade9cbcf0d4d20942021-12-22 11:50:46.943root 11241100x80000000000000003862284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f75e3accbcf9372021-12-22 11:50:46.943root 11241100x80000000000000003862285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492d0470156af6742021-12-22 11:50:46.944root 11241100x80000000000000003862286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6c723c063ba4c02021-12-22 11:50:46.944root 11241100x80000000000000003862287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af9d14c32fac1c32021-12-22 11:50:46.944root 11241100x80000000000000003862288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d218398d66d57b92021-12-22 11:50:46.944root 11241100x80000000000000003862289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de69c813156e01c2021-12-22 11:50:46.944root 11241100x80000000000000003862290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f105cb485ca3842021-12-22 11:50:46.944root 11241100x80000000000000003862291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b3c8bbb67f18382021-12-22 11:50:46.944root 11241100x80000000000000003862292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5823100e4540c3b2021-12-22 11:50:46.944root 11241100x80000000000000003862293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9dcbaad483f3a512021-12-22 11:50:46.944root 11241100x80000000000000003862294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3eb6f2903ecd772021-12-22 11:50:46.944root 11241100x80000000000000003862295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8d9fd3ff0c3c192021-12-22 11:50:46.945root 11241100x80000000000000003862296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fae850c10ceb1ed2021-12-22 11:50:46.945root 11241100x80000000000000003862297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc08fefb16f4879a2021-12-22 11:50:46.945root 11241100x80000000000000003862298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463b744d5490ba782021-12-22 11:50:46.945root 11241100x80000000000000003862299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7de9752c82c40082021-12-22 11:50:46.945root 11241100x80000000000000003862300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86dd03b4805778b2021-12-22 11:50:46.945root 11241100x80000000000000003862301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cca4e872ec34ba52021-12-22 11:50:46.945root 11241100x80000000000000003862302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3027dfcc24ff55752021-12-22 11:50:46.945root 11241100x80000000000000003862303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e38991b3a6b4c02021-12-22 11:50:46.945root 11241100x80000000000000003862304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f398e2d379fa1b2021-12-22 11:50:46.945root 11241100x80000000000000003862305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca44e4b60c0c09c2021-12-22 11:50:46.946root 11241100x80000000000000003862306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44424121a49c19c42021-12-22 11:50:46.946root 11241100x80000000000000003862307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbdbdb48393cc4732021-12-22 11:50:46.946root 11241100x80000000000000003862308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210eaa982f6046c12021-12-22 11:50:46.946root 11241100x80000000000000003862309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71b9eaecb4daf7e2021-12-22 11:50:46.946root 11241100x80000000000000003862310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b710ebf872bb9fc2021-12-22 11:50:47.443root 11241100x80000000000000003862311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8befa665ffbc8b72021-12-22 11:50:47.443root 11241100x80000000000000003862312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9af145331caf4f2021-12-22 11:50:47.443root 11241100x80000000000000003862313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299633569d3004df2021-12-22 11:50:47.443root 11241100x80000000000000003862314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a686e934ada2b7f42021-12-22 11:50:47.443root 11241100x80000000000000003862315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d5400dad9f24b42021-12-22 11:50:47.443root 11241100x80000000000000003862316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759e4b171acacb722021-12-22 11:50:47.444root 11241100x80000000000000003862317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87dd4af0940d8d42021-12-22 11:50:47.444root 11241100x80000000000000003862318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18217437c82cd17b2021-12-22 11:50:47.444root 11241100x80000000000000003862319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96b5ca99d1d7a2d2021-12-22 11:50:47.444root 11241100x80000000000000003862320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3039e5270ff8762021-12-22 11:50:47.444root 11241100x80000000000000003862321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7d1ef3ca0fbc7b2021-12-22 11:50:47.444root 11241100x80000000000000003862322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d763be06e6dd2132021-12-22 11:50:47.444root 11241100x80000000000000003862323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c25765928518752021-12-22 11:50:47.444root 11241100x80000000000000003862324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51775e41f705b0102021-12-22 11:50:47.444root 11241100x80000000000000003862325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f1feab97b719e02021-12-22 11:50:47.444root 11241100x80000000000000003862326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e1b461d2c5f44b2021-12-22 11:50:47.445root 11241100x80000000000000003862327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8721518fd5a39802021-12-22 11:50:47.445root 11241100x80000000000000003862328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236a5842be4603372021-12-22 11:50:47.445root 11241100x80000000000000003862329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2ae9fd5904f6282021-12-22 11:50:47.445root 11241100x80000000000000003862330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e445102f7c7bd442021-12-22 11:50:47.445root 11241100x80000000000000003862331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277e1f7efb8c9ed02021-12-22 11:50:47.445root 11241100x80000000000000003862332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf31a3abb65987902021-12-22 11:50:47.445root 11241100x80000000000000003862333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a45848c2f2904e52021-12-22 11:50:47.445root 11241100x80000000000000003862334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9342c8a438a0784a2021-12-22 11:50:47.445root 11241100x80000000000000003862335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a51e3e8442dbad2021-12-22 11:50:47.445root 11241100x80000000000000003862336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2d8141233496a22021-12-22 11:50:47.446root 11241100x80000000000000003862337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e313f0ce4a2da42021-12-22 11:50:47.446root 11241100x80000000000000003862338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4449acc5920c708f2021-12-22 11:50:47.446root 11241100x80000000000000003862339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eabaa6d2c64e9252021-12-22 11:50:47.446root 11241100x80000000000000003862340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cd48b4ecd044322021-12-22 11:50:47.446root 11241100x80000000000000003862341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166cdc9d230b57de2021-12-22 11:50:47.943root 11241100x80000000000000003862342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c835fdd4ed3baa9a2021-12-22 11:50:47.943root 11241100x80000000000000003862343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c642fc8b4a1ed7322021-12-22 11:50:47.943root 11241100x80000000000000003862344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edefa07dedb8377e2021-12-22 11:50:47.943root 11241100x80000000000000003862345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3110b777d7ea7b2021-12-22 11:50:47.943root 11241100x80000000000000003862346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad46a8395592ca92021-12-22 11:50:47.944root 11241100x80000000000000003862347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b3ebdb38b63e3f2021-12-22 11:50:47.944root 11241100x80000000000000003862348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59f2c6cb114536a2021-12-22 11:50:47.944root 11241100x80000000000000003862349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26902c72634527ce2021-12-22 11:50:47.944root 11241100x80000000000000003862350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df63fe06b15eacc12021-12-22 11:50:47.944root 11241100x80000000000000003862351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7651a2d58ba116e02021-12-22 11:50:47.944root 11241100x80000000000000003862352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f6813e97ebfba32021-12-22 11:50:47.944root 11241100x80000000000000003862353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca12b0c5f1a93df2021-12-22 11:50:47.944root 11241100x80000000000000003862354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44c912fdee5b8d42021-12-22 11:50:47.944root 11241100x80000000000000003862355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8494c50747161a2021-12-22 11:50:47.944root 11241100x80000000000000003862356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a79df49864a4002021-12-22 11:50:47.944root 11241100x80000000000000003862357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a05c9c49da613212021-12-22 11:50:47.944root 11241100x80000000000000003862358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ab8d1e1a7646e12021-12-22 11:50:47.944root 11241100x80000000000000003862359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62d9a06e216ad622021-12-22 11:50:47.944root 11241100x80000000000000003862360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81cd12a74d66ae9e2021-12-22 11:50:47.945root 11241100x80000000000000003862361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c14def13d52b1a2021-12-22 11:50:47.945root 11241100x80000000000000003862362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3ffd7ab4466fd02021-12-22 11:50:47.945root 11241100x80000000000000003862363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e323fd1a64e212d62021-12-22 11:50:47.945root 11241100x80000000000000003862364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc9e0f7323ae9aa2021-12-22 11:50:47.945root 11241100x80000000000000003862365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1397c5e3c4620a12021-12-22 11:50:47.945root 11241100x80000000000000003862366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8443b7ff295a17472021-12-22 11:50:47.945root 11241100x80000000000000003862367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19f4e751666d9132021-12-22 11:50:47.945root 11241100x80000000000000003862368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ebd7b9c29cc2742021-12-22 11:50:47.945root 11241100x80000000000000003862369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584cce873b1e4aa52021-12-22 11:50:47.945root 11241100x80000000000000003862370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34e5265ef5d2f162021-12-22 11:50:48.443root 11241100x80000000000000003862371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35864069e48043d82021-12-22 11:50:48.443root 11241100x80000000000000003862372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76582c3d246df8ed2021-12-22 11:50:48.443root 11241100x80000000000000003862373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2eb286fe11f87e02021-12-22 11:50:48.443root 11241100x80000000000000003862374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c7c700435a9b272021-12-22 11:50:48.444root 11241100x80000000000000003862375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e05f9c49b768f9f2021-12-22 11:50:48.444root 11241100x80000000000000003862376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940fef652e4a6c2d2021-12-22 11:50:48.444root 11241100x80000000000000003862377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5667deae30bd10452021-12-22 11:50:48.444root 11241100x80000000000000003862378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b96d75bef6a2f52021-12-22 11:50:48.444root 11241100x80000000000000003862379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6597e7915e12e7bb2021-12-22 11:50:48.444root 11241100x80000000000000003862380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648e7249b1a9832a2021-12-22 11:50:48.444root 11241100x80000000000000003862381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d859081dc65ffb2f2021-12-22 11:50:48.444root 11241100x80000000000000003862382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d57dc74c6f08f7e2021-12-22 11:50:48.444root 11241100x80000000000000003862383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7d7b013ffd19632021-12-22 11:50:48.444root 11241100x80000000000000003862384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fbcfc2952f563c2021-12-22 11:50:48.444root 11241100x80000000000000003862385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647ada191617a52d2021-12-22 11:50:48.444root 11241100x80000000000000003862386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa6a256c9b755982021-12-22 11:50:48.444root 11241100x80000000000000003862387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cea3df2c9d2fb242021-12-22 11:50:48.445root 11241100x80000000000000003862388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d45745cfa67aac82021-12-22 11:50:48.445root 11241100x80000000000000003862389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6cdd57891bd16382021-12-22 11:50:48.445root 11241100x80000000000000003862390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fefd044570da91362021-12-22 11:50:48.445root 11241100x80000000000000003862391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967bbbf2fa11b2272021-12-22 11:50:48.445root 11241100x80000000000000003862392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c03cf5dd0fcb0832021-12-22 11:50:48.445root 11241100x80000000000000003862393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4337521155e9d82c2021-12-22 11:50:48.445root 11241100x80000000000000003862394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8c6ef413bb01eb2021-12-22 11:50:48.445root 11241100x80000000000000003862395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77de8528ceda121a2021-12-22 11:50:48.445root 11241100x80000000000000003862396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7b4c28e64292892021-12-22 11:50:48.445root 11241100x80000000000000003862397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f99571efa38a8f42021-12-22 11:50:48.445root 11241100x80000000000000003862398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99336e7ad46667732021-12-22 11:50:48.445root 11241100x80000000000000003862399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468f84cc0c711b572021-12-22 11:50:48.943root 11241100x80000000000000003862400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01874ee272efbba82021-12-22 11:50:48.943root 11241100x80000000000000003862401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b54f580a331c8f2021-12-22 11:50:48.943root 11241100x80000000000000003862402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7603375aee6743572021-12-22 11:50:48.943root 11241100x80000000000000003862403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50763ce9f6c13a92021-12-22 11:50:48.943root 11241100x80000000000000003862404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d197b4e1bc2edbd2021-12-22 11:50:48.943root 11241100x80000000000000003862405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b822a0b4a6fd39b2021-12-22 11:50:48.943root 11241100x80000000000000003862406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc26a25405e8c052021-12-22 11:50:48.943root 11241100x80000000000000003862407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583492de814ceb4b2021-12-22 11:50:48.943root 11241100x80000000000000003862408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0c59b9da6e30d62021-12-22 11:50:48.944root 11241100x80000000000000003862409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da1b260b39f54b72021-12-22 11:50:48.944root 11241100x80000000000000003862410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7241088e0ac9f63a2021-12-22 11:50:48.944root 11241100x80000000000000003862411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c580c0d6cf15ac12021-12-22 11:50:48.944root 11241100x80000000000000003862412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea68591eadae8a742021-12-22 11:50:48.944root 11241100x80000000000000003862413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9386678422f993cd2021-12-22 11:50:48.944root 11241100x80000000000000003862414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2374554733d71b2021-12-22 11:50:48.944root 11241100x80000000000000003862415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3caa8d015ef5d82021-12-22 11:50:48.944root 11241100x80000000000000003862416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7c1d7c40cf9c162021-12-22 11:50:48.944root 11241100x80000000000000003862417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e4a27cbf7eaf2b2021-12-22 11:50:48.944root 11241100x80000000000000003862418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6525be623d26342021-12-22 11:50:48.945root 11241100x80000000000000003862419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baabbee7cab7022c2021-12-22 11:50:48.945root 11241100x80000000000000003862420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d76a647c84ab3f2021-12-22 11:50:48.945root 11241100x80000000000000003862421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb2883c8d9d1c0c2021-12-22 11:50:48.945root 11241100x80000000000000003862422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1c1872b2a5061a2021-12-22 11:50:48.945root 11241100x80000000000000003862423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f24ea10d656c3ed2021-12-22 11:50:48.945root 11241100x80000000000000003862424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299e4b5dc19921372021-12-22 11:50:48.945root 11241100x80000000000000003862425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd5a69a5003a4992021-12-22 11:50:48.945root 11241100x80000000000000003862426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6efe6d0e025b5432021-12-22 11:50:48.945root 11241100x80000000000000003862427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102b0e562846c6222021-12-22 11:50:48.945root 11241100x80000000000000003862428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112637a53bb1ae652021-12-22 11:50:48.946root 11241100x80000000000000003862429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3881cfbbb767d5722021-12-22 11:50:48.946root 11241100x80000000000000003862430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49576897fcfbc2882021-12-22 11:50:48.946root 11241100x80000000000000003862431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3046808612925ec62021-12-22 11:50:49.443root 11241100x80000000000000003862432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7398054165b79b6f2021-12-22 11:50:49.443root 11241100x80000000000000003862433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052c6aeec83f1e682021-12-22 11:50:49.443root 11241100x80000000000000003862434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d486f99851debd702021-12-22 11:50:49.443root 11241100x80000000000000003862435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b3c14a074771022021-12-22 11:50:49.443root 11241100x80000000000000003862436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f812a21a3711d822021-12-22 11:50:49.443root 11241100x80000000000000003862437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc946b684cbbece2021-12-22 11:50:49.443root 11241100x80000000000000003862438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332f7814126641422021-12-22 11:50:49.443root 11241100x80000000000000003862439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10eae4e407b7f5e52021-12-22 11:50:49.443root 11241100x80000000000000003862440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2748f7af703a91f2021-12-22 11:50:49.444root 11241100x80000000000000003862441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03f8d68fdb242f12021-12-22 11:50:49.444root 11241100x80000000000000003862442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63bf4d7bddab4a42021-12-22 11:50:49.444root 11241100x80000000000000003862443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018b4c4f96250f8c2021-12-22 11:50:49.444root 11241100x80000000000000003862444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e045b694ab92742021-12-22 11:50:49.444root 11241100x80000000000000003862445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b696ae6707eac5fc2021-12-22 11:50:49.444root 11241100x80000000000000003862446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e8680dd7c7e1bc2021-12-22 11:50:49.444root 11241100x80000000000000003862447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104008ae04e85ab52021-12-22 11:50:49.444root 11241100x80000000000000003862448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc861288743a9b92021-12-22 11:50:49.444root 11241100x80000000000000003862449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ad1e7adda313782021-12-22 11:50:49.444root 11241100x80000000000000003862450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45432815535a106a2021-12-22 11:50:49.444root 11241100x80000000000000003862451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e1306b0ab48ce82021-12-22 11:50:49.445root 11241100x80000000000000003862452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05de30cdfbdd47342021-12-22 11:50:49.445root 11241100x80000000000000003862453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2157e9862b262b5b2021-12-22 11:50:49.445root 11241100x80000000000000003862454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1904b0f2c2a8d502021-12-22 11:50:49.445root 11241100x80000000000000003862455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae05595b67952f352021-12-22 11:50:49.445root 11241100x80000000000000003862456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b582c916a60f0a22021-12-22 11:50:49.445root 11241100x80000000000000003862457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d1eba18255058d2021-12-22 11:50:49.446root 11241100x80000000000000003862458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7fe180e17bf7142021-12-22 11:50:49.446root 11241100x80000000000000003862459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6a45aec8c245092021-12-22 11:50:49.446root 11241100x80000000000000003862460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6adbcafb50850a12021-12-22 11:50:49.447root 11241100x80000000000000003862461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760fd04720305fb62021-12-22 11:50:49.447root 11241100x80000000000000003862462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a18132a883254152021-12-22 11:50:49.943root 11241100x80000000000000003862463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fca193de43403f42021-12-22 11:50:49.943root 11241100x80000000000000003862464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1e86234d19b3592021-12-22 11:50:49.943root 11241100x80000000000000003862465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecb1c2f1c038ab72021-12-22 11:50:49.943root 11241100x80000000000000003862466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f76ad7f314e7382021-12-22 11:50:49.943root 11241100x80000000000000003862467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1fe1b96aeb60f42021-12-22 11:50:49.944root 11241100x80000000000000003862468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8023f3d11f680bb2021-12-22 11:50:49.944root 11241100x80000000000000003862469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08cbc922cd34f4fd2021-12-22 11:50:49.944root 11241100x80000000000000003862470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9331d7c6130b682021-12-22 11:50:49.944root 11241100x80000000000000003862471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf4486097b248e72021-12-22 11:50:49.944root 11241100x80000000000000003862472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec0715931b1b9542021-12-22 11:50:49.944root 11241100x80000000000000003862473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25edfa8a3eaa6ec32021-12-22 11:50:49.944root 11241100x80000000000000003862474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0ddcc2142e00562021-12-22 11:50:49.944root 11241100x80000000000000003862475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ab59f15e576a972021-12-22 11:50:49.944root 11241100x80000000000000003862476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e2973c55b1534a2021-12-22 11:50:49.944root 11241100x80000000000000003862477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5d3b0f3552c6e72021-12-22 11:50:49.944root 11241100x80000000000000003862478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc16dc28ee03d1a2021-12-22 11:50:49.944root 11241100x80000000000000003862479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2b078643efa83c2021-12-22 11:50:49.944root 11241100x80000000000000003862480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904e79749d7d304b2021-12-22 11:50:49.944root 11241100x80000000000000003862481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a10010dec0145662021-12-22 11:50:49.944root 11241100x80000000000000003862482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7dd734030067bdc2021-12-22 11:50:49.944root 11241100x80000000000000003862483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d06076cee209b502021-12-22 11:50:49.945root 11241100x80000000000000003862484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28799892556d0632021-12-22 11:50:49.945root 11241100x80000000000000003862485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15e40532708f74d2021-12-22 11:50:49.945root 11241100x80000000000000003862486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffcc6911cee474232021-12-22 11:50:49.945root 11241100x80000000000000003862487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978898e43ba0925a2021-12-22 11:50:49.945root 11241100x80000000000000003862488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf28710a7e051a62021-12-22 11:50:49.945root 11241100x80000000000000003862489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e0639297ecaf282021-12-22 11:50:49.945root 11241100x80000000000000003862490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d73af32dadbc352021-12-22 11:50:49.945root 11241100x80000000000000003862491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bffe17d8fd5a745d2021-12-22 11:50:49.945root 11241100x80000000000000003862492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306723d3a95e90642021-12-22 11:50:49.945root 11241100x80000000000000003862493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce70ba4fdab86732021-12-22 11:50:49.946root 11241100x80000000000000003862494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d5347127e203c32021-12-22 11:50:49.946root 11241100x80000000000000003862495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8931a0e47d626972021-12-22 11:50:49.946root 11241100x80000000000000003862496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748429337c3ec9b32021-12-22 11:50:49.946root 11241100x80000000000000003862497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d0fc0c7bb924302021-12-22 11:50:49.946root 11241100x80000000000000003862498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9169c8988e6e9aca2021-12-22 11:50:49.946root 11241100x80000000000000003862499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed823dfb1825896f2021-12-22 11:50:49.946root 11241100x80000000000000003862500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31cfae8f1bcb8192021-12-22 11:50:49.946root 11241100x80000000000000003862501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c10d65df9a66042021-12-22 11:50:49.946root 11241100x80000000000000003862502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c734d56d708a096e2021-12-22 11:50:49.946root 11241100x80000000000000003862503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740273741c5e284a2021-12-22 11:50:49.946root 11241100x80000000000000003862504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb93386ad1fd5bf22021-12-22 11:50:49.946root 11241100x80000000000000003862505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0e27906e9f08d12021-12-22 11:50:49.946root 11241100x80000000000000003862506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656412d29690fe0d2021-12-22 11:50:49.946root 354300x80000000000000003862507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.184{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55538-false10.0.1.12-8000- 11241100x80000000000000003862508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3adbab3a09fd255d2021-12-22 11:50:50.443root 11241100x80000000000000003862509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb70a3568e659e312021-12-22 11:50:50.443root 11241100x80000000000000003862510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcb8fc22692a25f2021-12-22 11:50:50.443root 11241100x80000000000000003862511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de9deb9e2fc504a2021-12-22 11:50:50.443root 11241100x80000000000000003862512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e881e49c8cfbc9dd2021-12-22 11:50:50.443root 11241100x80000000000000003862513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa4ac9884cfbd842021-12-22 11:50:50.443root 11241100x80000000000000003862514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabcbd8b083bc9182021-12-22 11:50:50.444root 11241100x80000000000000003862515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5aac8cccbff2e142021-12-22 11:50:50.444root 11241100x80000000000000003862516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bfc76503ff2c4ba2021-12-22 11:50:50.444root 11241100x80000000000000003862517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f972ad995d1e0b42021-12-22 11:50:50.444root 11241100x80000000000000003862518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7552226f157e432021-12-22 11:50:50.444root 11241100x80000000000000003862519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c42bd40e6cf1b082021-12-22 11:50:50.444root 11241100x80000000000000003862520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5eb6978b24d03c2021-12-22 11:50:50.444root 11241100x80000000000000003862521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6d47aa2c7759f02021-12-22 11:50:50.444root 11241100x80000000000000003862522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8802146cf8758e302021-12-22 11:50:50.444root 11241100x80000000000000003862523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d175b47c28e2cc652021-12-22 11:50:50.445root 11241100x80000000000000003862524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93d7f5e47a14ad72021-12-22 11:50:50.445root 11241100x80000000000000003862525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1534f47f1c49cff02021-12-22 11:50:50.445root 11241100x80000000000000003862526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195b32cfdfadd4b62021-12-22 11:50:50.445root 11241100x80000000000000003862527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3103ee975d0e9eec2021-12-22 11:50:50.445root 11241100x80000000000000003862528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a032e88bbf6f05342021-12-22 11:50:50.445root 11241100x80000000000000003862529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d5dc11d948b53b2021-12-22 11:50:50.445root 11241100x80000000000000003862530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6481602fee2e73b2021-12-22 11:50:50.445root 11241100x80000000000000003862531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ab9c659652d30a2021-12-22 11:50:50.445root 11241100x80000000000000003862532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f2dfee1e75512f2021-12-22 11:50:50.445root 11241100x80000000000000003862533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d46647c60d9e1f2021-12-22 11:50:50.446root 11241100x80000000000000003862534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992fc5cd8b75034b2021-12-22 11:50:50.446root 11241100x80000000000000003862535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b52cfcae2c4ed242021-12-22 11:50:50.446root 11241100x80000000000000003862536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04f04f4c9730c552021-12-22 11:50:50.446root 11241100x80000000000000003862537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80847c3888c6ff272021-12-22 11:50:50.446root 11241100x80000000000000003862538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f384384d0115cba2021-12-22 11:50:50.943root 11241100x80000000000000003862539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971499d8cb9b722f2021-12-22 11:50:50.943root 11241100x80000000000000003862540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31168e3c8bfc87212021-12-22 11:50:50.944root 11241100x80000000000000003862541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e82bb48dc045542021-12-22 11:50:50.944root 11241100x80000000000000003862542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4d8d43f764bb692021-12-22 11:50:50.944root 11241100x80000000000000003862543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4da89bfcf6df0d2021-12-22 11:50:50.944root 11241100x80000000000000003862544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef81bf1d1e730f0b2021-12-22 11:50:50.944root 11241100x80000000000000003862545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349bf049f19437dd2021-12-22 11:50:50.945root 11241100x80000000000000003862546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087ef640297561832021-12-22 11:50:50.945root 11241100x80000000000000003862547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255852f1a2f632212021-12-22 11:50:50.945root 11241100x80000000000000003862548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9dd5f06227aa902021-12-22 11:50:50.945root 11241100x80000000000000003862549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19f38c8e437e1242021-12-22 11:50:50.945root 11241100x80000000000000003862550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f02b5a7bffe7362021-12-22 11:50:50.945root 11241100x80000000000000003862551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb5c0a1fb61d8b62021-12-22 11:50:50.945root 11241100x80000000000000003862552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748b7fdba8441f742021-12-22 11:50:50.945root 11241100x80000000000000003862553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d548c9584a59e88a2021-12-22 11:50:50.945root 11241100x80000000000000003862554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c27975ecd4459f2021-12-22 11:50:50.945root 11241100x80000000000000003862555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42ed0535981c69c2021-12-22 11:50:50.946root 11241100x80000000000000003862556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4652acc864e531cf2021-12-22 11:50:50.946root 11241100x80000000000000003862557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a58989fd4091ad2021-12-22 11:50:50.946root 11241100x80000000000000003862558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbf979ae30ddd032021-12-22 11:50:50.946root 11241100x80000000000000003862559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f90dff15bb237462021-12-22 11:50:50.946root 11241100x80000000000000003862560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5eb9711a749ad82021-12-22 11:50:50.946root 11241100x80000000000000003862561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e601209e9cb7222021-12-22 11:50:50.946root 11241100x80000000000000003862562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea66910221e0df312021-12-22 11:50:50.947root 11241100x80000000000000003862563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be25f1ce9e4d5a942021-12-22 11:50:50.947root 11241100x80000000000000003862564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6efad194d9105c0f2021-12-22 11:50:50.947root 11241100x80000000000000003862565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e5365dd84ca75d2021-12-22 11:50:50.947root 11241100x80000000000000003862566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f3c889d424259c2021-12-22 11:50:50.947root 11241100x80000000000000003862567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:50.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375c0bce198b748b2021-12-22 11:50:50.948root 11241100x80000000000000003862568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d324a102931d5a2021-12-22 11:50:51.443root 11241100x80000000000000003862569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595810a75e6531492021-12-22 11:50:51.443root 11241100x80000000000000003862570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfab53badddb575e2021-12-22 11:50:51.444root 11241100x80000000000000003862571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81a3dff18cefd932021-12-22 11:50:51.444root 11241100x80000000000000003862572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e312a2df0f3d5f2021-12-22 11:50:51.444root 11241100x80000000000000003862573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e844ebd9c22965a92021-12-22 11:50:51.444root 11241100x80000000000000003862574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50641c89cf930332021-12-22 11:50:51.444root 11241100x80000000000000003862575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af63bd04c4d06bb2021-12-22 11:50:51.444root 11241100x80000000000000003862576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22be6ad405b593a62021-12-22 11:50:51.445root 11241100x80000000000000003862577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6af303df27e47012021-12-22 11:50:51.445root 11241100x80000000000000003862578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d5d101b38615e62021-12-22 11:50:51.445root 11241100x80000000000000003862579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121c722e20064b292021-12-22 11:50:51.445root 11241100x80000000000000003862580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afd89edbf565d632021-12-22 11:50:51.445root 11241100x80000000000000003862581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518763a84b7e6b8d2021-12-22 11:50:51.445root 11241100x80000000000000003862582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8374527801d4982021-12-22 11:50:51.445root 11241100x80000000000000003862583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc7e9cd5a173c522021-12-22 11:50:51.446root 11241100x80000000000000003862584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc858668cb12fa02021-12-22 11:50:51.446root 11241100x80000000000000003862585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9215e954e98ea292021-12-22 11:50:51.446root 11241100x80000000000000003862586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d44d8604a8b0ef1a2021-12-22 11:50:51.446root 11241100x80000000000000003862587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ffa7975bd3cefd02021-12-22 11:50:51.446root 11241100x80000000000000003862588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c960479753f43b2021-12-22 11:50:51.446root 11241100x80000000000000003862589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b106550958fb4c82021-12-22 11:50:51.446root 11241100x80000000000000003862590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320efbee50aba8152021-12-22 11:50:51.447root 11241100x80000000000000003862591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62aef9d3e0d885c2021-12-22 11:50:51.447root 11241100x80000000000000003862592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82de026a7dc18e052021-12-22 11:50:51.447root 11241100x80000000000000003862593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76bdb2b10eb3837f2021-12-22 11:50:51.447root 11241100x80000000000000003862594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097aba8f91812b9b2021-12-22 11:50:51.447root 11241100x80000000000000003862595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8cd625500927e3a2021-12-22 11:50:51.448root 11241100x80000000000000003862596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d41397afa0e1ce2021-12-22 11:50:51.448root 11241100x80000000000000003862597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602e7dfb21498f162021-12-22 11:50:51.448root 11241100x80000000000000003862598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9efb9c0c3e609d42021-12-22 11:50:51.943root 11241100x80000000000000003862599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2556246e2398f3612021-12-22 11:50:51.943root 11241100x80000000000000003862600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b377e813e9bc8d2021-12-22 11:50:51.943root 11241100x80000000000000003862601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d38694d62d406092021-12-22 11:50:51.943root 11241100x80000000000000003862602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77354c89a51bb81e2021-12-22 11:50:51.944root 11241100x80000000000000003862603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a78c105ad26ff92021-12-22 11:50:51.944root 11241100x80000000000000003862604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a2f0f0023964232021-12-22 11:50:51.944root 11241100x80000000000000003862605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd227e22ae429d692021-12-22 11:50:51.944root 11241100x80000000000000003862606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8913796b51b9772021-12-22 11:50:51.944root 11241100x80000000000000003862607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c70acc5257077172021-12-22 11:50:51.944root 11241100x80000000000000003862608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1555cffce624711c2021-12-22 11:50:51.944root 11241100x80000000000000003862609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc37db613f21481a2021-12-22 11:50:51.945root 11241100x80000000000000003862610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f73da836e4cb0a2021-12-22 11:50:51.945root 11241100x80000000000000003862611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266131bc2cfe0b692021-12-22 11:50:51.945root 11241100x80000000000000003862612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded827be971a5bd42021-12-22 11:50:51.945root 11241100x80000000000000003862613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358769c39e0af9a12021-12-22 11:50:51.945root 11241100x80000000000000003862614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b89bc663a97aee02021-12-22 11:50:51.945root 11241100x80000000000000003862615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54166af6995b14742021-12-22 11:50:51.945root 11241100x80000000000000003862616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ca577efb3de01e2021-12-22 11:50:51.945root 11241100x80000000000000003862617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0f33fec592f5a82021-12-22 11:50:51.945root 11241100x80000000000000003862618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86660f0c1d106d52021-12-22 11:50:51.946root 11241100x80000000000000003862619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0d3ce358b0aeea2021-12-22 11:50:51.946root 11241100x80000000000000003862620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b252f91790563ff02021-12-22 11:50:51.946root 11241100x80000000000000003862621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e78dc04f6fa4332021-12-22 11:50:51.946root 11241100x80000000000000003862622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77cb5baab51b96592021-12-22 11:50:51.946root 11241100x80000000000000003862623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01752c8f046a4fde2021-12-22 11:50:51.946root 11241100x80000000000000003862624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7011411054ba7642021-12-22 11:50:51.946root 11241100x80000000000000003862625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8e6696972e24982021-12-22 11:50:51.946root 11241100x80000000000000003862626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0e182ae6e381a12021-12-22 11:50:51.947root 11241100x80000000000000003862627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69a373365ad32732021-12-22 11:50:51.947root 11241100x80000000000000003862628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8910625b03041ab82021-12-22 11:50:52.443root 11241100x80000000000000003862629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa8680b46ba4ccc2021-12-22 11:50:52.443root 11241100x80000000000000003862630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde2551e8487dbe32021-12-22 11:50:52.444root 11241100x80000000000000003862631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2964d3dc9d46c92021-12-22 11:50:52.444root 11241100x80000000000000003862632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90933f22079d32cb2021-12-22 11:50:52.444root 11241100x80000000000000003862633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a38d04f36245932021-12-22 11:50:52.444root 11241100x80000000000000003862634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a143085a033fff42021-12-22 11:50:52.445root 11241100x80000000000000003862635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e67e3a5f342b9e02021-12-22 11:50:52.445root 11241100x80000000000000003862636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea331f168490ca4a2021-12-22 11:50:52.445root 11241100x80000000000000003862637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7ca14389ace91f2021-12-22 11:50:52.445root 11241100x80000000000000003862638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62796fc9fe2bc1542021-12-22 11:50:52.446root 11241100x80000000000000003862639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428f52dcec2c831c2021-12-22 11:50:52.446root 11241100x80000000000000003862640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ff2d07c0cfee522021-12-22 11:50:52.446root 11241100x80000000000000003862641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c20cf7d6f587af2021-12-22 11:50:52.446root 11241100x80000000000000003862642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577c2cbf5349661f2021-12-22 11:50:52.446root 11241100x80000000000000003862643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0520cc9bd2b598d32021-12-22 11:50:52.446root 11241100x80000000000000003862644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e677bb83d86b508b2021-12-22 11:50:52.447root 11241100x80000000000000003862645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632601ddddbd01972021-12-22 11:50:52.447root 11241100x80000000000000003862646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30da441e7cf63d82021-12-22 11:50:52.447root 11241100x80000000000000003862647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce178f425923d522021-12-22 11:50:52.447root 11241100x80000000000000003862648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6410152c7e6b85122021-12-22 11:50:52.448root 11241100x80000000000000003862649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39364a82059b6702021-12-22 11:50:52.448root 11241100x80000000000000003862650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2388a90c48c40f2021-12-22 11:50:52.448root 11241100x80000000000000003862651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf95442e47dddcbb2021-12-22 11:50:52.448root 11241100x80000000000000003862652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f403127a9d2f472021-12-22 11:50:52.448root 11241100x80000000000000003862653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b820e94823db4b32021-12-22 11:50:52.448root 11241100x80000000000000003862654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3735500001c986cc2021-12-22 11:50:52.448root 11241100x80000000000000003862655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b202460e327dee2021-12-22 11:50:52.448root 11241100x80000000000000003862656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4bd23590c5144d52021-12-22 11:50:52.448root 11241100x80000000000000003862657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b150d15a48523292021-12-22 11:50:52.449root 11241100x80000000000000003862658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df2dc8dc1bc04062021-12-22 11:50:52.449root 11241100x80000000000000003862659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee52c3f1699bd712021-12-22 11:50:52.449root 11241100x80000000000000003862660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456cc5f6427db61e2021-12-22 11:50:52.943root 11241100x80000000000000003862661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264acc127c3c2d972021-12-22 11:50:52.943root 11241100x80000000000000003862662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e084e9101832d62021-12-22 11:50:52.943root 11241100x80000000000000003862663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a83c918f19df772021-12-22 11:50:52.943root 11241100x80000000000000003862664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e748f28fc6e321d2021-12-22 11:50:52.944root 11241100x80000000000000003862665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc755abb0e4120d2021-12-22 11:50:52.944root 11241100x80000000000000003862666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411101835cb5bb9c2021-12-22 11:50:52.944root 11241100x80000000000000003862667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cfd36f07440d472021-12-22 11:50:52.944root 11241100x80000000000000003862668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52863556a6cf1e412021-12-22 11:50:52.944root 11241100x80000000000000003862669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5dfbf625d743822021-12-22 11:50:52.944root 11241100x80000000000000003862670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a80654de7af25922021-12-22 11:50:52.944root 11241100x80000000000000003862671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e11b9bd2462d322021-12-22 11:50:52.944root 11241100x80000000000000003862672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc55c2596d479322021-12-22 11:50:52.944root 11241100x80000000000000003862673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f52f3e2efc1ab362021-12-22 11:50:52.944root 11241100x80000000000000003862674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e896f9a3871b6a2021-12-22 11:50:52.944root 11241100x80000000000000003862675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90e1407ef8376252021-12-22 11:50:52.944root 11241100x80000000000000003862676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4440449d4b2bc4102021-12-22 11:50:52.944root 11241100x80000000000000003862677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a965eaa4d1db2ce2021-12-22 11:50:52.944root 11241100x80000000000000003862678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a10cd3471e20c922021-12-22 11:50:52.944root 11241100x80000000000000003862679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a5b2f232c953f762021-12-22 11:50:52.944root 11241100x80000000000000003862680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb515843026493762021-12-22 11:50:52.945root 11241100x80000000000000003862681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf6c67c22b1b35e2021-12-22 11:50:52.945root 11241100x80000000000000003862682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4fbc784c4d56bc92021-12-22 11:50:52.945root 11241100x80000000000000003862683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc5826d4b490d462021-12-22 11:50:52.945root 11241100x80000000000000003862684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d5421266bf707f2021-12-22 11:50:52.945root 11241100x80000000000000003862685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d98c9ffa64af03a2021-12-22 11:50:52.945root 11241100x80000000000000003862686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4d6015f21b9adf2021-12-22 11:50:52.945root 11241100x80000000000000003862687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d01d3d6212ffc2c2021-12-22 11:50:52.945root 11241100x80000000000000003862688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0b8f165d4fed972021-12-22 11:50:52.945root 11241100x80000000000000003862689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad6774a9fefe1fe2021-12-22 11:50:52.945root 11241100x80000000000000003862690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f444838281677b7c2021-12-22 11:50:53.443root 11241100x80000000000000003862691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05930aa2eaba5fa2021-12-22 11:50:53.443root 11241100x80000000000000003862692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e271e2a0327938492021-12-22 11:50:53.443root 11241100x80000000000000003862693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30683835af020d122021-12-22 11:50:53.443root 11241100x80000000000000003862694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33689796f2dc0d3e2021-12-22 11:50:53.444root 11241100x80000000000000003862695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bd8054ff9fbfff2021-12-22 11:50:53.444root 11241100x80000000000000003862696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4482470eff8ef492021-12-22 11:50:53.444root 11241100x80000000000000003862697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c286bea6109eaa2021-12-22 11:50:53.444root 11241100x80000000000000003862698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6273a71e7395099a2021-12-22 11:50:53.444root 11241100x80000000000000003862699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d154a6ecf11e0a972021-12-22 11:50:53.444root 11241100x80000000000000003862700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef52025acc2e5892021-12-22 11:50:53.444root 11241100x80000000000000003862701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ee2b3466c1a8352021-12-22 11:50:53.444root 11241100x80000000000000003862702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9554dae2351860ec2021-12-22 11:50:53.444root 11241100x80000000000000003862703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9d842a411438b32021-12-22 11:50:53.445root 11241100x80000000000000003862704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e765d36ebb8399f32021-12-22 11:50:53.445root 11241100x80000000000000003862705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38af4a1ac7b42d702021-12-22 11:50:53.445root 11241100x80000000000000003862706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d72da1cf141b0f2021-12-22 11:50:53.445root 11241100x80000000000000003862707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3c3f0346fe70272021-12-22 11:50:53.445root 11241100x80000000000000003862708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16048aa86e721f692021-12-22 11:50:53.445root 11241100x80000000000000003862709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3162a492e74a412021-12-22 11:50:53.445root 11241100x80000000000000003862710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa089550e08c79082021-12-22 11:50:53.445root 11241100x80000000000000003862711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f1d5f8fe2e82c12021-12-22 11:50:53.445root 11241100x80000000000000003862712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419c321bf44fc1892021-12-22 11:50:53.446root 11241100x80000000000000003862713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222333635f28b8ba2021-12-22 11:50:53.446root 11241100x80000000000000003862714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f277bcfeb01f57e2021-12-22 11:50:53.446root 11241100x80000000000000003862715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee5a3057bd5b6ee2021-12-22 11:50:53.446root 11241100x80000000000000003862716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea90b3f514da21e42021-12-22 11:50:53.446root 11241100x80000000000000003862717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaef5256395e715e2021-12-22 11:50:53.446root 11241100x80000000000000003862718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5a8dfd9c0bfd802021-12-22 11:50:53.446root 11241100x80000000000000003862719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2771bc55c5d6a02021-12-22 11:50:53.446root 11241100x80000000000000003862720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40e6794845478952021-12-22 11:50:53.943root 11241100x80000000000000003862721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3a45f4f1bd91cc2021-12-22 11:50:53.943root 11241100x80000000000000003862722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c45ec9e4c141c32021-12-22 11:50:53.943root 11241100x80000000000000003862723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bdc6b9e518f18062021-12-22 11:50:53.943root 11241100x80000000000000003862724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50114405688871022021-12-22 11:50:53.943root 11241100x80000000000000003862725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac0c991e399009a2021-12-22 11:50:53.943root 11241100x80000000000000003862726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0684f00cb4b9c5742021-12-22 11:50:53.944root 11241100x80000000000000003862727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271880d6878395f22021-12-22 11:50:53.944root 11241100x80000000000000003862728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00022e2c66bb39b32021-12-22 11:50:53.944root 11241100x80000000000000003862729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810dad996ddb10d92021-12-22 11:50:53.944root 11241100x80000000000000003862730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8087e35b24ea1f02021-12-22 11:50:53.944root 11241100x80000000000000003862731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d777ca0cc6a7672021-12-22 11:50:53.944root 11241100x80000000000000003862732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ec79c5b6a36adb2021-12-22 11:50:53.944root 11241100x80000000000000003862733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d731db11636ed542021-12-22 11:50:53.944root 11241100x80000000000000003862734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b324636771f1892021-12-22 11:50:53.944root 11241100x80000000000000003862735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709c7f3d751ff49a2021-12-22 11:50:53.945root 11241100x80000000000000003862736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff241954798d42752021-12-22 11:50:53.945root 11241100x80000000000000003862737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094d0197e44cdc6e2021-12-22 11:50:53.945root 11241100x80000000000000003862738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90afc95b699f808f2021-12-22 11:50:53.945root 11241100x80000000000000003862739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a385453222dad7e32021-12-22 11:50:53.945root 11241100x80000000000000003862740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05871016491a91342021-12-22 11:50:53.945root 11241100x80000000000000003862741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7251c93304c758622021-12-22 11:50:53.945root 11241100x80000000000000003862742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3be565e43c2a2692021-12-22 11:50:53.945root 11241100x80000000000000003862743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe43ce493b70c2da2021-12-22 11:50:53.945root 11241100x80000000000000003862744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e375197b23ddd5122021-12-22 11:50:53.945root 11241100x80000000000000003862745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8912484072ae0f2021-12-22 11:50:53.946root 11241100x80000000000000003862746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8cd05dbb45b6722021-12-22 11:50:53.946root 11241100x80000000000000003862747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb9e8653ba1f4df2021-12-22 11:50:53.946root 11241100x80000000000000003862748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a47e5f86926a1ea2021-12-22 11:50:53.946root 11241100x80000000000000003862749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a324e707d6c08efe2021-12-22 11:50:53.946root 11241100x80000000000000003862750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00263e2d2d055e82021-12-22 11:50:53.946root 11241100x80000000000000003862751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803b0fcf0e009beb2021-12-22 11:50:53.946root 11241100x80000000000000003862752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186f6f1884aab35e2021-12-22 11:50:53.946root 11241100x80000000000000003862753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f88328cd99fb18e2021-12-22 11:50:53.947root 11241100x80000000000000003862754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf1618b27e69d9f2021-12-22 11:50:53.947root 11241100x80000000000000003862755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901645de838d673e2021-12-22 11:50:54.442root 11241100x80000000000000003862756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50874300afacaac32021-12-22 11:50:54.443root 11241100x80000000000000003862757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b963a7015071042021-12-22 11:50:54.443root 11241100x80000000000000003862758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac87b5c28c18f682021-12-22 11:50:54.443root 11241100x80000000000000003862759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4c71b571248e942021-12-22 11:50:54.443root 11241100x80000000000000003862760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45871b63fc30f8ff2021-12-22 11:50:54.443root 11241100x80000000000000003862761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f266c74088fdc42021-12-22 11:50:54.443root 11241100x80000000000000003862762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ce6ad37ca2effb2021-12-22 11:50:54.443root 11241100x80000000000000003862763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a5083465a0e7792021-12-22 11:50:54.443root 11241100x80000000000000003862764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af813ca1dea75302021-12-22 11:50:54.444root 11241100x80000000000000003862765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1846a64201bfacb72021-12-22 11:50:54.444root 11241100x80000000000000003862766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396b12b3d192c0352021-12-22 11:50:54.444root 11241100x80000000000000003862767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2aecce968ede3312021-12-22 11:50:54.444root 11241100x80000000000000003862768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a27c7d173fe52882021-12-22 11:50:54.444root 11241100x80000000000000003862769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4464be64d5da48932021-12-22 11:50:54.444root 11241100x80000000000000003862770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e7a8a2431912352021-12-22 11:50:54.444root 11241100x80000000000000003862771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e548f234d7895dfb2021-12-22 11:50:54.444root 11241100x80000000000000003862772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c846725842c3e02021-12-22 11:50:54.444root 11241100x80000000000000003862773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f61390eaef31af2021-12-22 11:50:54.445root 11241100x80000000000000003862774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3eb9ef0578b4b82021-12-22 11:50:54.445root 11241100x80000000000000003862775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80c126acfbaf3b42021-12-22 11:50:54.445root 11241100x80000000000000003862776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36b00fda2416b782021-12-22 11:50:54.445root 11241100x80000000000000003862777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23076746aa19a4072021-12-22 11:50:54.446root 11241100x80000000000000003862778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24344de051f6551f2021-12-22 11:50:54.446root 11241100x80000000000000003862779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a779351ebc370a862021-12-22 11:50:54.446root 11241100x80000000000000003862780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b0340a6df1a9e62021-12-22 11:50:54.446root 11241100x80000000000000003862781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6529b60fe197252021-12-22 11:50:54.446root 11241100x80000000000000003862782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee9dd176a1038b72021-12-22 11:50:54.446root 11241100x80000000000000003862783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5fbe99a5bcce5f82021-12-22 11:50:54.446root 11241100x80000000000000003862784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e56c2f0b69ac9022021-12-22 11:50:54.446root 11241100x80000000000000003862785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a3160695a476562021-12-22 11:50:54.446root 11241100x80000000000000003862786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402fa3071105e95a2021-12-22 11:50:54.447root 11241100x80000000000000003862787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef11a71df30252772021-12-22 11:50:54.447root 11241100x80000000000000003862788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a525ba739818e8d2021-12-22 11:50:54.447root 11241100x80000000000000003862789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc776923b8c0a042021-12-22 11:50:54.447root 11241100x80000000000000003862790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e114bdf21e8a0f92021-12-22 11:50:54.447root 11241100x80000000000000003862791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9276dab98a68c5d32021-12-22 11:50:54.448root 11241100x80000000000000003862792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d027d9df5d196d72021-12-22 11:50:54.448root 11241100x80000000000000003862793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f3aa95bf43e5c92021-12-22 11:50:54.448root 11241100x80000000000000003862794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9af2a501cd37272021-12-22 11:50:54.448root 11241100x80000000000000003862795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f08e679a118e51c2021-12-22 11:50:54.449root 11241100x80000000000000003862796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612219bf3d04c3192021-12-22 11:50:54.449root 11241100x80000000000000003862797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55133f8f88d7a6162021-12-22 11:50:54.943root 11241100x80000000000000003862798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9720c82acc8a74f72021-12-22 11:50:54.943root 11241100x80000000000000003862799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9040cb25b186d08c2021-12-22 11:50:54.943root 11241100x80000000000000003862800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b1fdd5652ed13c2021-12-22 11:50:54.943root 11241100x80000000000000003862801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2bd7b53acc402f42021-12-22 11:50:54.944root 11241100x80000000000000003862802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f0420f697e4eef2021-12-22 11:50:54.944root 11241100x80000000000000003862803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266e5bc02210db032021-12-22 11:50:54.944root 11241100x80000000000000003862804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb26ec8f56ef0c6e2021-12-22 11:50:54.944root 11241100x80000000000000003862805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea900a10c8dcef12021-12-22 11:50:54.944root 11241100x80000000000000003862806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d148c51280c8f942021-12-22 11:50:54.944root 11241100x80000000000000003862807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53e671c8a9b21922021-12-22 11:50:54.944root 11241100x80000000000000003862808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a5c00c6ec4270c2021-12-22 11:50:54.944root 11241100x80000000000000003862809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd13571cfdd5a1d2021-12-22 11:50:54.944root 11241100x80000000000000003862810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca1eadcae509b372021-12-22 11:50:54.944root 11241100x80000000000000003862811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d096fd31432ed5c2021-12-22 11:50:54.944root 11241100x80000000000000003862812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e340735c5b265e0b2021-12-22 11:50:54.944root 11241100x80000000000000003862813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db05258d02afbdc42021-12-22 11:50:54.944root 11241100x80000000000000003862814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580a717516f84f702021-12-22 11:50:54.944root 11241100x80000000000000003862815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9277cd4e4fb6b92021-12-22 11:50:54.944root 11241100x80000000000000003862816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6fe47ab01ea6522021-12-22 11:50:54.945root 11241100x80000000000000003862817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48804b92e6b85b762021-12-22 11:50:54.945root 11241100x80000000000000003862818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701524a20a6eff282021-12-22 11:50:54.945root 11241100x80000000000000003862819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ac302c2d92aafe2021-12-22 11:50:54.945root 11241100x80000000000000003862820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74650077d63e89362021-12-22 11:50:54.945root 11241100x80000000000000003862821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e85700966096e3a2021-12-22 11:50:54.945root 11241100x80000000000000003862822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0993127e3115212a2021-12-22 11:50:54.945root 11241100x80000000000000003862823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cebc761ae15e6b092021-12-22 11:50:54.945root 11241100x80000000000000003862824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54355188d39e81bd2021-12-22 11:50:54.945root 11241100x80000000000000003862825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e25f59579692e032021-12-22 11:50:54.945root 11241100x80000000000000003862826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9da91b0329d72722021-12-22 11:50:54.945root 11241100x80000000000000003862827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751aa98fd193e5ed2021-12-22 11:50:55.442root 11241100x80000000000000003862828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05154683ccf8bfd82021-12-22 11:50:55.443root 11241100x80000000000000003862829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08368f7467067e7f2021-12-22 11:50:55.443root 11241100x80000000000000003862830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5496895fc6c48d612021-12-22 11:50:55.444root 11241100x80000000000000003862831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f41c9040d8acbb2021-12-22 11:50:55.444root 11241100x80000000000000003862832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c175cf339ae4db432021-12-22 11:50:55.444root 11241100x80000000000000003862833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72dfbc867453e3962021-12-22 11:50:55.445root 11241100x80000000000000003862834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5896f7dbe144bb4d2021-12-22 11:50:55.445root 11241100x80000000000000003862835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07efc2c615d32d32021-12-22 11:50:55.445root 11241100x80000000000000003862836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da53c4c1b295a17d2021-12-22 11:50:55.446root 11241100x80000000000000003862837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0465fae6047126f2021-12-22 11:50:55.446root 11241100x80000000000000003862838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2739c6dae1864cb82021-12-22 11:50:55.446root 11241100x80000000000000003862839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c384027261e85212021-12-22 11:50:55.446root 11241100x80000000000000003862840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd49083026860b802021-12-22 11:50:55.446root 11241100x80000000000000003862841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b014ba2b6d6d8ca2021-12-22 11:50:55.446root 11241100x80000000000000003862842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83c56c88b5c65932021-12-22 11:50:55.447root 11241100x80000000000000003862843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7098a1107c47acc2021-12-22 11:50:55.447root 11241100x80000000000000003862844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28011f6171db97a2021-12-22 11:50:55.447root 11241100x80000000000000003862845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0889dd8bce146c32021-12-22 11:50:55.447root 11241100x80000000000000003862846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3269d417f38a652021-12-22 11:50:55.447root 11241100x80000000000000003862847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5e970aedfb4f092021-12-22 11:50:55.447root 11241100x80000000000000003862848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64199ee4c08b98d02021-12-22 11:50:55.447root 11241100x80000000000000003862849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0886f0511a96ea652021-12-22 11:50:55.447root 11241100x80000000000000003862850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3b03ba4e0a0ccd2021-12-22 11:50:55.448root 11241100x80000000000000003862851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd3fe52476712f602021-12-22 11:50:55.448root 11241100x80000000000000003862852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d826fc52dd8c10402021-12-22 11:50:55.448root 11241100x80000000000000003862853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44295ac7e6bbd462021-12-22 11:50:55.448root 11241100x80000000000000003862854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaccf70d52eb26772021-12-22 11:50:55.448root 11241100x80000000000000003862855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2919f16ad26cb4ad2021-12-22 11:50:55.448root 11241100x80000000000000003862856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e76aed32e5608d2021-12-22 11:50:55.448root 11241100x80000000000000003862857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d096d21d51942fa52021-12-22 11:50:55.448root 11241100x80000000000000003862858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73304e7c30a06412021-12-22 11:50:55.448root 11241100x80000000000000003862859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64099a92839504552021-12-22 11:50:55.448root 11241100x80000000000000003862860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d596db8e88612f2021-12-22 11:50:55.943root 11241100x80000000000000003862861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9879581bfb64a93b2021-12-22 11:50:55.943root 11241100x80000000000000003862862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66708a2dab084452021-12-22 11:50:55.943root 11241100x80000000000000003862863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286afb0f3754da5a2021-12-22 11:50:55.943root 11241100x80000000000000003862864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c948ab5fe66ea62021-12-22 11:50:55.944root 11241100x80000000000000003862865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8595e22f63c5452021-12-22 11:50:55.944root 11241100x80000000000000003862866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0beb48d098f08f92021-12-22 11:50:55.944root 11241100x80000000000000003862867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f066cf255a3fcd8d2021-12-22 11:50:55.944root 11241100x80000000000000003862868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6471b207a8fe3c6c2021-12-22 11:50:55.944root 11241100x80000000000000003862869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86703e9d4e02aaf82021-12-22 11:50:55.944root 11241100x80000000000000003862870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d08f5332e9d3972021-12-22 11:50:55.944root 11241100x80000000000000003862871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4759902af04e1f0b2021-12-22 11:50:55.944root 11241100x80000000000000003862872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d79f016f27d33fe2021-12-22 11:50:55.944root 11241100x80000000000000003862873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e3b404b651d7532021-12-22 11:50:55.944root 11241100x80000000000000003862874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd388794e713ce12021-12-22 11:50:55.944root 11241100x80000000000000003862875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8555feb955c487e22021-12-22 11:50:55.944root 11241100x80000000000000003862876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6034c827a6bcab2021-12-22 11:50:55.944root 11241100x80000000000000003862877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa960ab98eebf662021-12-22 11:50:55.944root 11241100x80000000000000003862878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5fdd4b4055d3fa2021-12-22 11:50:55.944root 11241100x80000000000000003862879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57decd87c65cac7c2021-12-22 11:50:55.945root 11241100x80000000000000003862880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bafff7ec32581df12021-12-22 11:50:55.945root 11241100x80000000000000003862881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d970380b08480c2021-12-22 11:50:55.945root 11241100x80000000000000003862882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca511baad18d6802021-12-22 11:50:55.945root 11241100x80000000000000003862883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b59290da1d27742021-12-22 11:50:55.945root 11241100x80000000000000003862884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fee7e0e17b69b3d2021-12-22 11:50:55.945root 11241100x80000000000000003862885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dcf4da997ffc3a12021-12-22 11:50:55.945root 11241100x80000000000000003862886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6163fc79e1107a9d2021-12-22 11:50:55.945root 11241100x80000000000000003862887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04748d22ff21956f2021-12-22 11:50:55.945root 11241100x80000000000000003862888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b3e5bc0e09a2902021-12-22 11:50:55.945root 11241100x80000000000000003862889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63aac0151ca80e92021-12-22 11:50:55.945root 354300x80000000000000003862890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.183{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55540-false10.0.1.12-8000- 11241100x80000000000000003862891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821a8e46638ad4252021-12-22 11:50:56.443root 11241100x80000000000000003862892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c18cfc3c4190142021-12-22 11:50:56.443root 11241100x80000000000000003862893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528bd95d650e5d232021-12-22 11:50:56.443root 11241100x80000000000000003862894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51dbf6b2bb09a45d2021-12-22 11:50:56.443root 11241100x80000000000000003862895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40d78740d7e2d252021-12-22 11:50:56.444root 11241100x80000000000000003862896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79a5719f13a3d2e2021-12-22 11:50:56.444root 11241100x80000000000000003862897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ed53102033ed162021-12-22 11:50:56.444root 11241100x80000000000000003862898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d966ed701ea65ba82021-12-22 11:50:56.444root 11241100x80000000000000003862899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10f1c982ab28bf22021-12-22 11:50:56.444root 11241100x80000000000000003862900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d078724ccf23a62021-12-22 11:50:56.444root 11241100x80000000000000003862901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19a64abc8382c782021-12-22 11:50:56.444root 11241100x80000000000000003862902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ecca5f9536d8672021-12-22 11:50:56.444root 11241100x80000000000000003862903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59eb15b68b9348c12021-12-22 11:50:56.444root 11241100x80000000000000003862904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22da6895b9e5a4c2021-12-22 11:50:56.444root 11241100x80000000000000003862905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a5bff5919733692021-12-22 11:50:56.444root 11241100x80000000000000003862906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f45cf753b4c9192021-12-22 11:50:56.444root 11241100x80000000000000003862907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c2766d155630682021-12-22 11:50:56.444root 11241100x80000000000000003862908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56b4b15365cd8172021-12-22 11:50:56.444root 11241100x80000000000000003862909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49609a77298ad5862021-12-22 11:50:56.444root 11241100x80000000000000003862910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79db35c24ae65ebe2021-12-22 11:50:56.444root 11241100x80000000000000003862911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99a6e7b410729c62021-12-22 11:50:56.445root 11241100x80000000000000003862912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4989e7d300b1a562021-12-22 11:50:56.445root 11241100x80000000000000003862913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2299d3cd76435c82021-12-22 11:50:56.445root 11241100x80000000000000003862914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33bf9d03961f660f2021-12-22 11:50:56.445root 11241100x80000000000000003862915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c564e2e3779124422021-12-22 11:50:56.445root 11241100x80000000000000003862916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8051eed318285b7a2021-12-22 11:50:56.445root 11241100x80000000000000003862917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e336a542ff67a5792021-12-22 11:50:56.445root 11241100x80000000000000003862918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efab8a1f64fb64142021-12-22 11:50:56.445root 11241100x80000000000000003862919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c09adc47e8e9a292021-12-22 11:50:56.445root 11241100x80000000000000003862920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2f89b02ea612552021-12-22 11:50:56.445root 11241100x80000000000000003862921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a2e99a2d9d29ff2021-12-22 11:50:56.445root 11241100x80000000000000003862922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf9950036baee5b2021-12-22 11:50:56.943root 11241100x80000000000000003862923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e450148a103d61252021-12-22 11:50:56.943root 11241100x80000000000000003862924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30e88437b93ac212021-12-22 11:50:56.943root 11241100x80000000000000003862925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21be9d3ef9e51f92021-12-22 11:50:56.943root 11241100x80000000000000003862926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17862f77ee7626922021-12-22 11:50:56.944root 11241100x80000000000000003862927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1993d85ffa612faa2021-12-22 11:50:56.944root 11241100x80000000000000003862928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf06b02d1f176f802021-12-22 11:50:56.944root 11241100x80000000000000003862929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b8f51e070ecaf02021-12-22 11:50:56.944root 11241100x80000000000000003862930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047b8b68da10ff282021-12-22 11:50:56.944root 11241100x80000000000000003862931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a690be5618f74bc2021-12-22 11:50:56.944root 11241100x80000000000000003862932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51c199466f454012021-12-22 11:50:56.944root 11241100x80000000000000003862933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d80de8265266e02021-12-22 11:50:56.944root 11241100x80000000000000003862934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f097766651472b72021-12-22 11:50:56.944root 11241100x80000000000000003862935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53700ea712a03ca2021-12-22 11:50:56.944root 11241100x80000000000000003862936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03baaa3bfba83d0c2021-12-22 11:50:56.944root 11241100x80000000000000003862937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17de79b4145f81632021-12-22 11:50:56.944root 11241100x80000000000000003862938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84fd7c6eeaa6cf52021-12-22 11:50:56.944root 11241100x80000000000000003862939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c174cf6ba84aba2021-12-22 11:50:56.944root 11241100x80000000000000003862940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f10b42bbe6255132021-12-22 11:50:56.944root 11241100x80000000000000003862941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b886a60ea0a813a2021-12-22 11:50:56.944root 11241100x80000000000000003862942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22a5cf7355f4cee2021-12-22 11:50:56.945root 11241100x80000000000000003862943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4719e36fccc46a2021-12-22 11:50:56.945root 11241100x80000000000000003862944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7544170762eb4c2021-12-22 11:50:56.945root 11241100x80000000000000003862945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5958c89b10a7db362021-12-22 11:50:56.945root 11241100x80000000000000003862946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8b20ba150c2afa2021-12-22 11:50:56.945root 11241100x80000000000000003862947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8e75e2cf9629782021-12-22 11:50:56.945root 11241100x80000000000000003862948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b23d808c2d999002021-12-22 11:50:56.945root 11241100x80000000000000003862949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39d0c27662365512021-12-22 11:50:56.945root 11241100x80000000000000003862950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5ab8ab64a0aff92021-12-22 11:50:56.945root 11241100x80000000000000003862951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a9f29b8a791aff2021-12-22 11:50:56.945root 11241100x80000000000000003862952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6a0ebb25ccd7742021-12-22 11:50:56.945root 11241100x80000000000000003862953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7153079e20d78e592021-12-22 11:50:57.443root 11241100x80000000000000003862954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f2a00bc68539a92021-12-22 11:50:57.443root 11241100x80000000000000003862955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f738b392f7dc5c2021-12-22 11:50:57.443root 11241100x80000000000000003862956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab73e51c78583d12021-12-22 11:50:57.443root 11241100x80000000000000003862957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0a0e34ce659da62021-12-22 11:50:57.444root 11241100x80000000000000003862958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a813ba70a7718d2021-12-22 11:50:57.444root 11241100x80000000000000003862959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973660c6c18b576e2021-12-22 11:50:57.444root 11241100x80000000000000003862960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399fd035deee71bc2021-12-22 11:50:57.444root 11241100x80000000000000003862961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a931da7edadc93b2021-12-22 11:50:57.444root 11241100x80000000000000003862962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547350200342b89c2021-12-22 11:50:57.444root 11241100x80000000000000003862963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c61fd07f0404ff2021-12-22 11:50:57.444root 11241100x80000000000000003862964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a520947203b6c582021-12-22 11:50:57.444root 11241100x80000000000000003862965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1d51c4708b7ca52021-12-22 11:50:57.444root 11241100x80000000000000003862966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed09c82bf68b77b2021-12-22 11:50:57.445root 11241100x80000000000000003862967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ef0d52d23e7d2e2021-12-22 11:50:57.445root 11241100x80000000000000003862968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99afc24ca4ea5652021-12-22 11:50:57.445root 11241100x80000000000000003862969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922d1e5a7afeb27e2021-12-22 11:50:57.445root 11241100x80000000000000003862970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9dd119e5fd78cf2021-12-22 11:50:57.445root 11241100x80000000000000003862971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea6c831187c26ad2021-12-22 11:50:57.445root 11241100x80000000000000003862972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf0d3589214c3b272021-12-22 11:50:57.445root 11241100x80000000000000003862973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f6cf54f23ff79f2021-12-22 11:50:57.445root 11241100x80000000000000003862974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e13a2f220bb4cf332021-12-22 11:50:57.446root 11241100x80000000000000003862975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2cdb4eca9585052021-12-22 11:50:57.446root 11241100x80000000000000003862976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f7999b881af0742021-12-22 11:50:57.446root 11241100x80000000000000003862977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644e6741bc50dd182021-12-22 11:50:57.446root 11241100x80000000000000003862978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303ac5bc89a14e7a2021-12-22 11:50:57.446root 11241100x80000000000000003862979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b3f2c3f42797a12021-12-22 11:50:57.446root 11241100x80000000000000003862980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a2e402de26b3e72021-12-22 11:50:57.446root 11241100x80000000000000003862981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef43181532cdbdb32021-12-22 11:50:57.446root 11241100x80000000000000003862982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e930d2eb9857ea8d2021-12-22 11:50:57.446root 11241100x80000000000000003862983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5925e0e937ee9f2021-12-22 11:50:57.446root 11241100x80000000000000003862984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48d29571cf10d432021-12-22 11:50:57.943root 11241100x80000000000000003862985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a6cf4ff163c8cf2021-12-22 11:50:57.943root 11241100x80000000000000003862986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f6e1a54bf045952021-12-22 11:50:57.943root 11241100x80000000000000003862987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c899ab5e20c0832021-12-22 11:50:57.943root 11241100x80000000000000003862988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05f9faad9a9c1482021-12-22 11:50:57.944root 11241100x80000000000000003862989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0837fa9b85ceed2021-12-22 11:50:57.944root 11241100x80000000000000003862990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0aae2cb139dac42021-12-22 11:50:57.944root 11241100x80000000000000003862991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b25a689e0e20532021-12-22 11:50:57.944root 11241100x80000000000000003862992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c13885a3e8dcaf02021-12-22 11:50:57.944root 11241100x80000000000000003862993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9e54da45138a6d2021-12-22 11:50:57.944root 11241100x80000000000000003862994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c596d9c632ac64f2021-12-22 11:50:57.944root 11241100x80000000000000003862995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6eba7cadc3bd2f2021-12-22 11:50:57.944root 11241100x80000000000000003862996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f117ee2786658402021-12-22 11:50:57.944root 11241100x80000000000000003862997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafcdb582e39cc9b2021-12-22 11:50:57.944root 11241100x80000000000000003862998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7242d3eae10b6bab2021-12-22 11:50:57.944root 11241100x80000000000000003862999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9a2a1c23839c122021-12-22 11:50:57.944root 11241100x80000000000000003863000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760c11bf6d60202f2021-12-22 11:50:57.944root 11241100x80000000000000003863001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066807c92c96208d2021-12-22 11:50:57.944root 11241100x80000000000000003863002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54832cd846db34fe2021-12-22 11:50:57.944root 11241100x80000000000000003863003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170dbecaa6082da22021-12-22 11:50:57.944root 11241100x80000000000000003863004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04a42c870372c662021-12-22 11:50:57.945root 11241100x80000000000000003863005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1d0f4cecd4177f2021-12-22 11:50:57.945root 11241100x80000000000000003863006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542ec73f56df1d112021-12-22 11:50:57.945root 11241100x80000000000000003863007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2cdd5855f4c673a2021-12-22 11:50:57.945root 11241100x80000000000000003863008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9c676ef8de7f972021-12-22 11:50:57.945root 11241100x80000000000000003863009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370a24318062756b2021-12-22 11:50:57.945root 11241100x80000000000000003863010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e8dc9da7e03f122021-12-22 11:50:57.945root 11241100x80000000000000003863011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05184408db2a7b632021-12-22 11:50:57.945root 11241100x80000000000000003863012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb1dd526a8d9df02021-12-22 11:50:57.945root 11241100x80000000000000003863013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.359a95e0930c54e52021-12-22 11:50:57.945root 11241100x80000000000000003863014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881e85536c97ace22021-12-22 11:50:57.945root 11241100x80000000000000003863015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f361f3b9c41a7c702021-12-22 11:50:58.444root 11241100x80000000000000003863016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad30e284c5cbca32021-12-22 11:50:58.444root 11241100x80000000000000003863017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b30f709546880162021-12-22 11:50:58.444root 11241100x80000000000000003863018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71f8b97cc66b2b92021-12-22 11:50:58.444root 11241100x80000000000000003863019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a7e398e821240a2021-12-22 11:50:58.444root 11241100x80000000000000003863020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a8105ba24e98382021-12-22 11:50:58.444root 11241100x80000000000000003863021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb21546c73cc76c62021-12-22 11:50:58.444root 11241100x80000000000000003863022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da3a999d05234552021-12-22 11:50:58.444root 11241100x80000000000000003863023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4db1b16796c6a32021-12-22 11:50:58.444root 11241100x80000000000000003863024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac86f5609ccc64652021-12-22 11:50:58.444root 11241100x80000000000000003863025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffab2c6359f1ef82021-12-22 11:50:58.444root 11241100x80000000000000003863026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e421dfda62be7b2021-12-22 11:50:58.445root 11241100x80000000000000003863027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798c0e17c29c0d8e2021-12-22 11:50:58.445root 11241100x80000000000000003863028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c6c2d42c1d31d62021-12-22 11:50:58.446root 11241100x80000000000000003863029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004e72aaabeda48b2021-12-22 11:50:58.446root 11241100x80000000000000003863030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e82cb5e5c040a362021-12-22 11:50:58.446root 11241100x80000000000000003863031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076a0af3851ef8c32021-12-22 11:50:58.446root 11241100x80000000000000003863032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873c14d3873d8d332021-12-22 11:50:58.446root 11241100x80000000000000003863033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7663877e77a2d5442021-12-22 11:50:58.446root 11241100x80000000000000003863034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646e6e5e924b12ae2021-12-22 11:50:58.446root 11241100x80000000000000003863035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072de791788fcae82021-12-22 11:50:58.446root 11241100x80000000000000003863036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288c9f5d7eb749992021-12-22 11:50:58.446root 11241100x80000000000000003863037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99eccbb3f383088d2021-12-22 11:50:58.446root 11241100x80000000000000003863038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e05dac00668d602021-12-22 11:50:58.446root 11241100x80000000000000003863039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00bd2440a85e0d52021-12-22 11:50:58.446root 11241100x80000000000000003863040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1df53e3cc1ba912021-12-22 11:50:58.446root 11241100x80000000000000003863041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c245bffd0acef41f2021-12-22 11:50:58.446root 11241100x80000000000000003863042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905a19a76fc4fc6a2021-12-22 11:50:58.446root 11241100x80000000000000003863043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78cf244ba2910ef42021-12-22 11:50:58.446root 11241100x80000000000000003863044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89bec4d6c5eb9ef2021-12-22 11:50:58.447root 11241100x80000000000000003863045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849a7d43e3f6d1f52021-12-22 11:50:58.447root 11241100x80000000000000003863046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2321bb073ab0aafd2021-12-22 11:50:58.943root 11241100x80000000000000003863047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9725614420237932021-12-22 11:50:58.943root 11241100x80000000000000003863048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb01796358ea7f1d2021-12-22 11:50:58.943root 11241100x80000000000000003863049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9e34bf4ae1e28f2021-12-22 11:50:58.943root 11241100x80000000000000003863050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8530ebe36a5882f92021-12-22 11:50:58.944root 11241100x80000000000000003863051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a7107b35066a422021-12-22 11:50:58.944root 11241100x80000000000000003863052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a819fb670e25292021-12-22 11:50:58.944root 11241100x80000000000000003863053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff4a17e34fc88d62021-12-22 11:50:58.944root 11241100x80000000000000003863054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac47ac66c061bcc2021-12-22 11:50:58.944root 11241100x80000000000000003863055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4545689f944eba332021-12-22 11:50:58.944root 11241100x80000000000000003863056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef2a140b6c5b7252021-12-22 11:50:58.944root 11241100x80000000000000003863057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593e613ff7f162ac2021-12-22 11:50:58.944root 11241100x80000000000000003863058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86674e82300802f62021-12-22 11:50:58.944root 11241100x80000000000000003863059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75d62a0729cf38c2021-12-22 11:50:58.944root 11241100x80000000000000003863060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47216baba94a448d2021-12-22 11:50:58.944root 11241100x80000000000000003863061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863d9efb4f4aa04d2021-12-22 11:50:58.945root 11241100x80000000000000003863062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0948f3505aba2c7d2021-12-22 11:50:58.945root 11241100x80000000000000003863063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf638710a8775b92021-12-22 11:50:58.945root 11241100x80000000000000003863064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22af6ddaeb8d7f32021-12-22 11:50:58.945root 11241100x80000000000000003863065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627bd26288f77f1b2021-12-22 11:50:58.945root 11241100x80000000000000003863066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b085c0cdf481b6772021-12-22 11:50:58.946root 11241100x80000000000000003863067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487129b86000dc532021-12-22 11:50:58.946root 11241100x80000000000000003863068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f0e9480e99e59f2021-12-22 11:50:58.946root 11241100x80000000000000003863069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7d34730bff73e32021-12-22 11:50:58.947root 11241100x80000000000000003863070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb31cf86bdda97952021-12-22 11:50:58.947root 534500x80000000000000003863071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.947{ec2b6afe-9233-61c1-c81a-006eee550000}19115-ubuntu 11241100x80000000000000003863072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff486ba3cca3ee062021-12-22 11:50:58.947root 11241100x80000000000000003863073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b70a79aaf54f492021-12-22 11:50:58.948root 11241100x80000000000000003863074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e26cdb40954450f2021-12-22 11:50:58.948root 11241100x80000000000000003863075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a019065675ba12942021-12-22 11:50:58.948root 11241100x80000000000000003863076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7205acc7c501ee292021-12-22 11:50:58.948root 11241100x80000000000000003863077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107cbd8cb464e4562021-12-22 11:50:58.949root 534500x80000000000000003863078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.949{00000000-0000-0000-0000-000000000000}19116<unknown process>ubuntu 11241100x80000000000000003863079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.949{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash/tmp/sh-thd.YarNVv2021-12-22 11:50:58.949ubuntu 23542300x80000000000000003863080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:58.949{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702ubuntu/bin/bash/tmp/sh-thd.YarNVv--- 154100x80000000000000003863081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.217{ec2b6afe-1123-61c3-d019-a3f75e550000}19117/bin/cat-----cat run_mod.sh/home/ubuntuubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 534500x80000000000000003863082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.219{ec2b6afe-1123-61c3-d019-a3f75e550000}19117/bin/catubuntu 11241100x80000000000000003863083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434ce166f30ee7cd2021-12-22 11:50:59.219root 11241100x80000000000000003863084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2feff1f4ebe34fb22021-12-22 11:50:59.219root 11241100x80000000000000003863085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e6d5b85258b7fa2021-12-22 11:50:59.219root 11241100x80000000000000003863086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74044b80bc047b1f2021-12-22 11:50:59.219root 11241100x80000000000000003863087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c755655a33c3bc52021-12-22 11:50:59.219root 11241100x80000000000000003863088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d756494110d92f292021-12-22 11:50:59.219root 11241100x80000000000000003863089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ed950281d045b42021-12-22 11:50:59.220root 11241100x80000000000000003863090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797369fe8dd317fd2021-12-22 11:50:59.220root 11241100x80000000000000003863091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986a691c0b3ac97a2021-12-22 11:50:59.220root 11241100x80000000000000003863092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cebf3f93250f09792021-12-22 11:50:59.220root 11241100x80000000000000003863093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce96e74c0f32af692021-12-22 11:50:59.220root 11241100x80000000000000003863094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e2958a3ea332022021-12-22 11:50:59.220root 11241100x80000000000000003863095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830cd1a976f95a562021-12-22 11:50:59.220root 11241100x80000000000000003863096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e503d1751775b622021-12-22 11:50:59.220root 11241100x80000000000000003863097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a38456e6c2293362021-12-22 11:50:59.220root 11241100x80000000000000003863098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3527e6e19c3470582021-12-22 11:50:59.220root 11241100x80000000000000003863099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674736ee51d8b3a42021-12-22 11:50:59.220root 11241100x80000000000000003863100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5446a422a8594b2f2021-12-22 11:50:59.220root 11241100x80000000000000003863101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253d10e84e9b721f2021-12-22 11:50:59.221root 11241100x80000000000000003863102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c63e2414751f6492021-12-22 11:50:59.221root 11241100x80000000000000003863103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65875f4c0ede518a2021-12-22 11:50:59.221root 11241100x80000000000000003863104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859583a9ca2a38172021-12-22 11:50:59.221root 11241100x80000000000000003863105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0affb6c09620b42021-12-22 11:50:59.221root 11241100x80000000000000003863106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6695ceb0b841a6192021-12-22 11:50:59.221root 11241100x80000000000000003863107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15237abf175f57692021-12-22 11:50:59.221root 11241100x80000000000000003863108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb6b67b57bab5a92021-12-22 11:50:59.221root 11241100x80000000000000003863109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3d667d6b92195d2021-12-22 11:50:59.221root 11241100x80000000000000003863110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1666f0d7f8dc93d2021-12-22 11:50:59.221root 11241100x80000000000000003863111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93c7524c8648de52021-12-22 11:50:59.221root 11241100x80000000000000003863112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8902a4846528f9f32021-12-22 11:50:59.221root 11241100x80000000000000003863113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e25609fe5fb8cd2021-12-22 11:50:59.221root 11241100x80000000000000003863114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f39186987e997052021-12-22 11:50:59.221root 11241100x80000000000000003863115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b572fdfe2e537c2021-12-22 11:50:59.221root 11241100x80000000000000003863116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff5477e23a7c8f22021-12-22 11:50:59.221root 11241100x80000000000000003863117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de446a08afc31a1c2021-12-22 11:50:59.222root 11241100x80000000000000003863118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838a15b34bfd7a9e2021-12-22 11:50:59.222root 11241100x80000000000000003863119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba90c1944dc3daa2021-12-22 11:50:59.222root 11241100x80000000000000003863120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9609b567fcbe7c352021-12-22 11:50:59.222root 11241100x80000000000000003863121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c4d97e4966f7df2021-12-22 11:50:59.222root 11241100x80000000000000003863122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c429a907ae8ae42021-12-22 11:50:59.222root 11241100x80000000000000003863123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72010fd567d7e1be2021-12-22 11:50:59.222root 11241100x80000000000000003863124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21402069ca9ef802021-12-22 11:50:59.222root 11241100x80000000000000003863125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354fd7bfe44d647e2021-12-22 11:50:59.222root 11241100x80000000000000003863126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5c8bf027819cc22021-12-22 11:50:59.222root 11241100x80000000000000003863127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7d9150fdb4147d2021-12-22 11:50:59.222root 11241100x80000000000000003863128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5773b1856c2eb6c92021-12-22 11:50:59.223root 11241100x80000000000000003863129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531b92d007da4db32021-12-22 11:50:59.223root 11241100x80000000000000003863130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c08ddc89c3d67f2021-12-22 11:50:59.223root 11241100x80000000000000003863131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7faf4abb9a20500b2021-12-22 11:50:59.223root 11241100x80000000000000003863132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5fb0fd679eed5d2021-12-22 11:50:59.224root 11241100x80000000000000003863133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa74730f6f170c72021-12-22 11:50:59.224root 11241100x80000000000000003863134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d2dafdb510e0472021-12-22 11:50:59.224root 11241100x80000000000000003863135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1c3d09a75ac00a2021-12-22 11:50:59.224root 11241100x80000000000000003863136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874b0168be0b115c2021-12-22 11:50:59.224root 11241100x80000000000000003863137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac8eb899c4653fb2021-12-22 11:50:59.224root 11241100x80000000000000003863138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e40adf6842e676b2021-12-22 11:50:59.224root 11241100x80000000000000003863139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b5d38ba111a0c52021-12-22 11:50:59.224root 11241100x80000000000000003863140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b7506b03e2bff82021-12-22 11:50:59.224root 11241100x80000000000000003863141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610c51056bd6a2f12021-12-22 11:50:59.224root 11241100x80000000000000003863142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee0fee9f40c40862021-12-22 11:50:59.224root 11241100x80000000000000003863143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ac6d0bf9a719db2021-12-22 11:50:59.225root 11241100x80000000000000003863144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d568a6d7465cdfbd2021-12-22 11:50:59.225root 11241100x80000000000000003863145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc41629339e4c32a2021-12-22 11:50:59.225root 11241100x80000000000000003863146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255b4f0863f861d62021-12-22 11:50:59.225root 11241100x80000000000000003863147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086b6e593dd3b9952021-12-22 11:50:59.225root 11241100x80000000000000003863148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e79750bc212aec2021-12-22 11:50:59.225root 11241100x80000000000000003863149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516b73f4af64922f2021-12-22 11:50:59.225root 11241100x80000000000000003863150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc8a23485cdd0a32021-12-22 11:50:59.226root 11241100x80000000000000003863151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4b0d73798f8c1d2021-12-22 11:50:59.226root 11241100x80000000000000003863152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5b9f6ccd6fea4b2021-12-22 11:50:59.226root 11241100x80000000000000003863153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b4621893803ac62021-12-22 11:50:59.226root 11241100x80000000000000003863154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e10e049c80a43e02021-12-22 11:50:59.226root 11241100x80000000000000003863155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9576e97282e3698a2021-12-22 11:50:59.226root 11241100x80000000000000003863156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c26e77b66e12c62021-12-22 11:50:59.226root 11241100x80000000000000003863157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251d6d785beaabb12021-12-22 11:50:59.226root 11241100x80000000000000003863158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0500b886a5bed0f2021-12-22 11:50:59.226root 11241100x80000000000000003863159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59e64ae6d92831d2021-12-22 11:50:59.226root 11241100x80000000000000003863160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a095c49f4a7fea12021-12-22 11:50:59.226root 11241100x80000000000000003863161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceda2fa8594d861f2021-12-22 11:50:59.227root 11241100x80000000000000003863162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283f989adf75e9a32021-12-22 11:50:59.227root 11241100x80000000000000003863163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a184a02c427c50a2021-12-22 11:50:59.227root 11241100x80000000000000003863164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfdc0a373fe85b632021-12-22 11:50:59.227root 11241100x80000000000000003863165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f50a39dd53fc61e2021-12-22 11:50:59.227root 11241100x80000000000000003863166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8afc07f6c203d4432021-12-22 11:50:59.227root 11241100x80000000000000003863167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa734c87d98a89a2021-12-22 11:50:59.227root 11241100x80000000000000003863168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e532b2c0f140dc162021-12-22 11:50:59.227root 11241100x80000000000000003863169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b323566fbf9a5b62021-12-22 11:50:59.227root 11241100x80000000000000003863170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf79408400c18c382021-12-22 11:50:59.227root 11241100x80000000000000003863171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5143765f94ad205c2021-12-22 11:50:59.227root 11241100x80000000000000003863172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592ed4316c8ef71e2021-12-22 11:50:59.228root 11241100x80000000000000003863173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75e8d571efcc44c2021-12-22 11:50:59.228root 11241100x80000000000000003863174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f0977e047796642021-12-22 11:50:59.228root 11241100x80000000000000003863175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50fdfb097cb637802021-12-22 11:50:59.228root 11241100x80000000000000003863176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34b57f124fbbf812021-12-22 11:50:59.228root 11241100x80000000000000003863177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed23676aaf0525ad2021-12-22 11:50:59.228root 11241100x80000000000000003863178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a4bc8136a2f4f52021-12-22 11:50:59.228root 11241100x80000000000000003863179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c689300f651e3b02021-12-22 11:50:59.228root 11241100x80000000000000003863180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539dae469f25c7b12021-12-22 11:50:59.228root 11241100x80000000000000003863181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998a14b6d71574102021-12-22 11:50:59.228root 11241100x80000000000000003863182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b900dd5f5cb8722021-12-22 11:50:59.228root 11241100x80000000000000003863183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d758189b8fa9b522021-12-22 11:50:59.229root 11241100x80000000000000003863184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9711396f2e272142021-12-22 11:50:59.229root 11241100x80000000000000003863185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1bd299329397dc42021-12-22 11:50:59.229root 11241100x80000000000000003863186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed6a99a3d984d842021-12-22 11:50:59.229root 11241100x80000000000000003863187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898c7515535cc4592021-12-22 11:50:59.229root 11241100x80000000000000003863188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce996890fc91bad2021-12-22 11:50:59.229root 11241100x80000000000000003863189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f53d698f1dc4ea72021-12-22 11:50:59.229root 11241100x80000000000000003863190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9ee50bdf606f2d2021-12-22 11:50:59.229root 11241100x80000000000000003863191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d577ff3b870522f2021-12-22 11:50:59.229root 11241100x80000000000000003863192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577d60648c4210632021-12-22 11:50:59.229root 11241100x80000000000000003863193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27fe45a671f9f84f2021-12-22 11:50:59.229root 11241100x80000000000000003863194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0724d51dd4eda3292021-12-22 11:50:59.229root 11241100x80000000000000003863195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7dbe20b762c6e9e2021-12-22 11:50:59.229root 11241100x80000000000000003863196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1189a2363b0aeb772021-12-22 11:50:59.229root 11241100x80000000000000003863197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a16fa22a0b85d82021-12-22 11:50:59.230root 11241100x80000000000000003863198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc156e4445fc68302021-12-22 11:50:59.230root 11241100x80000000000000003863199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58138aa6028c2e5b2021-12-22 11:50:59.230root 11241100x80000000000000003863200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc023b8fcfb52f6e2021-12-22 11:50:59.230root 11241100x80000000000000003863201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e5bb494c0708032021-12-22 11:50:59.230root 11241100x80000000000000003863202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c52b7baab9c51ed2021-12-22 11:50:59.230root 11241100x80000000000000003863203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d72d0f7d2095a522021-12-22 11:50:59.230root 11241100x80000000000000003863204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5be7cd6b229de92021-12-22 11:50:59.230root 11241100x80000000000000003863205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa5471998e59b452021-12-22 11:50:59.230root 11241100x80000000000000003863206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ebddd42e0cba11e2021-12-22 11:50:59.230root 11241100x80000000000000003863207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a831ddf4fcee4802021-12-22 11:50:59.230root 11241100x80000000000000003863208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a4b3dc3a68c0572021-12-22 11:50:59.230root 11241100x80000000000000003863209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6204555aa8e3c7352021-12-22 11:50:59.230root 11241100x80000000000000003863210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bac4944932ebd052021-12-22 11:50:59.230root 11241100x80000000000000003863211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd3cc005e9857652021-12-22 11:50:59.230root 11241100x80000000000000003863212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9a4c23d6fbec1f2021-12-22 11:50:59.230root 11241100x80000000000000003863213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c236802205b48242021-12-22 11:50:59.231root 11241100x80000000000000003863214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73789c0149abb9172021-12-22 11:50:59.231root 11241100x80000000000000003863215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22e2e41193ddb6b2021-12-22 11:50:59.231root 11241100x80000000000000003863216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da07bdc7ef7a6dc32021-12-22 11:50:59.231root 11241100x80000000000000003863217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414d6b62c73bda552021-12-22 11:50:59.231root 11241100x80000000000000003863218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1df50213b6038a72021-12-22 11:50:59.231root 11241100x80000000000000003863219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989600c4d4f6dde12021-12-22 11:50:59.231root 11241100x80000000000000003863220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17499ff1861a50842021-12-22 11:50:59.231root 11241100x80000000000000003863221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc24cbdfaa1b9332021-12-22 11:50:59.232root 11241100x80000000000000003863222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56fe2e27aef40c292021-12-22 11:50:59.693root 11241100x80000000000000003863223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e554a350a4e65c632021-12-22 11:50:59.693root 11241100x80000000000000003863224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295201d0df8209352021-12-22 11:50:59.693root 11241100x80000000000000003863225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55e9f16108fffb92021-12-22 11:50:59.693root 11241100x80000000000000003863226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd54c3f6cf1a0a02021-12-22 11:50:59.693root 11241100x80000000000000003863227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7574746614bb38072021-12-22 11:50:59.693root 11241100x80000000000000003863228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ba3ed1dc0458662021-12-22 11:50:59.694root 11241100x80000000000000003863229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c5f1e1a0463ccb2021-12-22 11:50:59.694root 11241100x80000000000000003863230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1675bf38d83a5e92021-12-22 11:50:59.694root 11241100x80000000000000003863231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baafd201927939ca2021-12-22 11:50:59.694root 11241100x80000000000000003863232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5baaee3bb8a2d62021-12-22 11:50:59.694root 11241100x80000000000000003863233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8307c49acabb512021-12-22 11:50:59.694root 11241100x80000000000000003863234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd8be4ef89a25042021-12-22 11:50:59.694root 11241100x80000000000000003863235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f255d495aa60ff7f2021-12-22 11:50:59.694root 11241100x80000000000000003863236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c6b9501031e8f02021-12-22 11:50:59.694root 11241100x80000000000000003863237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe964365e9b1b7f2021-12-22 11:50:59.694root 11241100x80000000000000003863238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf491630ef22c3e2021-12-22 11:50:59.695root 11241100x80000000000000003863239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac83d90dfeae5d1d2021-12-22 11:50:59.695root 11241100x80000000000000003863240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13995d519692fd882021-12-22 11:50:59.695root 11241100x80000000000000003863241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3339c44725e79d2021-12-22 11:50:59.695root 11241100x80000000000000003863242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf1aa5a7af8912c2021-12-22 11:50:59.695root 11241100x80000000000000003863243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab847be36877b5b02021-12-22 11:50:59.695root 11241100x80000000000000003863244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a84bc47714d90722021-12-22 11:50:59.695root 11241100x80000000000000003863245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1814b60189758822021-12-22 11:50:59.695root 11241100x80000000000000003863246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0dd9a111c1db052021-12-22 11:50:59.696root 11241100x80000000000000003863247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f4b55b6c838fe92021-12-22 11:50:59.696root 11241100x80000000000000003863248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c125b3d26dff972021-12-22 11:50:59.696root 11241100x80000000000000003863249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f60f744fc5731932021-12-22 11:50:59.696root 11241100x80000000000000003863250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd02b3656171e49a2021-12-22 11:50:59.696root 11241100x80000000000000003863251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca5d3e281d4d1512021-12-22 11:50:59.696root 11241100x80000000000000003863252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dcf34e745b228fb2021-12-22 11:50:59.696root 11241100x80000000000000003863253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e01942b349f6ec12021-12-22 11:50:59.696root 11241100x80000000000000003863254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a134c2ac6a7fe62021-12-22 11:50:59.697root 11241100x80000000000000003863255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2a9eaddca584062021-12-22 11:50:59.697root 11241100x80000000000000003863256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e3a46083fee1862021-12-22 11:50:59.697root 11241100x80000000000000003863257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf12074c44c5dac2021-12-22 11:50:59.697root 11241100x80000000000000003863258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646d364883ae99b12021-12-22 11:50:59.697root 11241100x80000000000000003863259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94dc86a41a4bcda52021-12-22 11:50:59.697root 11241100x80000000000000003863260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778b927a41bcf89a2021-12-22 11:50:59.698root 11241100x80000000000000003863261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633845e1c18b62882021-12-22 11:50:59.698root 11241100x80000000000000003863262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80be4d446d040b932021-12-22 11:50:59.698root 11241100x80000000000000003863263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a34edd4dafd4cb2021-12-22 11:50:59.698root 11241100x80000000000000003863264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0fdbb9e41510b882021-12-22 11:50:59.698root 11241100x80000000000000003863265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b227247ab94117c62021-12-22 11:50:59.698root 11241100x80000000000000003863266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444ec8b631bb25fb2021-12-22 11:50:59.698root 11241100x80000000000000003863267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b7ac617cd1d1452021-12-22 11:50:59.698root 11241100x80000000000000003863268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:50:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8d7597347ed69d2021-12-22 11:50:59.698root 11241100x80000000000000003863269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3446ebb1856af42021-12-22 11:51:00.193root 11241100x80000000000000003863270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c88fc3b244d23cd2021-12-22 11:51:00.193root 11241100x80000000000000003863271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b710c5ef8becdad62021-12-22 11:51:00.193root 11241100x80000000000000003863272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155a5c0a8e3028e92021-12-22 11:51:00.194root 11241100x80000000000000003863273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c272473f99764ba2021-12-22 11:51:00.194root 11241100x80000000000000003863274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b64cf82c65db1342021-12-22 11:51:00.194root 11241100x80000000000000003863275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa6bf4dd522586e2021-12-22 11:51:00.194root 11241100x80000000000000003863276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea2c72fe9c1230c2021-12-22 11:51:00.194root 11241100x80000000000000003863277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00dfca78aa6380ad2021-12-22 11:51:00.194root 11241100x80000000000000003863278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8aceff7f9c02b242021-12-22 11:51:00.194root 11241100x80000000000000003863279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81c7e1a2a87cb262021-12-22 11:51:00.194root 11241100x80000000000000003863280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71f6af96945dbd22021-12-22 11:51:00.194root 11241100x80000000000000003863281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fae6c72f3e69f512021-12-22 11:51:00.194root 11241100x80000000000000003863282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09a3de3107a6ee32021-12-22 11:51:00.194root 11241100x80000000000000003863283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e3591beba7fa0b2021-12-22 11:51:00.194root 11241100x80000000000000003863284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b36da6ad3a5be72021-12-22 11:51:00.194root 11241100x80000000000000003863285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cdb95d1e2769512021-12-22 11:51:00.195root 11241100x80000000000000003863286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1816b36791350c942021-12-22 11:51:00.195root 11241100x80000000000000003863287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671c88af80eb73d52021-12-22 11:51:00.195root 11241100x80000000000000003863288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a0c227866ecbd42021-12-22 11:51:00.195root 11241100x80000000000000003863289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7c9e0ad5b945f52021-12-22 11:51:00.195root 11241100x80000000000000003863290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8bd80507ae41632021-12-22 11:51:00.195root 11241100x80000000000000003863291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bef486ca56d066a2021-12-22 11:51:00.195root 11241100x80000000000000003863292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d52f938055d8e9d2021-12-22 11:51:00.195root 11241100x80000000000000003863293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60153a6b6b9dd9e42021-12-22 11:51:00.195root 11241100x80000000000000003863294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a322bcbbf188ae72021-12-22 11:51:00.196root 11241100x80000000000000003863295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc6b219d3e8aa7e2021-12-22 11:51:00.196root 11241100x80000000000000003863296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a9a3b9c01a7dc42021-12-22 11:51:00.196root 11241100x80000000000000003863297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb20f36d9c13b192021-12-22 11:51:00.196root 11241100x80000000000000003863298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b8fdc0606d32d12021-12-22 11:51:00.196root 11241100x80000000000000003863299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4823853e8d007f2021-12-22 11:51:00.196root 11241100x80000000000000003863300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0b64b9d3e6c0ef2021-12-22 11:51:00.196root 11241100x80000000000000003863301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83936798809f8f6c2021-12-22 11:51:00.197root 11241100x80000000000000003863302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5a5196af15df852021-12-22 11:51:00.197root 11241100x80000000000000003863303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15408f62b34dfca2021-12-22 11:51:00.197root 11241100x80000000000000003863304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fbd1b729b31dad72021-12-22 11:51:00.197root 11241100x80000000000000003863305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d80b21798ffcfe62021-12-22 11:51:00.197root 11241100x80000000000000003863306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8155d0f2a022cd92021-12-22 11:51:00.693root 11241100x80000000000000003863307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a68921340dc4e52021-12-22 11:51:00.693root 11241100x80000000000000003863308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29cd00f8717fe9122021-12-22 11:51:00.693root 11241100x80000000000000003863309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfc9575347ed1cd2021-12-22 11:51:00.693root 11241100x80000000000000003863310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9702a768b81aa2992021-12-22 11:51:00.693root 11241100x80000000000000003863311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90b3ee762d5eb1e2021-12-22 11:51:00.693root 11241100x80000000000000003863312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b16ab88bfb727a2021-12-22 11:51:00.693root 11241100x80000000000000003863313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf5141b194ea0bb2021-12-22 11:51:00.693root 11241100x80000000000000003863314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0897dd6b620116d92021-12-22 11:51:00.693root 11241100x80000000000000003863315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff2205528a0a6992021-12-22 11:51:00.694root 11241100x80000000000000003863316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5640b7df46cfd7cb2021-12-22 11:51:00.694root 11241100x80000000000000003863317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27b46e4fcb7eddd2021-12-22 11:51:00.694root 11241100x80000000000000003863318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e60bc3158e7ddcf2021-12-22 11:51:00.694root 11241100x80000000000000003863319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880e53c449ebf41e2021-12-22 11:51:00.694root 11241100x80000000000000003863320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a8679326cb49aa32021-12-22 11:51:00.694root 11241100x80000000000000003863321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98285cb4d85bcb62021-12-22 11:51:00.694root 11241100x80000000000000003863322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8da3f1d67909762021-12-22 11:51:00.694root 11241100x80000000000000003863323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990ef03d7f7220b92021-12-22 11:51:00.694root 11241100x80000000000000003863324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8e46b921f486532021-12-22 11:51:00.694root 11241100x80000000000000003863325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef2b46501f1a3e02021-12-22 11:51:00.695root 11241100x80000000000000003863326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab04288dc5f1f652021-12-22 11:51:00.695root 11241100x80000000000000003863327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c978d016ad20872021-12-22 11:51:00.696root 11241100x80000000000000003863328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fd59098fb5372a2021-12-22 11:51:00.696root 11241100x80000000000000003863329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16378189275b12f62021-12-22 11:51:00.696root 11241100x80000000000000003863330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d647eb17c59b3d42021-12-22 11:51:00.696root 11241100x80000000000000003863331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e8245e12f6414e2021-12-22 11:51:00.696root 11241100x80000000000000003863332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010e69767e0547e62021-12-22 11:51:00.697root 11241100x80000000000000003863333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2308797d357fc262021-12-22 11:51:00.697root 11241100x80000000000000003863334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3403b93f10039a4d2021-12-22 11:51:00.697root 11241100x80000000000000003863335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746f9766c6b98b582021-12-22 11:51:00.698root 11241100x80000000000000003863336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d2bb9a3261f5cc2021-12-22 11:51:00.698root 11241100x80000000000000003863337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f51d025129689582021-12-22 11:51:00.698root 11241100x80000000000000003863338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef26ecb823c52f802021-12-22 11:51:00.698root 11241100x80000000000000003863339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac58809061b516fa2021-12-22 11:51:00.698root 11241100x80000000000000003863340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4f4fd83b50b9d42021-12-22 11:51:00.699root 11241100x80000000000000003863341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9532a5e65ecb1d392021-12-22 11:51:00.699root 11241100x80000000000000003863342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c63646f20d71d82021-12-22 11:51:00.699root 11241100x80000000000000003863343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314138461b16a6222021-12-22 11:51:00.699root 11241100x80000000000000003863344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b44344c1f5cfc862021-12-22 11:51:00.699root 11241100x80000000000000003863345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2240ec77f43c679d2021-12-22 11:51:00.700root 11241100x80000000000000003863346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4899df2ae73f472021-12-22 11:51:00.700root 11241100x80000000000000003863347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02722634dcbe8d82021-12-22 11:51:00.700root 11241100x80000000000000003863348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:00.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8297da97ca87af2021-12-22 11:51:00.700root 11241100x80000000000000003863349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eec2a3070aea1f72021-12-22 11:51:01.193root 11241100x80000000000000003863350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50f8e38e0482cac2021-12-22 11:51:01.194root 11241100x80000000000000003863351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64931db90d6c7e82021-12-22 11:51:01.194root 11241100x80000000000000003863352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d35e704902163652021-12-22 11:51:01.194root 11241100x80000000000000003863353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d0bea7f3f7f47d2021-12-22 11:51:01.195root 11241100x80000000000000003863354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04965f248922b5c12021-12-22 11:51:01.195root 11241100x80000000000000003863355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa32a72b9ddb6d9f2021-12-22 11:51:01.195root 11241100x80000000000000003863356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6482aca1e73b27112021-12-22 11:51:01.195root 11241100x80000000000000003863357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48417171ab8c5862021-12-22 11:51:01.196root 11241100x80000000000000003863358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec072bdc83f5661a2021-12-22 11:51:01.196root 11241100x80000000000000003863359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e3685755b98b562021-12-22 11:51:01.196root 11241100x80000000000000003863360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd37ade42a0e5d062021-12-22 11:51:01.196root 11241100x80000000000000003863361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5558a4d6f3a231e2021-12-22 11:51:01.197root 11241100x80000000000000003863362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901dfbd45f9ce1b02021-12-22 11:51:01.197root 11241100x80000000000000003863363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac86a6a36b9705b2021-12-22 11:51:01.197root 11241100x80000000000000003863364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd232fa405c73af32021-12-22 11:51:01.198root 11241100x80000000000000003863365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e311ed9c1573e9582021-12-22 11:51:01.198root 11241100x80000000000000003863366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27aaa69d052dab792021-12-22 11:51:01.198root 11241100x80000000000000003863367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ad0ae2068c9c552021-12-22 11:51:01.199root 11241100x80000000000000003863368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc8d6fe7321453e2021-12-22 11:51:01.199root 11241100x80000000000000003863369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7025798e4bd9d02021-12-22 11:51:01.199root 11241100x80000000000000003863370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a95f343c34df222021-12-22 11:51:01.199root 11241100x80000000000000003863371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83201456928041f92021-12-22 11:51:01.200root 11241100x80000000000000003863372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba463321261479f72021-12-22 11:51:01.200root 11241100x80000000000000003863373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6166431fbef420c32021-12-22 11:51:01.200root 11241100x80000000000000003863374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3051bf6f41512ce82021-12-22 11:51:01.200root 11241100x80000000000000003863375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3ce2d601ad21092021-12-22 11:51:01.200root 11241100x80000000000000003863376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80aaf658a03887022021-12-22 11:51:01.200root 11241100x80000000000000003863377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430c57b8a1f149a02021-12-22 11:51:01.201root 11241100x80000000000000003863378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c7d47cfc2232252021-12-22 11:51:01.201root 11241100x80000000000000003863379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25fc7043eb03ce222021-12-22 11:51:01.201root 11241100x80000000000000003863380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1077f0e3947b462021-12-22 11:51:01.201root 11241100x80000000000000003863381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6417e19370276db2021-12-22 11:51:01.201root 11241100x80000000000000003863382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57afc20633162602021-12-22 11:51:01.202root 11241100x80000000000000003863383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7aaead95008aae52021-12-22 11:51:01.202root 11241100x80000000000000003863384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd5506eb17f0bc42021-12-22 11:51:01.202root 11241100x80000000000000003863385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e17418b37022642021-12-22 11:51:01.202root 11241100x80000000000000003863386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d00be52d6c5868e2021-12-22 11:51:01.202root 11241100x80000000000000003863387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105c3c85dd2bf7bc2021-12-22 11:51:01.692root 11241100x80000000000000003863388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1a7a8469edaf982021-12-22 11:51:01.693root 11241100x80000000000000003863389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9576877e0b70eaca2021-12-22 11:51:01.693root 11241100x80000000000000003863390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b8a094b430e1552021-12-22 11:51:01.693root 11241100x80000000000000003863391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0bd29983c1d1572021-12-22 11:51:01.693root 11241100x80000000000000003863392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf68739fa4228be2021-12-22 11:51:01.693root 11241100x80000000000000003863393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb9a599825f19812021-12-22 11:51:01.693root 11241100x80000000000000003863394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1120ab3d2a09bb92021-12-22 11:51:01.693root 11241100x80000000000000003863395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5f642f89759da42021-12-22 11:51:01.693root 11241100x80000000000000003863396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542bf2908195dec62021-12-22 11:51:01.693root 11241100x80000000000000003863397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691d8e73e2998cd02021-12-22 11:51:01.693root 11241100x80000000000000003863398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4eecb56ef9fe7612021-12-22 11:51:01.693root 11241100x80000000000000003863399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae48bc043c2c2f22021-12-22 11:51:01.694root 11241100x80000000000000003863400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c13f5799b7a1822021-12-22 11:51:01.694root 11241100x80000000000000003863401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228e625421f17a932021-12-22 11:51:01.694root 11241100x80000000000000003863402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804420ea82d10ba52021-12-22 11:51:01.694root 11241100x80000000000000003863403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d492b9478e1fc452021-12-22 11:51:01.694root 11241100x80000000000000003863404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e789b4a1c23c85ce2021-12-22 11:51:01.694root 11241100x80000000000000003863405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687077db0bcd963e2021-12-22 11:51:01.694root 11241100x80000000000000003863406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1924bcb5c0015f702021-12-22 11:51:01.694root 11241100x80000000000000003863407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559ac1d16d2462802021-12-22 11:51:01.694root 11241100x80000000000000003863408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470b9723b37378912021-12-22 11:51:01.694root 11241100x80000000000000003863409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30902e6051419592021-12-22 11:51:01.694root 11241100x80000000000000003863410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c989b9331576b3b22021-12-22 11:51:01.695root 11241100x80000000000000003863411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bda3c44f486ccc12021-12-22 11:51:01.695root 11241100x80000000000000003863412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad20496bdc20f332021-12-22 11:51:01.695root 11241100x80000000000000003863413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4973522ae848f02b2021-12-22 11:51:01.695root 11241100x80000000000000003863414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa86b6872642fcf2021-12-22 11:51:01.695root 11241100x80000000000000003863415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480086b508dbcc0f2021-12-22 11:51:01.695root 11241100x80000000000000003863416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed30f085e663cbbd2021-12-22 11:51:01.695root 11241100x80000000000000003863417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301ae224b7acddb52021-12-22 11:51:01.695root 11241100x80000000000000003863418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6684027afd5b00802021-12-22 11:51:01.696root 11241100x80000000000000003863419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e4c4d6c88297ca2021-12-22 11:51:01.696root 11241100x80000000000000003863420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607d5a6cbe7bb5362021-12-22 11:51:01.696root 11241100x80000000000000003863421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a30cefba2058e62021-12-22 11:51:01.696root 11241100x80000000000000003863422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb5fb33d340cb7b2021-12-22 11:51:01.696root 11241100x80000000000000003863423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf096fffa80ebee2021-12-22 11:51:01.696root 11241100x80000000000000003863424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584e154c4db817a22021-12-22 11:51:01.697root 11241100x80000000000000003863425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6fe85e1c91ba9df2021-12-22 11:51:01.697root 11241100x80000000000000003863426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71bca58cce39f3d2021-12-22 11:51:01.697root 11241100x80000000000000003863427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38690439ce2a5e052021-12-22 11:51:01.697root 11241100x80000000000000003863428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1af5b1d3d2cc5b2021-12-22 11:51:01.697root 11241100x80000000000000003863429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352f1be091fbf2202021-12-22 11:51:01.697root 354300x80000000000000003863430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.096{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55542-false10.0.1.12-8000- 11241100x80000000000000003863431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f89f075dc1f143122021-12-22 11:51:02.097root 11241100x80000000000000003863432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ef46581d9c91952021-12-22 11:51:02.097root 11241100x80000000000000003863433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943270eceaf68aa72021-12-22 11:51:02.097root 11241100x80000000000000003863434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29a08e000bcbe532021-12-22 11:51:02.097root 11241100x80000000000000003863435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b32eb797dedef82021-12-22 11:51:02.097root 11241100x80000000000000003863436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8508b66ef7a71f732021-12-22 11:51:02.097root 11241100x80000000000000003863437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901fe0539d97f1752021-12-22 11:51:02.098root 11241100x80000000000000003863438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd6ae285a3f5e192021-12-22 11:51:02.098root 11241100x80000000000000003863439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2467d87679d5c24e2021-12-22 11:51:02.098root 11241100x80000000000000003863440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35500176bf31de62021-12-22 11:51:02.098root 11241100x80000000000000003863441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3fc80ed5b046f02021-12-22 11:51:02.098root 11241100x80000000000000003863442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1a2fb4ab226ef52021-12-22 11:51:02.098root 11241100x80000000000000003863443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602649dd88547d9d2021-12-22 11:51:02.098root 11241100x80000000000000003863444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7ab47140075c2e2021-12-22 11:51:02.098root 11241100x80000000000000003863445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcdf44c17b9406302021-12-22 11:51:02.098root 11241100x80000000000000003863446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a2eaf53692a3f32021-12-22 11:51:02.099root 11241100x80000000000000003863447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fbd70f646fc5d1b2021-12-22 11:51:02.099root 11241100x80000000000000003863448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8add5b56ef9dbb242021-12-22 11:51:02.099root 11241100x80000000000000003863449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3b04a8f05ab0f92021-12-22 11:51:02.099root 11241100x80000000000000003863450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce59074a219380e2021-12-22 11:51:02.099root 11241100x80000000000000003863451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e21cbb1930d36a82021-12-22 11:51:02.099root 11241100x80000000000000003863452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e055e1eb16b48b8d2021-12-22 11:51:02.099root 11241100x80000000000000003863453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b872c57f29e715b2021-12-22 11:51:02.099root 11241100x80000000000000003863454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df4a023245a62432021-12-22 11:51:02.099root 11241100x80000000000000003863455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93baca20e8c9de52021-12-22 11:51:02.100root 11241100x80000000000000003863456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72759629cd46f5112021-12-22 11:51:02.100root 11241100x80000000000000003863457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3216969171fb23302021-12-22 11:51:02.100root 11241100x80000000000000003863458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c608f9847daf892021-12-22 11:51:02.100root 11241100x80000000000000003863459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2038a786d7e48cf82021-12-22 11:51:02.100root 11241100x80000000000000003863460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d405f3b8cb0648b82021-12-22 11:51:02.100root 11241100x80000000000000003863461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0c92722ffefc272021-12-22 11:51:02.100root 11241100x80000000000000003863462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b95dc08418f9502021-12-22 11:51:02.100root 11241100x80000000000000003863463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d0fd041d0dd2822021-12-22 11:51:02.101root 11241100x80000000000000003863464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a34248b2d52be62021-12-22 11:51:02.101root 11241100x80000000000000003863465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6b614ae2eb20fc2021-12-22 11:51:02.101root 11241100x80000000000000003863466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0baf5c14bd2be42021-12-22 11:51:02.101root 11241100x80000000000000003863467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2145cf49f590c3f42021-12-22 11:51:02.101root 11241100x80000000000000003863468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd121ee484ce37fb2021-12-22 11:51:02.101root 11241100x80000000000000003863469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7997e6cc29f58702021-12-22 11:51:02.101root 11241100x80000000000000003863470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2697dc9fbeb4238f2021-12-22 11:51:02.101root 11241100x80000000000000003863471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72341211a72531c32021-12-22 11:51:02.101root 11241100x80000000000000003863472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97cf0e0ae343ade12021-12-22 11:51:02.101root 11241100x80000000000000003863473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810766568837553d2021-12-22 11:51:02.101root 11241100x80000000000000003863474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.102{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef80880a9b3cb7922021-12-22 11:51:02.102root 11241100x80000000000000003863475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.102{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e9482841e1fbc12021-12-22 11:51:02.102root 11241100x80000000000000003863476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.102{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ebe1d744db900982021-12-22 11:51:02.102root 11241100x80000000000000003863477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.102{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e0fda6c5dc3c8d2021-12-22 11:51:02.102root 11241100x80000000000000003863478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.102{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a56b43766c6bdcb2021-12-22 11:51:02.102root 11241100x80000000000000003863479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.102{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee184b8f3bda14f2021-12-22 11:51:02.102root 11241100x80000000000000003863480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8940f3848ceded562021-12-22 11:51:02.442root 11241100x80000000000000003863481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba37378fb0751fa42021-12-22 11:51:02.443root 11241100x80000000000000003863482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146addb689447c652021-12-22 11:51:02.443root 11241100x80000000000000003863483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e464961fb304adce2021-12-22 11:51:02.443root 11241100x80000000000000003863484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4f3c87f714b43a2021-12-22 11:51:02.443root 11241100x80000000000000003863485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb92950a44faefb02021-12-22 11:51:02.444root 11241100x80000000000000003863486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c1c99d16576a252021-12-22 11:51:02.444root 11241100x80000000000000003863487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74524d8e985541882021-12-22 11:51:02.444root 11241100x80000000000000003863488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f705200a6078b8d42021-12-22 11:51:02.444root 11241100x80000000000000003863489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907ed0de5a9d177e2021-12-22 11:51:02.444root 11241100x80000000000000003863490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95c0f8a3d78e8da2021-12-22 11:51:02.444root 11241100x80000000000000003863491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16109a30794504fe2021-12-22 11:51:02.445root 11241100x80000000000000003863492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f86c9b1943326e12021-12-22 11:51:02.445root 11241100x80000000000000003863493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d5765e8d21abaa2021-12-22 11:51:02.445root 11241100x80000000000000003863494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e003128628b881e82021-12-22 11:51:02.445root 11241100x80000000000000003863495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142c2ebda6b33b3a2021-12-22 11:51:02.446root 11241100x80000000000000003863496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24cb6b1d14020a502021-12-22 11:51:02.446root 11241100x80000000000000003863497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325c838f120a3d482021-12-22 11:51:02.446root 11241100x80000000000000003863498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cde976fcfd11992021-12-22 11:51:02.446root 11241100x80000000000000003863499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0893c586ce63aa2021-12-22 11:51:02.447root 11241100x80000000000000003863500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3356b3ccd83d102021-12-22 11:51:02.447root 11241100x80000000000000003863501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21fcb6d97e5857582021-12-22 11:51:02.447root 11241100x80000000000000003863502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea835d6f075301c2021-12-22 11:51:02.447root 11241100x80000000000000003863503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12762d1161adb1ec2021-12-22 11:51:02.447root 11241100x80000000000000003863504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1000f5f62a91e12021-12-22 11:51:02.447root 11241100x80000000000000003863505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed5f6336fe84d322021-12-22 11:51:02.447root 11241100x80000000000000003863506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307be9eb757289492021-12-22 11:51:02.447root 11241100x80000000000000003863507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700fdff7dcf7c4bb2021-12-22 11:51:02.448root 11241100x80000000000000003863508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5797515af076bf92021-12-22 11:51:02.448root 11241100x80000000000000003863509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2811e2ad42f41f2021-12-22 11:51:02.448root 11241100x80000000000000003863510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3779852dffea6e02021-12-22 11:51:02.448root 11241100x80000000000000003863511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce12f5eb7f6df7ec2021-12-22 11:51:02.448root 11241100x80000000000000003863512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e277d3afd15d2d2021-12-22 11:51:02.449root 11241100x80000000000000003863513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf34de84e82c2252021-12-22 11:51:02.449root 11241100x80000000000000003863514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3f3bf529a5c54d2021-12-22 11:51:02.449root 11241100x80000000000000003863515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e8eda7cce70e502021-12-22 11:51:02.449root 11241100x80000000000000003863516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801b655c0b1625742021-12-22 11:51:02.449root 11241100x80000000000000003863517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1172cc84084d017b2021-12-22 11:51:02.449root 11241100x80000000000000003863518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58ebe923639ed792021-12-22 11:51:02.449root 11241100x80000000000000003863519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b2f1e3f43920c42021-12-22 11:51:02.449root 11241100x80000000000000003863520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f382147abaf0f722021-12-22 11:51:02.450root 11241100x80000000000000003863521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2da8fbfca797ea62021-12-22 11:51:02.450root 11241100x80000000000000003863522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed6f9d368d1d7092021-12-22 11:51:02.450root 11241100x80000000000000003863523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794e997646f57d562021-12-22 11:51:02.450root 11241100x80000000000000003863524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95069f3cdaaeff402021-12-22 11:51:02.943root 11241100x80000000000000003863525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453527ac53c583212021-12-22 11:51:02.943root 11241100x80000000000000003863526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8171391ae6aa08312021-12-22 11:51:02.943root 11241100x80000000000000003863527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd927ab4da96481d2021-12-22 11:51:02.943root 11241100x80000000000000003863528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb5706c5aa4f6ae2021-12-22 11:51:02.943root 11241100x80000000000000003863529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e905c3abbff3af2021-12-22 11:51:02.943root 11241100x80000000000000003863530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844132e45be68fc72021-12-22 11:51:02.944root 11241100x80000000000000003863531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5068f6c53aa16e992021-12-22 11:51:02.944root 11241100x80000000000000003863532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df47bc7d29f768ec2021-12-22 11:51:02.944root 11241100x80000000000000003863533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60357b76fbd082662021-12-22 11:51:02.944root 11241100x80000000000000003863534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705a64d07ad568ad2021-12-22 11:51:02.944root 11241100x80000000000000003863535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba0e84f5db238e72021-12-22 11:51:02.944root 11241100x80000000000000003863536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82939256963902a02021-12-22 11:51:02.944root 11241100x80000000000000003863537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b8ced683e264452021-12-22 11:51:02.944root 11241100x80000000000000003863538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953dd26fd331b4342021-12-22 11:51:02.944root 11241100x80000000000000003863539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9272af93e7104d2021-12-22 11:51:02.944root 11241100x80000000000000003863540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97ab5760a57cfba2021-12-22 11:51:02.944root 11241100x80000000000000003863541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca74caf64236d9ec2021-12-22 11:51:02.945root 11241100x80000000000000003863542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c958bb51df9cfd92021-12-22 11:51:02.945root 11241100x80000000000000003863543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ae57fddea643bc2021-12-22 11:51:02.945root 11241100x80000000000000003863544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67de3f40dd87a8c52021-12-22 11:51:02.945root 11241100x80000000000000003863545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be87274234c8ed2e2021-12-22 11:51:02.945root 11241100x80000000000000003863546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591669c335c59bcc2021-12-22 11:51:02.945root 11241100x80000000000000003863547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0ba9f101352b852021-12-22 11:51:02.945root 11241100x80000000000000003863548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d05c2ba659e365d2021-12-22 11:51:02.946root 11241100x80000000000000003863549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8af5a39d28672592021-12-22 11:51:02.946root 11241100x80000000000000003863550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a8872316dc4d4f2021-12-22 11:51:02.946root 11241100x80000000000000003863551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4234b306bfa9bd2021-12-22 11:51:02.946root 11241100x80000000000000003863552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cdea59d4abae87a2021-12-22 11:51:02.946root 11241100x80000000000000003863553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c3ec89cd9b323f2021-12-22 11:51:02.946root 11241100x80000000000000003863554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570811596ba3ce5a2021-12-22 11:51:02.946root 11241100x80000000000000003863555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ffdd109efc79f72021-12-22 11:51:02.946root 11241100x80000000000000003863556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f61628c4c87098b2021-12-22 11:51:02.946root 11241100x80000000000000003863557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4425c327d4dd2f2d2021-12-22 11:51:02.946root 11241100x80000000000000003863558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5caa0ce05cb98a2021-12-22 11:51:02.946root 11241100x80000000000000003863559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff4cd390ced276a2021-12-22 11:51:02.947root 11241100x80000000000000003863560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a043b906411e38a2021-12-22 11:51:02.947root 11241100x80000000000000003863561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52e544ffde321e42021-12-22 11:51:02.947root 11241100x80000000000000003863562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0336a0ee1edd35c42021-12-22 11:51:02.947root 11241100x80000000000000003863563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a487299eadf5461f2021-12-22 11:51:02.947root 11241100x80000000000000003863564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2290a1736f074c692021-12-22 11:51:02.947root 11241100x80000000000000003863565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6353763b353a982021-12-22 11:51:02.947root 11241100x80000000000000003863566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.141{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-22 11:51:03.141root 11241100x80000000000000003863567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3e29f76490cb282021-12-22 11:51:03.443root 11241100x80000000000000003863568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eee5e63fcad2fe82021-12-22 11:51:03.443root 11241100x80000000000000003863569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead33ed172201cf12021-12-22 11:51:03.443root 11241100x80000000000000003863570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8985fce3764bf72021-12-22 11:51:03.443root 11241100x80000000000000003863571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a673b1aeda26352021-12-22 11:51:03.444root 11241100x80000000000000003863572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1bba9a08f6dba8c2021-12-22 11:51:03.444root 11241100x80000000000000003863573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ca986d4c7603512021-12-22 11:51:03.444root 11241100x80000000000000003863574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f09a2a09d0d95ab2021-12-22 11:51:03.444root 11241100x80000000000000003863575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95779e48398ca9fb2021-12-22 11:51:03.444root 11241100x80000000000000003863576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d9f2dccca0d9e32021-12-22 11:51:03.444root 11241100x80000000000000003863577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c31f519d4383a102021-12-22 11:51:03.444root 11241100x80000000000000003863578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5bd48413ec99eed2021-12-22 11:51:03.444root 11241100x80000000000000003863579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b02e0d410ce49402021-12-22 11:51:03.444root 11241100x80000000000000003863580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065dded76bcc90be2021-12-22 11:51:03.444root 11241100x80000000000000003863581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f638f35f732aca82021-12-22 11:51:03.444root 11241100x80000000000000003863582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9a3bc4fa00923b2021-12-22 11:51:03.444root 11241100x80000000000000003863583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce7e79e2f4cc9142021-12-22 11:51:03.444root 11241100x80000000000000003863584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a40aa30217f82e22021-12-22 11:51:03.444root 11241100x80000000000000003863585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c27a891519faec72021-12-22 11:51:03.444root 11241100x80000000000000003863586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f43455f110590b72021-12-22 11:51:03.445root 11241100x80000000000000003863587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0647e0076dc3503c2021-12-22 11:51:03.445root 11241100x80000000000000003863588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90461f91092f2c52021-12-22 11:51:03.445root 11241100x80000000000000003863589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b598a95e77e2582021-12-22 11:51:03.445root 11241100x80000000000000003863590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350d3eb46191b2b42021-12-22 11:51:03.445root 11241100x80000000000000003863591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8a282ddc0608592021-12-22 11:51:03.445root 11241100x80000000000000003863592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f98746840ece3a92021-12-22 11:51:03.445root 11241100x80000000000000003863593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8573cf468a64a9252021-12-22 11:51:03.445root 11241100x80000000000000003863594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3672fc6dc9c2bbf82021-12-22 11:51:03.445root 11241100x80000000000000003863595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14da554a8eb348792021-12-22 11:51:03.445root 11241100x80000000000000003863596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303b5445e9ca1dde2021-12-22 11:51:03.445root 11241100x80000000000000003863597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c6c5708cc817c22021-12-22 11:51:03.445root 11241100x80000000000000003863598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6846e25257abdecd2021-12-22 11:51:03.445root 11241100x80000000000000003863599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c613d7e377fb892021-12-22 11:51:03.445root 11241100x80000000000000003863600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273be5326cbae5ab2021-12-22 11:51:03.445root 11241100x80000000000000003863601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7323df600138f92021-12-22 11:51:03.446root 11241100x80000000000000003863602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d0e4a60de1d8862021-12-22 11:51:03.446root 11241100x80000000000000003863603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0506021e7bbc3bd32021-12-22 11:51:03.446root 11241100x80000000000000003863604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6361b24e057b772021-12-22 11:51:03.446root 11241100x80000000000000003863605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a927f78c247c790a2021-12-22 11:51:03.446root 11241100x80000000000000003863606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b046b43416213e22021-12-22 11:51:03.943root 11241100x80000000000000003863607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2127fb8ed7389c82021-12-22 11:51:03.943root 11241100x80000000000000003863608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd96cb34899941272021-12-22 11:51:03.943root 11241100x80000000000000003863609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12f8e3a64d7071c2021-12-22 11:51:03.943root 11241100x80000000000000003863610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2426a6419a2fd8c92021-12-22 11:51:03.944root 11241100x80000000000000003863611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc97f7ef102f43a2021-12-22 11:51:03.944root 11241100x80000000000000003863612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8245fcb545c1e72021-12-22 11:51:03.944root 11241100x80000000000000003863613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95741823e6541aa02021-12-22 11:51:03.944root 11241100x80000000000000003863614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f598fd3d217fad2021-12-22 11:51:03.944root 11241100x80000000000000003863615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e7f93f19b523f22021-12-22 11:51:03.944root 11241100x80000000000000003863616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c0452a5f9179312021-12-22 11:51:03.944root 11241100x80000000000000003863617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f75d4882efff272021-12-22 11:51:03.944root 11241100x80000000000000003863618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6035eb340bdbebe12021-12-22 11:51:03.944root 11241100x80000000000000003863619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958f3d8fdcd080c42021-12-22 11:51:03.944root 11241100x80000000000000003863620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacdb661345173182021-12-22 11:51:03.944root 11241100x80000000000000003863621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22304970fd3a82802021-12-22 11:51:03.945root 11241100x80000000000000003863622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89dceed5f65aed1c2021-12-22 11:51:03.945root 11241100x80000000000000003863623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12dabc5ff9ae840c2021-12-22 11:51:03.945root 11241100x80000000000000003863624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0518280540716e2021-12-22 11:51:03.945root 11241100x80000000000000003863625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a2ee22ae57ad2e2021-12-22 11:51:03.945root 11241100x80000000000000003863626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605218c38ca7218d2021-12-22 11:51:03.945root 11241100x80000000000000003863627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da54c4642b4536cb2021-12-22 11:51:03.945root 11241100x80000000000000003863628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea860a95e47fc052021-12-22 11:51:03.946root 11241100x80000000000000003863629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4c6352964504632021-12-22 11:51:03.946root 11241100x80000000000000003863630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc1c8c828f289902021-12-22 11:51:03.946root 11241100x80000000000000003863631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e6312f8e6a0bb72021-12-22 11:51:03.946root 11241100x80000000000000003863632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69cfffeb60ea35ce2021-12-22 11:51:03.946root 11241100x80000000000000003863633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad4a98052ca895b2021-12-22 11:51:03.946root 11241100x80000000000000003863634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6ac0ba90d7e67f2021-12-22 11:51:03.946root 11241100x80000000000000003863635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f36bdcfeefc0992021-12-22 11:51:03.946root 11241100x80000000000000003863636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b3a721f2e526692021-12-22 11:51:03.946root 11241100x80000000000000003863637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd347217ebb3855d2021-12-22 11:51:03.947root 11241100x80000000000000003863638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f6d0faa859f7b62021-12-22 11:51:03.947root 11241100x80000000000000003863639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d951634e504b0ee42021-12-22 11:51:03.947root 11241100x80000000000000003863640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13330d1c345a60d82021-12-22 11:51:03.947root 11241100x80000000000000003863641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766693f34d9194262021-12-22 11:51:03.947root 11241100x80000000000000003863642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3880844b177b97e72021-12-22 11:51:03.947root 11241100x80000000000000003863643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7051c7acc2ff9cc82021-12-22 11:51:03.947root 11241100x80000000000000003863644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70519afef302b50b2021-12-22 11:51:03.947root 11241100x80000000000000003863645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdde2a0e6a7011fc2021-12-22 11:51:03.948root 11241100x80000000000000003863646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c048423c496a6ef2021-12-22 11:51:03.948root 11241100x80000000000000003863647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648b6d6e2d14f66c2021-12-22 11:51:03.948root 11241100x80000000000000003863648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfecd1937f18e1da2021-12-22 11:51:03.948root 11241100x80000000000000003863649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f3c9fc15e833322021-12-22 11:51:03.948root 11241100x80000000000000003863650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f65b31241184c92021-12-22 11:51:04.443root 11241100x80000000000000003863651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2908dd905c61d8882021-12-22 11:51:04.443root 11241100x80000000000000003863652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3001e43d3cec834d2021-12-22 11:51:04.443root 11241100x80000000000000003863653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09aa6ad0ba73ba492021-12-22 11:51:04.443root 11241100x80000000000000003863654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a840e5d4dcc8412021-12-22 11:51:04.443root 11241100x80000000000000003863655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19764a22ad3bc7d62021-12-22 11:51:04.443root 11241100x80000000000000003863656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f4b4da8d2d9eca2021-12-22 11:51:04.444root 11241100x80000000000000003863657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead09d09cf1e754d2021-12-22 11:51:04.444root 11241100x80000000000000003863658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096892ccdd162d582021-12-22 11:51:04.444root 11241100x80000000000000003863659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a3280b478899162021-12-22 11:51:04.444root 11241100x80000000000000003863660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d3d03ad9817bf62021-12-22 11:51:04.444root 11241100x80000000000000003863661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f424d670425189a2021-12-22 11:51:04.444root 11241100x80000000000000003863662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b95bbd19a5c86312021-12-22 11:51:04.444root 11241100x80000000000000003863663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd92c194b5eb55412021-12-22 11:51:04.444root 11241100x80000000000000003863664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d755c5b5bd0a142021-12-22 11:51:04.444root 11241100x80000000000000003863665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24df1802497a2c272021-12-22 11:51:04.445root 11241100x80000000000000003863666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274b94d80418d4e82021-12-22 11:51:04.445root 11241100x80000000000000003863667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dad52140016e3562021-12-22 11:51:04.445root 11241100x80000000000000003863668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6bb953138358d362021-12-22 11:51:04.445root 11241100x80000000000000003863669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03a956e7d00ce372021-12-22 11:51:04.445root 11241100x80000000000000003863670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c02e3e8dfec069e2021-12-22 11:51:04.445root 11241100x80000000000000003863671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5955b2dd141c05602021-12-22 11:51:04.445root 11241100x80000000000000003863672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d8849403a3ead82021-12-22 11:51:04.445root 11241100x80000000000000003863673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce53fc27958de6d32021-12-22 11:51:04.445root 11241100x80000000000000003863674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67713b50e4f11f22021-12-22 11:51:04.446root 11241100x80000000000000003863675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f92e1acaeab743d2021-12-22 11:51:04.446root 11241100x80000000000000003863676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14398c2bbffee4422021-12-22 11:51:04.446root 11241100x80000000000000003863677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00c16f794e018e92021-12-22 11:51:04.446root 11241100x80000000000000003863678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c73e41aa7682e222021-12-22 11:51:04.446root 11241100x80000000000000003863679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9024b17496c1092021-12-22 11:51:04.446root 11241100x80000000000000003863680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13b91a04a418db72021-12-22 11:51:04.446root 11241100x80000000000000003863681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd18dc81c588eca2021-12-22 11:51:04.446root 11241100x80000000000000003863682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5999f26a968c410e2021-12-22 11:51:04.447root 11241100x80000000000000003863683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7208ad1511eac43e2021-12-22 11:51:04.447root 11241100x80000000000000003863684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3611d228d61f7e4d2021-12-22 11:51:04.447root 11241100x80000000000000003863685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecce2147c2d3ae472021-12-22 11:51:04.447root 11241100x80000000000000003863686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b2f7c13d421b292021-12-22 11:51:04.447root 11241100x80000000000000003863687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fccabd19a76c06d42021-12-22 11:51:04.447root 11241100x80000000000000003863688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af498142a4db7ec22021-12-22 11:51:04.448root 11241100x80000000000000003863689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faffb0538aa1e39a2021-12-22 11:51:04.448root 11241100x80000000000000003863690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d121d2b3c62f532e2021-12-22 11:51:04.448root 11241100x80000000000000003863691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81cd958856b18c0e2021-12-22 11:51:04.448root 11241100x80000000000000003863692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c0305de48857312021-12-22 11:51:04.448root 11241100x80000000000000003863693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db868167e6ce12662021-12-22 11:51:04.448root 11241100x80000000000000003863694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f50e1af201f59a2021-12-22 11:51:04.448root 11241100x80000000000000003863695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f9bca22814cead2021-12-22 11:51:04.448root 11241100x80000000000000003863696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046356fb726ef3052021-12-22 11:51:04.448root 11241100x80000000000000003863697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676b88e9c9f4983c2021-12-22 11:51:04.943root 11241100x80000000000000003863698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c420942f0348a52021-12-22 11:51:04.943root 11241100x80000000000000003863699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0297f0615a7e5b82021-12-22 11:51:04.943root 11241100x80000000000000003863700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc552585435375072021-12-22 11:51:04.943root 11241100x80000000000000003863701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78b1741a6cddb6c2021-12-22 11:51:04.944root 11241100x80000000000000003863702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88070c28ff043fe32021-12-22 11:51:04.944root 11241100x80000000000000003863703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc8c15262c4d3c12021-12-22 11:51:04.944root 11241100x80000000000000003863704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401767522a2915a52021-12-22 11:51:04.944root 11241100x80000000000000003863705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f4848d8155e2d72021-12-22 11:51:04.944root 11241100x80000000000000003863706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9261866c97c35c2021-12-22 11:51:04.944root 11241100x80000000000000003863707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c290464dab86a2d2021-12-22 11:51:04.944root 11241100x80000000000000003863708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9e3788a2a0cf732021-12-22 11:51:04.944root 11241100x80000000000000003863709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b95255e1db4e702021-12-22 11:51:04.944root 11241100x80000000000000003863710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70ba2b35cc165532021-12-22 11:51:04.944root 11241100x80000000000000003863711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357d4959ea085a922021-12-22 11:51:04.944root 11241100x80000000000000003863712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e4d497173cd7f42021-12-22 11:51:04.944root 11241100x80000000000000003863713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e548ece5cae53d32021-12-22 11:51:04.944root 11241100x80000000000000003863714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3304acda41974f2021-12-22 11:51:04.945root 11241100x80000000000000003863715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b804d331eaf9e432021-12-22 11:51:04.945root 11241100x80000000000000003863716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d958a524d22528cd2021-12-22 11:51:04.945root 11241100x80000000000000003863717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7ccfe072e520f22021-12-22 11:51:04.945root 11241100x80000000000000003863718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f53e9fa13e6f7172021-12-22 11:51:04.945root 11241100x80000000000000003863719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe61190ddbe26bc42021-12-22 11:51:04.945root 11241100x80000000000000003863720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be481647bf6e89ac2021-12-22 11:51:04.945root 11241100x80000000000000003863721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7cc6e0ea9de01942021-12-22 11:51:04.945root 11241100x80000000000000003863722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef5888eba4365582021-12-22 11:51:04.945root 11241100x80000000000000003863723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b51e2dc96d7e7b22021-12-22 11:51:04.945root 11241100x80000000000000003863724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4830b6d03af634d2021-12-22 11:51:04.945root 11241100x80000000000000003863725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3193fa6f01b4f8792021-12-22 11:51:04.945root 11241100x80000000000000003863726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3305913299ed3fc2021-12-22 11:51:04.945root 11241100x80000000000000003863727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03f0d0cade89bc92021-12-22 11:51:04.945root 11241100x80000000000000003863728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb40bb8f7ffcd3d02021-12-22 11:51:04.946root 11241100x80000000000000003863729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe749d48d00a02b02021-12-22 11:51:04.946root 11241100x80000000000000003863730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43dcb9b00261656d2021-12-22 11:51:04.946root 11241100x80000000000000003863731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143c9e8dbff47e242021-12-22 11:51:04.946root 11241100x80000000000000003863732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c57ffa268813a72021-12-22 11:51:04.946root 11241100x80000000000000003863733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b1d8e9c57d70842021-12-22 11:51:04.946root 11241100x80000000000000003863734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d474d4b5e9e35ebb2021-12-22 11:51:04.946root 11241100x80000000000000003863735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7c6e34d3c806512021-12-22 11:51:04.946root 11241100x80000000000000003863736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b048c64ab7b3132021-12-22 11:51:04.946root 11241100x80000000000000003863737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb46e347f9756302021-12-22 11:51:04.946root 11241100x80000000000000003863738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bdc583ce2d0e3fb2021-12-22 11:51:04.946root 11241100x80000000000000003863739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987e1af3cea0160a2021-12-22 11:51:04.946root 11241100x80000000000000003863740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a3568f3ad716fa2021-12-22 11:51:04.946root 11241100x80000000000000003863741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fae7367e39e3eac2021-12-22 11:51:04.946root 11241100x80000000000000003863742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1174b01a1acde172021-12-22 11:51:05.443root 11241100x80000000000000003863743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1ec9a65fdac9142021-12-22 11:51:05.443root 11241100x80000000000000003863744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5767a492c994691b2021-12-22 11:51:05.443root 11241100x80000000000000003863745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452dd1f5983de6c42021-12-22 11:51:05.443root 11241100x80000000000000003863746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ababf40908ffb5622021-12-22 11:51:05.443root 11241100x80000000000000003863747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d352042a88f5972021-12-22 11:51:05.443root 11241100x80000000000000003863748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f50b12121a7dc42021-12-22 11:51:05.443root 11241100x80000000000000003863749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774701ebf942a3082021-12-22 11:51:05.443root 11241100x80000000000000003863750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95daf35c4f243f5d2021-12-22 11:51:05.443root 11241100x80000000000000003863751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935488c30f58a9792021-12-22 11:51:05.443root 11241100x80000000000000003863752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073fc244eee1d4022021-12-22 11:51:05.444root 11241100x80000000000000003863753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa357b9038b67502021-12-22 11:51:05.444root 11241100x80000000000000003863754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f74ae561479c2e2021-12-22 11:51:05.444root 11241100x80000000000000003863755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccecc98303a99fb2021-12-22 11:51:05.444root 11241100x80000000000000003863756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b271801986b8c42021-12-22 11:51:05.444root 11241100x80000000000000003863757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0e469be11abdbd2021-12-22 11:51:05.444root 11241100x80000000000000003863758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140e8e70247a9b632021-12-22 11:51:05.445root 11241100x80000000000000003863759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04323f2254b718e32021-12-22 11:51:05.445root 11241100x80000000000000003863760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e3af02068947eb2021-12-22 11:51:05.445root 11241100x80000000000000003863761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edff0a32abfd39422021-12-22 11:51:05.445root 11241100x80000000000000003863762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf43280e3057e6872021-12-22 11:51:05.445root 11241100x80000000000000003863763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa57a46a84b34ba2021-12-22 11:51:05.445root 11241100x80000000000000003863764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c877ccf186e953a12021-12-22 11:51:05.445root 11241100x80000000000000003863765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67d7023848d26582021-12-22 11:51:05.445root 11241100x80000000000000003863766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5e331e1525f4432021-12-22 11:51:05.445root 11241100x80000000000000003863767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730d1869006c355e2021-12-22 11:51:05.445root 11241100x80000000000000003863768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a21632213adbcc22021-12-22 11:51:05.446root 11241100x80000000000000003863769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84db86cd959677242021-12-22 11:51:05.446root 11241100x80000000000000003863770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba8587de21d2c7c2021-12-22 11:51:05.446root 11241100x80000000000000003863771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cac2610bb194e1b2021-12-22 11:51:05.446root 11241100x80000000000000003863772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9c85b741c138202021-12-22 11:51:05.446root 11241100x80000000000000003863773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab11c9f9d72fdf532021-12-22 11:51:05.446root 11241100x80000000000000003863774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351fe593ced057272021-12-22 11:51:05.446root 11241100x80000000000000003863775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4acac36aa76e335c2021-12-22 11:51:05.446root 11241100x80000000000000003863776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f937da8939b9efc42021-12-22 11:51:05.447root 11241100x80000000000000003863777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00cdc2870bafb5fd2021-12-22 11:51:05.447root 11241100x80000000000000003863778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4873e07c9030f89d2021-12-22 11:51:05.447root 11241100x80000000000000003863779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed38a3441841e582021-12-22 11:51:05.447root 11241100x80000000000000003863780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c09765bd355caf2021-12-22 11:51:05.447root 11241100x80000000000000003863781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46987c85363a1692021-12-22 11:51:05.447root 11241100x80000000000000003863782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088c667384d342012021-12-22 11:51:05.447root 11241100x80000000000000003863783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab1e440e4da1ebd2021-12-22 11:51:05.447root 11241100x80000000000000003863784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a408a723a89664b32021-12-22 11:51:05.448root 11241100x80000000000000003863785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c934d5c8a332362021-12-22 11:51:05.448root 11241100x80000000000000003863786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8529e58c95c3b082021-12-22 11:51:05.448root 11241100x80000000000000003863787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6c6bad7ab908b02021-12-22 11:51:05.448root 11241100x80000000000000003863788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5970981834d0fe82021-12-22 11:51:05.448root 11241100x80000000000000003863789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449e08ff6a04df4c2021-12-22 11:51:05.448root 11241100x80000000000000003863790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd1acd1b92716402021-12-22 11:51:05.448root 11241100x80000000000000003863791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1deff8e6c127e1a2021-12-22 11:51:05.943root 11241100x80000000000000003863792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e13b923b3082fe522021-12-22 11:51:05.943root 11241100x80000000000000003863793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b2532ca0fd0c432021-12-22 11:51:05.943root 11241100x80000000000000003863794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083da71cdd1269202021-12-22 11:51:05.943root 11241100x80000000000000003863795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3caebd691f4a4af32021-12-22 11:51:05.943root 11241100x80000000000000003863796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca94abcd74ccd9582021-12-22 11:51:05.944root 11241100x80000000000000003863797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8981aca3d8c642ea2021-12-22 11:51:05.944root 11241100x80000000000000003863798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3062f05b8dee736f2021-12-22 11:51:05.944root 11241100x80000000000000003863799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9c606a27e753842021-12-22 11:51:05.944root 11241100x80000000000000003863800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b85eca43f23d192021-12-22 11:51:05.944root 11241100x80000000000000003863801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d04bc79b0beaa62021-12-22 11:51:05.944root 11241100x80000000000000003863802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f98b0bf31b5b832021-12-22 11:51:05.944root 11241100x80000000000000003863803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75772b91a1b2e932021-12-22 11:51:05.944root 11241100x80000000000000003863804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac2c3b9470b59262021-12-22 11:51:05.944root 11241100x80000000000000003863805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b01725110902c52021-12-22 11:51:05.944root 11241100x80000000000000003863806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594be6f952a516982021-12-22 11:51:05.944root 11241100x80000000000000003863807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3766747af5fc394a2021-12-22 11:51:05.945root 11241100x80000000000000003863808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e3302c597122092021-12-22 11:51:05.945root 11241100x80000000000000003863809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6959e7ead02880f82021-12-22 11:51:05.945root 11241100x80000000000000003863810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b7462ceacff3a12021-12-22 11:51:05.945root 11241100x80000000000000003863811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003d99f2422ce3362021-12-22 11:51:05.945root 11241100x80000000000000003863812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a62d3ed9025d292021-12-22 11:51:05.945root 11241100x80000000000000003863813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ccd3941b087d102021-12-22 11:51:05.945root 11241100x80000000000000003863814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9d9ed87fbecbb62021-12-22 11:51:05.945root 11241100x80000000000000003863815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e6e720612d0e042021-12-22 11:51:05.945root 11241100x80000000000000003863816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de606bb8cf85b3002021-12-22 11:51:05.946root 11241100x80000000000000003863817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3b7d4c3398204a2021-12-22 11:51:05.946root 11241100x80000000000000003863818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74df10c0d59d4062021-12-22 11:51:05.946root 11241100x80000000000000003863819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b779b320db4579a2021-12-22 11:51:05.946root 11241100x80000000000000003863820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62ef1206bc89b632021-12-22 11:51:05.946root 11241100x80000000000000003863821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1ab1214249db872021-12-22 11:51:05.946root 11241100x80000000000000003863822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d36bad7db879d022021-12-22 11:51:05.946root 11241100x80000000000000003863823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd2e381df1fb58a2021-12-22 11:51:05.946root 11241100x80000000000000003863824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1869393e21c4acb42021-12-22 11:51:05.946root 11241100x80000000000000003863825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1710dd7d01ecad9d2021-12-22 11:51:05.946root 11241100x80000000000000003863826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b206a925cbc8be4c2021-12-22 11:51:05.947root 11241100x80000000000000003863827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266881b1fb9b4ad92021-12-22 11:51:05.947root 11241100x80000000000000003863828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8887798d5c4caa842021-12-22 11:51:05.947root 11241100x80000000000000003863829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3850c95b7488d9ee2021-12-22 11:51:05.947root 11241100x80000000000000003863830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa726b2091400c32021-12-22 11:51:05.947root 11241100x80000000000000003863831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123ff5e92bd664782021-12-22 11:51:05.947root 11241100x80000000000000003863832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71c10b04290461e2021-12-22 11:51:05.947root 11241100x80000000000000003863833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5750e831277bc2842021-12-22 11:51:05.947root 11241100x80000000000000003863834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013689bcabb34bc52021-12-22 11:51:05.947root 11241100x80000000000000003863835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f41e4b2b1de03f2021-12-22 11:51:05.948root 11241100x80000000000000003863836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15957e98b777d3f2021-12-22 11:51:05.948root 11241100x80000000000000003863837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342372d7038b62e02021-12-22 11:51:05.948root 11241100x80000000000000003863838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe8729e7089a1d42021-12-22 11:51:05.948root 11241100x80000000000000003863839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb94b327a707ed332021-12-22 11:51:05.948root 11241100x80000000000000003863840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0884d66ba4b888812021-12-22 11:51:05.948root 11241100x80000000000000003863841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a81ecfd9ac6f6742021-12-22 11:51:05.948root 11241100x80000000000000003863842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706441c17e9a13d12021-12-22 11:51:05.948root 11241100x80000000000000003863843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8b11a76dc4d1492021-12-22 11:51:05.948root 11241100x80000000000000003863844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5374124a1ef668212021-12-22 11:51:05.949root 11241100x80000000000000003863845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d9d395ae1543a72021-12-22 11:51:05.949root 11241100x80000000000000003863846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd32dead7e865d792021-12-22 11:51:05.949root 11241100x80000000000000003863847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd786e86206fb4c2021-12-22 11:51:05.949root 11241100x80000000000000003863848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deca44ae069381562021-12-22 11:51:05.949root 11241100x80000000000000003863849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e1ef41e0a9e76e2021-12-22 11:51:05.949root 11241100x80000000000000003863850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0747d97d49dcf05a2021-12-22 11:51:05.949root 11241100x80000000000000003863851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786dfdf2d7a76edf2021-12-22 11:51:05.949root 23542300x80000000000000003863852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.052{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000003863853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae601778d34883c42021-12-22 11:51:06.442root 11241100x80000000000000003863854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06fc6960f0df4cea2021-12-22 11:51:06.443root 11241100x80000000000000003863855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e31dd75a0ff9a842021-12-22 11:51:06.443root 11241100x80000000000000003863856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70a0b14a1e0992d2021-12-22 11:51:06.443root 11241100x80000000000000003863857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dade61c70df0cc5a2021-12-22 11:51:06.443root 11241100x80000000000000003863858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99133ae4fe042ab42021-12-22 11:51:06.443root 11241100x80000000000000003863859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3b9da0456ed4462021-12-22 11:51:06.443root 11241100x80000000000000003863860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef21ec3757ed54a2021-12-22 11:51:06.444root 11241100x80000000000000003863861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f687c7e22c2beff2021-12-22 11:51:06.444root 11241100x80000000000000003863862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e1648e0c5f00e92021-12-22 11:51:06.444root 11241100x80000000000000003863863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3ec31a9a9f97f02021-12-22 11:51:06.444root 11241100x80000000000000003863864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cac609526d68aa82021-12-22 11:51:06.445root 11241100x80000000000000003863865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7980e4f4d43d96482021-12-22 11:51:06.445root 11241100x80000000000000003863866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524f7f58cfae265a2021-12-22 11:51:06.445root 11241100x80000000000000003863867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f50d87e8666aaf2021-12-22 11:51:06.445root 11241100x80000000000000003863868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8a70a09cd04e062021-12-22 11:51:06.446root 11241100x80000000000000003863869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e25f1e5190b4572021-12-22 11:51:06.446root 11241100x80000000000000003863870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd28aa91ec090472021-12-22 11:51:06.446root 11241100x80000000000000003863871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9976a33555551ae2021-12-22 11:51:06.446root 11241100x80000000000000003863872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5b78418ab611702021-12-22 11:51:06.447root 11241100x80000000000000003863873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12922cb355498832021-12-22 11:51:06.447root 11241100x80000000000000003863874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f1c94c9b17c5692021-12-22 11:51:06.447root 11241100x80000000000000003863875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea00f519f48a2a4e2021-12-22 11:51:06.448root 11241100x80000000000000003863876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22339fd881b9cff2021-12-22 11:51:06.448root 11241100x80000000000000003863877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a312e328bdab6c2021-12-22 11:51:06.449root 11241100x80000000000000003863878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75573f6399be6b4c2021-12-22 11:51:06.449root 11241100x80000000000000003863879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbeea601f833b1d2021-12-22 11:51:06.450root 11241100x80000000000000003863880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca77605c9819e312021-12-22 11:51:06.450root 11241100x80000000000000003863881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f0dbeb4e0baa2f2021-12-22 11:51:06.450root 11241100x80000000000000003863882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef7a6df761f994f2021-12-22 11:51:06.451root 11241100x80000000000000003863883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a421da95c90fe72021-12-22 11:51:06.451root 11241100x80000000000000003863884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578c11e01534720b2021-12-22 11:51:06.451root 11241100x80000000000000003863885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e900d8958c76502021-12-22 11:51:06.451root 11241100x80000000000000003863886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0cae7cf6800cf182021-12-22 11:51:06.451root 11241100x80000000000000003863887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04cd7b7487a8d4b2021-12-22 11:51:06.451root 11241100x80000000000000003863888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6bdba6731eece72021-12-22 11:51:06.451root 11241100x80000000000000003863889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c627b1446b75d882021-12-22 11:51:06.451root 11241100x80000000000000003863890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2bb3b7308e4d752021-12-22 11:51:06.452root 11241100x80000000000000003863891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845a8a779fe87b982021-12-22 11:51:06.452root 11241100x80000000000000003863892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393e17f242d112cf2021-12-22 11:51:06.452root 11241100x80000000000000003863893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84fcf07e879c71e2021-12-22 11:51:06.452root 11241100x80000000000000003863894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfb229e1fa37e442021-12-22 11:51:06.453root 11241100x80000000000000003863895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a831908846358d12021-12-22 11:51:06.453root 11241100x80000000000000003863896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b895c55ca9f996d2021-12-22 11:51:06.453root 11241100x80000000000000003863897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2a595581ae32532021-12-22 11:51:06.453root 11241100x80000000000000003863898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec58733856f9efa62021-12-22 11:51:06.453root 11241100x80000000000000003863899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8966fde0d0c47a2021-12-22 11:51:06.453root 11241100x80000000000000003863900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58c7addd7af776d2021-12-22 11:51:06.453root 11241100x80000000000000003863901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c1edc6eaa1502d2021-12-22 11:51:06.453root 11241100x80000000000000003863902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8871839fa5a524b2021-12-22 11:51:06.943root 11241100x80000000000000003863903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835aaa51664994d92021-12-22 11:51:06.943root 11241100x80000000000000003863904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a293e2c1bb23962021-12-22 11:51:06.943root 11241100x80000000000000003863905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4bf563fc83ee772021-12-22 11:51:06.943root 11241100x80000000000000003863906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642bbddc1c91df512021-12-22 11:51:06.943root 11241100x80000000000000003863907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de929920481d60402021-12-22 11:51:06.944root 11241100x80000000000000003863908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd5c1384dec31f32021-12-22 11:51:06.944root 11241100x80000000000000003863909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad62847203f99f92021-12-22 11:51:06.944root 11241100x80000000000000003863910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e2c1c9fb2040fd2021-12-22 11:51:06.944root 11241100x80000000000000003863911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824424547d3a87da2021-12-22 11:51:06.945root 11241100x80000000000000003863912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4801d79fb7d2425d2021-12-22 11:51:06.945root 11241100x80000000000000003863913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ad822bbce742532021-12-22 11:51:06.945root 11241100x80000000000000003863914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c4264f4a4437352021-12-22 11:51:06.945root 11241100x80000000000000003863915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3364abca0028a95e2021-12-22 11:51:06.945root 11241100x80000000000000003863916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0e47e6a4ceabbb2021-12-22 11:51:06.945root 11241100x80000000000000003863917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59f3bd6d709376b2021-12-22 11:51:06.945root 11241100x80000000000000003863918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8687e5cb9e30b40d2021-12-22 11:51:06.945root 11241100x80000000000000003863919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0cded7ad505bb832021-12-22 11:51:06.945root 11241100x80000000000000003863920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a2afe3a834d8f02021-12-22 11:51:06.945root 11241100x80000000000000003863921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50af3021cdbe6f62021-12-22 11:51:06.945root 11241100x80000000000000003863922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c68362a43e42732021-12-22 11:51:06.946root 11241100x80000000000000003863923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366c5dd8f58e15f92021-12-22 11:51:06.946root 11241100x80000000000000003863924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f66e4fd9d8fd3772021-12-22 11:51:06.946root 11241100x80000000000000003863925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f46bea45aa47f42021-12-22 11:51:06.946root 11241100x80000000000000003863926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb64dbd7a63f4512021-12-22 11:51:06.946root 11241100x80000000000000003863927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c32607050191ab02021-12-22 11:51:06.946root 11241100x80000000000000003863928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a996994129ef492021-12-22 11:51:06.946root 11241100x80000000000000003863929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52efad66ed9615462021-12-22 11:51:06.946root 11241100x80000000000000003863930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2645476b255d022021-12-22 11:51:06.946root 11241100x80000000000000003863931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac443147b96a06e2021-12-22 11:51:06.946root 11241100x80000000000000003863932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85434e1da67c824b2021-12-22 11:51:06.947root 11241100x80000000000000003863933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea309bb4c5e49482021-12-22 11:51:06.947root 11241100x80000000000000003863934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9979ecc0ccbf4daa2021-12-22 11:51:06.947root 11241100x80000000000000003863935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0dd0ef797249d12021-12-22 11:51:06.947root 11241100x80000000000000003863936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f77fd0861274bb02021-12-22 11:51:06.947root 11241100x80000000000000003863937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf29c5f1c1080692021-12-22 11:51:06.947root 11241100x80000000000000003863938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea79ebe06e8ee1a82021-12-22 11:51:06.947root 11241100x80000000000000003863939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f711810239e0f32021-12-22 11:51:06.947root 11241100x80000000000000003863940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6163da1393e81ce42021-12-22 11:51:06.947root 11241100x80000000000000003863941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7735cea98b1c902021-12-22 11:51:06.947root 11241100x80000000000000003863942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f1e071bf1b8ea22021-12-22 11:51:06.948root 11241100x80000000000000003863943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cfa0bb2866c992b2021-12-22 11:51:06.948root 11241100x80000000000000003863944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c49cdaeae0f047c2021-12-22 11:51:06.948root 11241100x80000000000000003863945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ab9cc8648c834b2021-12-22 11:51:06.948root 11241100x80000000000000003863946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6afc7d949ce6db6d2021-12-22 11:51:06.948root 11241100x80000000000000003863947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54f9b21e51f19572021-12-22 11:51:06.948root 11241100x80000000000000003863948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9353d6828838d7ef2021-12-22 11:51:06.948root 354300x80000000000000003863949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.156{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55544-false10.0.1.12-8000- 534500x80000000000000003863950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.334{ec2b6afe-112b-61c3-0000-000000000000}19118-ubuntu 11241100x80000000000000003863951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8061f738afad64b52021-12-22 11:51:07.334root 11241100x80000000000000003863952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4fdff78d20267fa2021-12-22 11:51:07.334root 11241100x80000000000000003863953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.335{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40735893c6f26f532021-12-22 11:51:07.335root 11241100x80000000000000003863954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.335{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0aa503a4979f6a82021-12-22 11:51:07.335root 11241100x80000000000000003863955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.335{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3e8061f7c435d02021-12-22 11:51:07.335root 11241100x80000000000000003863956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.335{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138537e1394dc8312021-12-22 11:51:07.335root 11241100x80000000000000003863957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.335{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98711f8fab7730be2021-12-22 11:51:07.335root 534500x80000000000000003863958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.336{00000000-0000-0000-0000-000000000000}19119<unknown process>ubuntu 11241100x80000000000000003863959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.336{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc62d4e183c133d2021-12-22 11:51:07.336root 11241100x80000000000000003863960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.336{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ce9db236a7da8e2021-12-22 11:51:07.336root 11241100x80000000000000003863961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.336{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5560b0948ce4a92021-12-22 11:51:07.336root 11241100x80000000000000003863962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.336{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash/tmp/sh-thd.wEsdo82021-12-22 11:51:07.336ubuntu 23542300x80000000000000003863963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.336{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702ubuntu/bin/bash/tmp/sh-thd.wEsdo8--- 11241100x80000000000000003863964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.336{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c9daa717f952a02021-12-22 11:51:07.336root 11241100x80000000000000003863965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.336{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5bbdf34e8676832021-12-22 11:51:07.336root 11241100x80000000000000003863966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.337{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53031d5d45dda0db2021-12-22 11:51:07.337root 11241100x80000000000000003863967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.337{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994771bf3eac723d2021-12-22 11:51:07.337root 11241100x80000000000000003863968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.337{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a4e46f74b1fe9a2021-12-22 11:51:07.337root 11241100x80000000000000003863969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.337{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd2f22fa87382372021-12-22 11:51:07.337root 11241100x80000000000000003863970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.337{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538d0f9ac88ad4c22021-12-22 11:51:07.337root 11241100x80000000000000003863971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.338{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0436816e2da563252021-12-22 11:51:07.338root 11241100x80000000000000003863972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.338{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c7905400f6b1d62021-12-22 11:51:07.338root 11241100x80000000000000003863973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.338{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16638950580e3b932021-12-22 11:51:07.338root 11241100x80000000000000003863974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.338{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99fbecda9f4ba4e2021-12-22 11:51:07.338root 11241100x80000000000000003863975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.338{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d86176f9c383552021-12-22 11:51:07.338root 11241100x80000000000000003863976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.339{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5df9ad98c4cde0b2021-12-22 11:51:07.339root 11241100x80000000000000003863977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.339{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b65daec860dde32021-12-22 11:51:07.339root 11241100x80000000000000003863978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.339{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b35796b69e357b2021-12-22 11:51:07.339root 11241100x80000000000000003863979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.339{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7983073ec643ac2021-12-22 11:51:07.339root 11241100x80000000000000003863980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.340{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df30cf5a50bf3c62021-12-22 11:51:07.340root 11241100x80000000000000003863981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.340{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1b92d18557674e2021-12-22 11:51:07.340root 11241100x80000000000000003863982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.340{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3aacde175029a62021-12-22 11:51:07.340root 11241100x80000000000000003863983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.340{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bde99c01891bd2f2021-12-22 11:51:07.340root 11241100x80000000000000003863984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.340{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a09ede72f928c82021-12-22 11:51:07.340root 11241100x80000000000000003863985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.341{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7880e9b1fd88da2021-12-22 11:51:07.341root 11241100x80000000000000003863986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3821dd9ab7bc0c522021-12-22 11:51:07.344root 11241100x80000000000000003863987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba614afa2220a7a2021-12-22 11:51:07.344root 11241100x80000000000000003863988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1025f9b014c4ea262021-12-22 11:51:07.345root 11241100x80000000000000003863989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6158585f2fb05c362021-12-22 11:51:07.345root 11241100x80000000000000003863990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1e794d8d8cebc02021-12-22 11:51:07.346root 11241100x80000000000000003863991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c3fe046af01f7f2021-12-22 11:51:07.346root 11241100x80000000000000003863992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1070f9cd25b53e2021-12-22 11:51:07.346root 11241100x80000000000000003863993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05776aa2198c0d92021-12-22 11:51:07.346root 11241100x80000000000000003863994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa398449fedd6a832021-12-22 11:51:07.347root 11241100x80000000000000003863995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3c0da3876ed1542021-12-22 11:51:07.347root 11241100x80000000000000003863996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd498bcc6139cf8b2021-12-22 11:51:07.347root 11241100x80000000000000003863997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f1467a96623c182021-12-22 11:51:07.347root 11241100x80000000000000003863998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c0c4ed7e70b0482021-12-22 11:51:07.348root 11241100x80000000000000003863999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67d7271bcce2fb92021-12-22 11:51:07.348root 11241100x80000000000000003864000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9cf49d2824fb762021-12-22 11:51:07.348root 11241100x80000000000000003864001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5633983107fc9a342021-12-22 11:51:07.348root 11241100x80000000000000003864002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2ee053498a67512021-12-22 11:51:07.348root 11241100x80000000000000003864003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72edf63db95993092021-12-22 11:51:07.349root 11241100x80000000000000003864004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace8ca7eed830a092021-12-22 11:51:07.349root 11241100x80000000000000003864005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.739bad092d9a13352021-12-22 11:51:07.349root 11241100x80000000000000003864006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8d1cb29464cbd22021-12-22 11:51:07.349root 11241100x80000000000000003864007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b1acc49657f8d12021-12-22 11:51:07.349root 11241100x80000000000000003864008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5060d10c81aba79b2021-12-22 11:51:07.350root 11241100x80000000000000003864009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29af7f1dfe9fc1402021-12-22 11:51:07.350root 11241100x80000000000000003864010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb92839d6b2f47142021-12-22 11:51:07.350root 11241100x80000000000000003864011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441b63da6fe3b2622021-12-22 11:51:07.350root 11241100x80000000000000003864012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2488b8be3a82eef82021-12-22 11:51:07.350root 11241100x80000000000000003864013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4907aa9687703772021-12-22 11:51:07.351root 11241100x80000000000000003864014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a37b79169b1aa92021-12-22 11:51:07.351root 11241100x80000000000000003864015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff86e2a4034d6b02021-12-22 11:51:07.351root 11241100x80000000000000003864016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a2f56fb4860b142021-12-22 11:51:07.355root 11241100x80000000000000003864017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b184736e3112cc12021-12-22 11:51:07.355root 11241100x80000000000000003864018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d44a982850c2b82021-12-22 11:51:07.355root 11241100x80000000000000003864019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3f32ed0cbdc85e2021-12-22 11:51:07.356root 11241100x80000000000000003864020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8b29183de1fbfa2021-12-22 11:51:07.356root 11241100x80000000000000003864021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636594d538ac70592021-12-22 11:51:07.356root 11241100x80000000000000003864022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0912e6dbf9a0c22021-12-22 11:51:07.356root 11241100x80000000000000003864023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4a7f83febae4482021-12-22 11:51:07.356root 11241100x80000000000000003864024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abd7053dfe1aec82021-12-22 11:51:07.356root 11241100x80000000000000003864025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7c3a87459b03702021-12-22 11:51:07.356root 11241100x80000000000000003864026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24bc604bf8b92d0f2021-12-22 11:51:07.356root 11241100x80000000000000003864027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b377a0583f6baff02021-12-22 11:51:07.356root 11241100x80000000000000003864028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1189650db2f7d9402021-12-22 11:51:07.356root 11241100x80000000000000003864029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8c29ae826a60782021-12-22 11:51:07.356root 154100x80000000000000003864030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.618{ec2b6afe-112b-61c3-d0d9-05fc1e560000}19120/bin/cat-----cat run_hook.sh/home/ubuntuubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 534500x80000000000000003864031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.619{ec2b6afe-112b-61c3-d0d9-05fc1e560000}19120/bin/catubuntu 11241100x80000000000000003864032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.619{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd39dd6068d8befe2021-12-22 11:51:07.619root 11241100x80000000000000003864033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.619{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70494a38c1e0179c2021-12-22 11:51:07.619root 11241100x80000000000000003864034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.620{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482e6c48c5abbe512021-12-22 11:51:07.620root 11241100x80000000000000003864035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.620{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ccf0219be7541ad2021-12-22 11:51:07.620root 11241100x80000000000000003864036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.620{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf18655fa7eb08a2021-12-22 11:51:07.620root 11241100x80000000000000003864037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.620{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5fbccbebf15e3f92021-12-22 11:51:07.620root 11241100x80000000000000003864038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.620{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b1d80d30ab457d2021-12-22 11:51:07.620root 11241100x80000000000000003864039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.620{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f39155050166aa2021-12-22 11:51:07.620root 11241100x80000000000000003864040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.620{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6f92ad40c5ca332021-12-22 11:51:07.620root 11241100x80000000000000003864041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.620{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e74732c9fe51362021-12-22 11:51:07.620root 11241100x80000000000000003864042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.620{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8b3ecbcc60b6352021-12-22 11:51:07.620root 11241100x80000000000000003864043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.620{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90a6bfb74fbbe372021-12-22 11:51:07.620root 11241100x80000000000000003864044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.620{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792c4940ccf962282021-12-22 11:51:07.620root 11241100x80000000000000003864045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.621{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf648ed70e16b3d2021-12-22 11:51:07.621root 11241100x80000000000000003864046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.621{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c2dd21224e4e462021-12-22 11:51:07.621root 11241100x80000000000000003864047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.621{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf744ef768e7cba2021-12-22 11:51:07.621root 11241100x80000000000000003864048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.621{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f683faf240d96ff62021-12-22 11:51:07.621root 11241100x80000000000000003864049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.621{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f0de64f1beebb62021-12-22 11:51:07.621root 11241100x80000000000000003864050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.621{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9c049c81e9e1722021-12-22 11:51:07.621root 11241100x80000000000000003864051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.621{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab122b1ea4a0b902021-12-22 11:51:07.621root 11241100x80000000000000003864052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.621{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4efe7895b8461d172021-12-22 11:51:07.621root 11241100x80000000000000003864053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.621{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf99d23ffac4446d2021-12-22 11:51:07.621root 11241100x80000000000000003864054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.622{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5e3ee53cb1b3e02021-12-22 11:51:07.622root 11241100x80000000000000003864055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.622{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9584e52346c9a38e2021-12-22 11:51:07.622root 11241100x80000000000000003864056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.622{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03903b2eb20649582021-12-22 11:51:07.622root 11241100x80000000000000003864057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.622{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e3200bb4fa65022021-12-22 11:51:07.622root 11241100x80000000000000003864058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.622{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b625d0a09c268a2021-12-22 11:51:07.622root 11241100x80000000000000003864059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.622{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de78d1b0b4de7ea2021-12-22 11:51:07.622root 11241100x80000000000000003864060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.623{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3810f3d42bb2f5ab2021-12-22 11:51:07.623root 11241100x80000000000000003864061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.623{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb094ea1e772be0c2021-12-22 11:51:07.623root 11241100x80000000000000003864062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.623{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a0979689786af72021-12-22 11:51:07.623root 11241100x80000000000000003864063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.623{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca415ab97b48a152021-12-22 11:51:07.623root 11241100x80000000000000003864064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.624{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d0c8142fbb350e2021-12-22 11:51:07.624root 11241100x80000000000000003864065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.624{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b37f2fe39360b72021-12-22 11:51:07.624root 11241100x80000000000000003864066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.624{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c0dba0f151025c2021-12-22 11:51:07.624root 11241100x80000000000000003864067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.624{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39fbf02d5392dafd2021-12-22 11:51:07.624root 11241100x80000000000000003864068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.624{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4b8895b796960c2021-12-22 11:51:07.624root 11241100x80000000000000003864069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.624{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c27a7450d94c8f2021-12-22 11:51:07.624root 11241100x80000000000000003864070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.624{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacc29b49d7bf1e92021-12-22 11:51:07.624root 11241100x80000000000000003864071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.624{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0632c08bca9e89012021-12-22 11:51:07.624root 11241100x80000000000000003864072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.625{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e997521a5b1d3dd2021-12-22 11:51:07.625root 11241100x80000000000000003864073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.625{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fdd36e427c77acc2021-12-22 11:51:07.625root 11241100x80000000000000003864074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.625{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873f77396bc7a2fb2021-12-22 11:51:07.625root 11241100x80000000000000003864075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.625{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d733cdb58a897e2021-12-22 11:51:07.625root 11241100x80000000000000003864076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.625{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd69298b51401672021-12-22 11:51:07.625root 11241100x80000000000000003864077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.625{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20fc90332792b55e2021-12-22 11:51:07.625root 11241100x80000000000000003864078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.625{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f265adae31fdcfa2021-12-22 11:51:07.625root 11241100x80000000000000003864079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.625{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ece64126b067c92021-12-22 11:51:07.625root 11241100x80000000000000003864080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.626{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2ebdd6c3dc6f532021-12-22 11:51:07.626root 11241100x80000000000000003864081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.626{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741f78ad833d82722021-12-22 11:51:07.626root 11241100x80000000000000003864082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.626{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34eeba0aa627a9c62021-12-22 11:51:07.626root 11241100x80000000000000003864083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.626{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe215972b68d2ddb2021-12-22 11:51:07.626root 11241100x80000000000000003864084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.626{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0d066e30f728c92021-12-22 11:51:07.626root 11241100x80000000000000003864085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.626{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7638023cf794fbbc2021-12-22 11:51:07.626root 11241100x80000000000000003864086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.626{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12630970a1dbb232021-12-22 11:51:07.626root 11241100x80000000000000003864087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.626{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb4f3781cf2aa1c2021-12-22 11:51:07.626root 11241100x80000000000000003864088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.626{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840f9cd7a00c8b942021-12-22 11:51:07.626root 11241100x80000000000000003864089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.626{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25630145bf6c381f2021-12-22 11:51:07.626root 11241100x80000000000000003864090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.626{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81cf1fad66b2337a2021-12-22 11:51:07.626root 11241100x80000000000000003864091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.627{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77950287ab0b3cdc2021-12-22 11:51:07.627root 11241100x80000000000000003864092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.627{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44bc46c0694fed1f2021-12-22 11:51:07.627root 11241100x80000000000000003864093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.627{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e396cacd86fb5b2021-12-22 11:51:07.627root 11241100x80000000000000003864094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.627{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2277da5abee893a2021-12-22 11:51:07.627root 11241100x80000000000000003864095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.627{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c0846ee42c34332021-12-22 11:51:07.627root 11241100x80000000000000003864096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.627{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df442950ca9ed782021-12-22 11:51:07.627root 11241100x80000000000000003864097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.627{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7c03e442f7efb02021-12-22 11:51:07.627root 11241100x80000000000000003864098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.627{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c0a4ccfb9ebef62021-12-22 11:51:07.627root 11241100x80000000000000003864099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.627{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc18abf5eeb5f9702021-12-22 11:51:07.627root 11241100x80000000000000003864100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.627{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c776813e1d1d82272021-12-22 11:51:07.627root 11241100x80000000000000003864101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.628{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b67ab3415ca8c122021-12-22 11:51:07.628root 11241100x80000000000000003864102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.628{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02649b560eb52592021-12-22 11:51:07.628root 11241100x80000000000000003864103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.628{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5f918a709bd4b12021-12-22 11:51:07.628root 11241100x80000000000000003864104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.628{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4e2100119aeeb62021-12-22 11:51:07.628root 11241100x80000000000000003864105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.628{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca017cbac6fbada72021-12-22 11:51:07.628root 11241100x80000000000000003864106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.628{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcb1e65b51e1cf42021-12-22 11:51:07.628root 11241100x80000000000000003864107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.628{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98240558c0f01542021-12-22 11:51:07.628root 11241100x80000000000000003864108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.628{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5f1529211bb02b2021-12-22 11:51:07.628root 11241100x80000000000000003864109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.628{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7953168e0fdc34e2021-12-22 11:51:07.628root 11241100x80000000000000003864110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.628{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e5d0570b93e73d2021-12-22 11:51:07.628root 11241100x80000000000000003864111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.628{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35aaed2cb8f2d15d2021-12-22 11:51:07.628root 11241100x80000000000000003864112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.629{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012cf2fff29ad5142021-12-22 11:51:07.629root 11241100x80000000000000003864113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.629{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ad299305f3d6512021-12-22 11:51:07.629root 11241100x80000000000000003864114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.629{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ca39d3945c423c2021-12-22 11:51:07.629root 11241100x80000000000000003864115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.629{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087fc015b3e9c7a02021-12-22 11:51:07.629root 11241100x80000000000000003864116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.629{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b5ac472cec90c62021-12-22 11:51:07.629root 11241100x80000000000000003864117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.629{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ac00014e3750ce2021-12-22 11:51:07.629root 11241100x80000000000000003864118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.629{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a00bebbea753de2021-12-22 11:51:07.629root 11241100x80000000000000003864119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.629{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2717a9c31e1a3dd72021-12-22 11:51:07.629root 11241100x80000000000000003864120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.629{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6611b6f194a176c2021-12-22 11:51:07.629root 11241100x80000000000000003864121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.629{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a269bcfc45ba1a62021-12-22 11:51:07.629root 11241100x80000000000000003864122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.629{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7332d96beb859a2021-12-22 11:51:07.629root 11241100x80000000000000003864123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.629{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78d2dc81b3377c82021-12-22 11:51:07.629root 11241100x80000000000000003864124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.629{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2f9373b6eec1052021-12-22 11:51:07.629root 11241100x80000000000000003864125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.630{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0d27276489334e2021-12-22 11:51:07.630root 11241100x80000000000000003864126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.630{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3eb2b0c602005e2021-12-22 11:51:07.630root 11241100x80000000000000003864127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.630{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875e6d392cc8b4d22021-12-22 11:51:07.630root 11241100x80000000000000003864128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.630{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75023568f62ebab22021-12-22 11:51:07.630root 11241100x80000000000000003864129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.630{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e146f442e64bd772021-12-22 11:51:07.630root 11241100x80000000000000003864130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.630{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5370b6822f9a4f2f2021-12-22 11:51:07.630root 11241100x80000000000000003864131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.630{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3986a3510f06b9532021-12-22 11:51:07.630root 11241100x80000000000000003864132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.630{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c4b781305a9eb22021-12-22 11:51:07.630root 11241100x80000000000000003864133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.630{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b55e09e73832842021-12-22 11:51:07.630root 11241100x80000000000000003864134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.630{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f48424ceb8a4932021-12-22 11:51:07.630root 11241100x80000000000000003864135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.630{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6942b84e85dd47f2021-12-22 11:51:07.630root 11241100x80000000000000003864136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.630{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe42ce92ccc76ac2021-12-22 11:51:07.630root 11241100x80000000000000003864137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.630{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f08fbc196edb9112021-12-22 11:51:07.630root 11241100x80000000000000003864138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.631{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e226858126c52102021-12-22 11:51:07.631root 11241100x80000000000000003864139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.631{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa631f8cf2359c6b2021-12-22 11:51:07.631root 11241100x80000000000000003864140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.631{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c17d423100c9712021-12-22 11:51:07.631root 11241100x80000000000000003864141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.631{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9765b252e7a761472021-12-22 11:51:07.631root 11241100x80000000000000003864142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.631{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b40c77675032da92021-12-22 11:51:07.631root 11241100x80000000000000003864143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9b48315058e6f42021-12-22 11:51:07.942root 11241100x80000000000000003864144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073be3ce79143ff32021-12-22 11:51:07.943root 11241100x80000000000000003864145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ef66ca640afb5a2021-12-22 11:51:07.943root 11241100x80000000000000003864146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec467fdc130a6e102021-12-22 11:51:07.943root 11241100x80000000000000003864147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae88974144c8905d2021-12-22 11:51:07.943root 11241100x80000000000000003864148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62acad786ae1e462021-12-22 11:51:07.943root 11241100x80000000000000003864149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f4799a9b8ba08b2021-12-22 11:51:07.943root 11241100x80000000000000003864150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b223edfbc15d8ed2021-12-22 11:51:07.943root 11241100x80000000000000003864151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6659464eee738b502021-12-22 11:51:07.943root 11241100x80000000000000003864152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db50b628e6c239552021-12-22 11:51:07.943root 11241100x80000000000000003864153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6435d0a97f2fdf92021-12-22 11:51:07.944root 11241100x80000000000000003864154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cecaa8f55d5a63b72021-12-22 11:51:07.944root 11241100x80000000000000003864155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad97da9b25b561f2021-12-22 11:51:07.944root 11241100x80000000000000003864156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c30d6dc63856772021-12-22 11:51:07.944root 11241100x80000000000000003864157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9cbad3d941327d2021-12-22 11:51:07.944root 11241100x80000000000000003864158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb05034960455422021-12-22 11:51:07.944root 11241100x80000000000000003864159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfedaf4bf2106cf2021-12-22 11:51:07.944root 11241100x80000000000000003864160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f0170ed87dad982021-12-22 11:51:07.944root 11241100x80000000000000003864161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7be76f4c65552fc2021-12-22 11:51:07.944root 11241100x80000000000000003864162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db0cef19fc838692021-12-22 11:51:07.944root 11241100x80000000000000003864163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be659efd6e068a52021-12-22 11:51:07.944root 11241100x80000000000000003864164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2282064fa1c37aff2021-12-22 11:51:07.945root 11241100x80000000000000003864165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24de0d9bf3d100142021-12-22 11:51:07.945root 11241100x80000000000000003864166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0649143a3cf4f0942021-12-22 11:51:07.945root 11241100x80000000000000003864167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d965a6eb7db8fc82021-12-22 11:51:07.945root 11241100x80000000000000003864168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ba960ce0cd2c072021-12-22 11:51:07.945root 11241100x80000000000000003864169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913db2a1368a99ba2021-12-22 11:51:07.945root 11241100x80000000000000003864170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb56f0fd8a2608552021-12-22 11:51:07.945root 11241100x80000000000000003864171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b150062f6f99922f2021-12-22 11:51:07.945root 11241100x80000000000000003864172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4abf78af2cc9b52021-12-22 11:51:07.945root 11241100x80000000000000003864173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff483a88cc634862021-12-22 11:51:07.945root 11241100x80000000000000003864174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8027ae9078fa7482021-12-22 11:51:07.946root 11241100x80000000000000003864175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec2cc73121e74982021-12-22 11:51:07.946root 11241100x80000000000000003864176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4c9545e29d9c0e2021-12-22 11:51:07.946root 11241100x80000000000000003864177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a313bcc0259a05ab2021-12-22 11:51:07.946root 11241100x80000000000000003864178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00efd6d31ef3e7f2021-12-22 11:51:07.946root 11241100x80000000000000003864179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f68f6bbc631c7fd2021-12-22 11:51:07.946root 11241100x80000000000000003864180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0b43d7da5a4b002021-12-22 11:51:07.946root 11241100x80000000000000003864181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35205bb4b28607352021-12-22 11:51:07.946root 11241100x80000000000000003864182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b928d300c039a54f2021-12-22 11:51:07.946root 11241100x80000000000000003864183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9f8faf65c2acfd2021-12-22 11:51:07.946root 11241100x80000000000000003864184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6cffb31f554ff92021-12-22 11:51:07.947root 11241100x80000000000000003864185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114c220ee1a0e11f2021-12-22 11:51:07.947root 11241100x80000000000000003864186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60fa12274a7bee8a2021-12-22 11:51:07.947root 11241100x80000000000000003864187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071874a0a26a81a92021-12-22 11:51:07.947root 11241100x80000000000000003864188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2ea8f82b2694cf2021-12-22 11:51:07.947root 11241100x80000000000000003864189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8be515ccc67ea702021-12-22 11:51:07.947root 11241100x80000000000000003864190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc66f3f883cd221f2021-12-22 11:51:07.947root 11241100x80000000000000003864191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9678fd67bc27642021-12-22 11:51:07.948root 11241100x80000000000000003864192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f45c9dcae63e8262021-12-22 11:51:07.948root 11241100x80000000000000003864193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180c747e09a18f552021-12-22 11:51:07.948root 11241100x80000000000000003864194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2dccae6e5c9a3812021-12-22 11:51:07.948root 11241100x80000000000000003864195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986ca94a515e462c2021-12-22 11:51:07.949root 11241100x80000000000000003864196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d77a113aeea2dc2021-12-22 11:51:07.949root 11241100x80000000000000003864197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a631c0d319a200c2021-12-22 11:51:07.949root 11241100x80000000000000003864198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b32a0b5c2601c22021-12-22 11:51:07.949root 11241100x80000000000000003864199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd210cc6a9ede7cb2021-12-22 11:51:07.951root 11241100x80000000000000003864200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b7c5a733a0734b2021-12-22 11:51:07.952root 11241100x80000000000000003864201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:07.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e62f3eca7c318fa2021-12-22 11:51:07.952root 11241100x80000000000000003864202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2c51b1444da3422021-12-22 11:51:08.443root 11241100x80000000000000003864203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c349379d462655c62021-12-22 11:51:08.443root 11241100x80000000000000003864204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3729dd28aa6598de2021-12-22 11:51:08.443root 11241100x80000000000000003864205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c9401df6b581022021-12-22 11:51:08.443root 11241100x80000000000000003864206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cacabbcc006460d02021-12-22 11:51:08.444root 11241100x80000000000000003864207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9729e7276fd3b852021-12-22 11:51:08.444root 11241100x80000000000000003864208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c98820cfd11d172021-12-22 11:51:08.444root 11241100x80000000000000003864209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92422a5a3e1de7e82021-12-22 11:51:08.444root 11241100x80000000000000003864210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18a7c22a2bd6a7b2021-12-22 11:51:08.444root 11241100x80000000000000003864211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5cde5d2f7a9ce52021-12-22 11:51:08.444root 11241100x80000000000000003864212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e39d8d0e76022862021-12-22 11:51:08.444root 11241100x80000000000000003864213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a17de30934201062021-12-22 11:51:08.444root 11241100x80000000000000003864214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e6cc6d46f768702021-12-22 11:51:08.444root 11241100x80000000000000003864215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad2f57a38d3699b2021-12-22 11:51:08.444root 11241100x80000000000000003864216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e4e071e769490b2021-12-22 11:51:08.445root 11241100x80000000000000003864217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1255e1d3170503ec2021-12-22 11:51:08.445root 11241100x80000000000000003864218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1f980eb881b87a2021-12-22 11:51:08.445root 11241100x80000000000000003864219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c4a5bd473afb482021-12-22 11:51:08.445root 11241100x80000000000000003864220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb49d56d16a025f2021-12-22 11:51:08.445root 11241100x80000000000000003864221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70881e1cbcf91fd82021-12-22 11:51:08.445root 11241100x80000000000000003864222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e415f3941e1aa15d2021-12-22 11:51:08.445root 11241100x80000000000000003864223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff041311e1e8de82021-12-22 11:51:08.445root 11241100x80000000000000003864224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe31aa4ecaf0c2b12021-12-22 11:51:08.445root 11241100x80000000000000003864225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c87240f14bbde72021-12-22 11:51:08.445root 11241100x80000000000000003864226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5ae21f2801d9622021-12-22 11:51:08.445root 11241100x80000000000000003864227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458f02f63e0974772021-12-22 11:51:08.446root 11241100x80000000000000003864228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f7919352698fca2021-12-22 11:51:08.446root 11241100x80000000000000003864229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d93d215efe0a1e42021-12-22 11:51:08.446root 11241100x80000000000000003864230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044a9de56128d3e82021-12-22 11:51:08.446root 11241100x80000000000000003864231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d60c22a99fe2edf2021-12-22 11:51:08.446root 11241100x80000000000000003864232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5de1e91591f8a72021-12-22 11:51:08.446root 11241100x80000000000000003864233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8458de33549304bc2021-12-22 11:51:08.446root 11241100x80000000000000003864234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56fa8f9e853ad2112021-12-22 11:51:08.446root 11241100x80000000000000003864235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3581e4b85f8b82992021-12-22 11:51:08.446root 11241100x80000000000000003864236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8638699aec4dfc852021-12-22 11:51:08.446root 11241100x80000000000000003864237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4420e38dad2b402021-12-22 11:51:08.447root 11241100x80000000000000003864238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7099b1abac177d872021-12-22 11:51:08.447root 11241100x80000000000000003864239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed5088f810806922021-12-22 11:51:08.447root 11241100x80000000000000003864240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d69ef19643472a2021-12-22 11:51:08.447root 11241100x80000000000000003864241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a689936d387b0762021-12-22 11:51:08.447root 11241100x80000000000000003864242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3ac18a2c545c2c2021-12-22 11:51:08.447root 11241100x80000000000000003864243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c82c3edf9b34b62021-12-22 11:51:08.447root 11241100x80000000000000003864244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3992a59991f6c79a2021-12-22 11:51:08.447root 11241100x80000000000000003864245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6398242290c9dd092021-12-22 11:51:08.448root 11241100x80000000000000003864246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6162116a87e20c32021-12-22 11:51:08.448root 11241100x80000000000000003864247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9076ac137f7ac82021-12-22 11:51:08.448root 11241100x80000000000000003864248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc5731775f9e6c92021-12-22 11:51:08.448root 11241100x80000000000000003864249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f4faa8e8ff9c802021-12-22 11:51:08.448root 11241100x80000000000000003864250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0027c5bcc97eba12021-12-22 11:51:08.448root 11241100x80000000000000003864251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cad9b3bce112b1a2021-12-22 11:51:08.449root 11241100x80000000000000003864252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91476dc09c46cae42021-12-22 11:51:08.449root 11241100x80000000000000003864253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec30899f7f6645f22021-12-22 11:51:08.449root 11241100x80000000000000003864254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca059f4a7c5aefe2021-12-22 11:51:08.449root 11241100x80000000000000003864255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854b37f0a4f9e3922021-12-22 11:51:08.449root 11241100x80000000000000003864256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e24bbec850cd6f2021-12-22 11:51:08.449root 11241100x80000000000000003864257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105820a25e40da422021-12-22 11:51:08.449root 11241100x80000000000000003864258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f034bd2316f5f9132021-12-22 11:51:08.449root 11241100x80000000000000003864259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51475c44ff77967a2021-12-22 11:51:08.449root 11241100x80000000000000003864260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df964d47975f41e2021-12-22 11:51:08.943root 11241100x80000000000000003864261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06b20fb49a7fbb42021-12-22 11:51:08.943root 11241100x80000000000000003864262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9bedc82002b71d2021-12-22 11:51:08.943root 11241100x80000000000000003864263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94fe19d13f6526af2021-12-22 11:51:08.943root 11241100x80000000000000003864264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6139bf9bfe7a93e2021-12-22 11:51:08.943root 11241100x80000000000000003864265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31acf0c62e795bca2021-12-22 11:51:08.943root 11241100x80000000000000003864266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc4e3db0e4dafc72021-12-22 11:51:08.943root 11241100x80000000000000003864267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b9bbb17bbdaa182021-12-22 11:51:08.943root 11241100x80000000000000003864268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1da6e45da2f63622021-12-22 11:51:08.944root 11241100x80000000000000003864269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8c695d3787b6462021-12-22 11:51:08.944root 11241100x80000000000000003864270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b73414c062095cf2021-12-22 11:51:08.944root 11241100x80000000000000003864271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b059b4a615d89fd62021-12-22 11:51:08.944root 11241100x80000000000000003864272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8277f4f1084d242021-12-22 11:51:08.944root 11241100x80000000000000003864273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a991d6bff120dd2021-12-22 11:51:08.944root 11241100x80000000000000003864274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ac54044bcb9f4b2021-12-22 11:51:08.944root 11241100x80000000000000003864275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf81637d288370a2021-12-22 11:51:08.944root 11241100x80000000000000003864276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb2cd2c5eaac1fd2021-12-22 11:51:08.944root 11241100x80000000000000003864277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4256e69107681412021-12-22 11:51:08.944root 11241100x80000000000000003864278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe575b9a3e1b1dea2021-12-22 11:51:08.944root 11241100x80000000000000003864279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8747d682e41908df2021-12-22 11:51:08.945root 11241100x80000000000000003864280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb259eca128211e42021-12-22 11:51:08.945root 11241100x80000000000000003864281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d50cc1802d1f962021-12-22 11:51:08.945root 11241100x80000000000000003864282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47a01d929ac5dcf2021-12-22 11:51:08.945root 11241100x80000000000000003864283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96fa25359094ec92021-12-22 11:51:08.945root 11241100x80000000000000003864284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7649398d7a43f4ca2021-12-22 11:51:08.945root 11241100x80000000000000003864285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753dffe35819bf9f2021-12-22 11:51:08.945root 11241100x80000000000000003864286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ccf6d204b21f432021-12-22 11:51:08.945root 11241100x80000000000000003864287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9207cf81599b45f2021-12-22 11:51:08.945root 11241100x80000000000000003864288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97c6a8b6501a96a2021-12-22 11:51:08.945root 11241100x80000000000000003864289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73345e16981591202021-12-22 11:51:08.945root 11241100x80000000000000003864290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288ec8f45a29aac52021-12-22 11:51:08.946root 11241100x80000000000000003864291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96cc11482648afd62021-12-22 11:51:08.946root 11241100x80000000000000003864292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57d65cefd3ff1e02021-12-22 11:51:08.946root 11241100x80000000000000003864293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78f54393d780dd42021-12-22 11:51:08.946root 11241100x80000000000000003864294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d3d3b5a3dde9332021-12-22 11:51:08.946root 11241100x80000000000000003864295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89bf9c8ebe4fcb02021-12-22 11:51:08.946root 11241100x80000000000000003864296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6791a689d8a234d72021-12-22 11:51:08.946root 11241100x80000000000000003864297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f787a91a6f6631502021-12-22 11:51:08.947root 11241100x80000000000000003864298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346ecadcd359ca762021-12-22 11:51:08.947root 11241100x80000000000000003864299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0209f38503725a1e2021-12-22 11:51:08.947root 11241100x80000000000000003864300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6717e0d19c7745ac2021-12-22 11:51:08.947root 11241100x80000000000000003864301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a223e9bba24086a72021-12-22 11:51:08.947root 11241100x80000000000000003864302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90115c244dc144d02021-12-22 11:51:08.948root 11241100x80000000000000003864303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49225befe006cc82021-12-22 11:51:08.948root 11241100x80000000000000003864304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59b554dd0f3f9fe2021-12-22 11:51:08.948root 11241100x80000000000000003864305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b4616171a60b402021-12-22 11:51:08.948root 11241100x80000000000000003864306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a726fa3da07cc7d42021-12-22 11:51:08.949root 11241100x80000000000000003864307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf02661eb8e8b2c42021-12-22 11:51:08.949root 11241100x80000000000000003864308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb0d6110b92b1702021-12-22 11:51:08.949root 11241100x80000000000000003864309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9db0ba2868235fb2021-12-22 11:51:08.949root 11241100x80000000000000003864310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672f49f8dad596192021-12-22 11:51:08.950root 11241100x80000000000000003864311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee90b525a1c86f82021-12-22 11:51:08.950root 11241100x80000000000000003864312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf72047a99929382021-12-22 11:51:08.950root 11241100x80000000000000003864313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2043e456e38c18212021-12-22 11:51:08.950root 11241100x80000000000000003864314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a480f09a4c246e52021-12-22 11:51:08.951root 11241100x80000000000000003864315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df7b0a008374e0f2021-12-22 11:51:08.951root 11241100x80000000000000003864316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c78d53b2f0e3392021-12-22 11:51:08.951root 11241100x80000000000000003864317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ee3734762bae832021-12-22 11:51:08.951root 11241100x80000000000000003864318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b026ed68bd6ed8c32021-12-22 11:51:08.952root 11241100x80000000000000003864319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee507499463cb0d02021-12-22 11:51:08.952root 11241100x80000000000000003864320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e11832123f5c082021-12-22 11:51:08.952root 11241100x80000000000000003864321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50cfd6eb688bb892021-12-22 11:51:08.952root 11241100x80000000000000003864322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a234a03b134af4ae2021-12-22 11:51:08.952root 11241100x80000000000000003864323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07bf0026d64cd3f2021-12-22 11:51:08.952root 11241100x80000000000000003864324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45eaa8984410274e2021-12-22 11:51:08.953root 11241100x80000000000000003864325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057db77cac8904b62021-12-22 11:51:08.953root 11241100x80000000000000003864326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0870d201859139052021-12-22 11:51:08.953root 11241100x80000000000000003864327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6096ef24423a356b2021-12-22 11:51:08.953root 11241100x80000000000000003864328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65a45e80d95dcef2021-12-22 11:51:08.954root 11241100x80000000000000003864329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4f83d886c1171a2021-12-22 11:51:08.954root 11241100x80000000000000003864330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b353617e2f3cc9c2021-12-22 11:51:08.954root 11241100x80000000000000003864331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295210206a2941622021-12-22 11:51:08.954root 11241100x80000000000000003864332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ae1a59713a63282021-12-22 11:51:08.954root 11241100x80000000000000003864333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3a07b1a764e62f2021-12-22 11:51:08.954root 11241100x80000000000000003864334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0505ecf92c62c7912021-12-22 11:51:08.954root 11241100x80000000000000003864335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48cdb659e09490de2021-12-22 11:51:08.954root 11241100x80000000000000003864336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97035f20aae535bd2021-12-22 11:51:08.955root 11241100x80000000000000003864337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ad8c67671394822021-12-22 11:51:08.955root 11241100x80000000000000003864338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a5200b3126b4cd2021-12-22 11:51:08.955root 11241100x80000000000000003864339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba6c4c789a040c82021-12-22 11:51:08.955root 11241100x80000000000000003864340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c616127f293f9922021-12-22 11:51:08.955root 11241100x80000000000000003864341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83ad08a7492d63d2021-12-22 11:51:08.955root 11241100x80000000000000003864342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba52ac74038a12b2021-12-22 11:51:08.955root 11241100x80000000000000003864343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8ca18064086bdc2021-12-22 11:51:08.955root 11241100x80000000000000003864344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4800ef593e1fdcf52021-12-22 11:51:08.955root 11241100x80000000000000003864345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a347f2b91d023a672021-12-22 11:51:08.956root 11241100x80000000000000003864346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c44782d0ad87f062021-12-22 11:51:08.956root 11241100x80000000000000003864347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1bfc91316551b792021-12-22 11:51:08.956root 11241100x80000000000000003864348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3047bd8a39c36f112021-12-22 11:51:08.956root 11241100x80000000000000003864349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f8b0453a4274542021-12-22 11:51:08.956root 11241100x80000000000000003864350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e52ef96768230572021-12-22 11:51:08.956root 11241100x80000000000000003864351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bec3012291b0dac2021-12-22 11:51:08.956root 11241100x80000000000000003864352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f82426e11a03a902021-12-22 11:51:08.956root 11241100x80000000000000003864353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206a75a7633aaa952021-12-22 11:51:08.956root 11241100x80000000000000003864354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af35589f3261da872021-12-22 11:51:08.956root 11241100x80000000000000003864355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3badf6404022162021-12-22 11:51:08.957root 11241100x80000000000000003864356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a38719082692da82021-12-22 11:51:08.957root 11241100x80000000000000003864357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:08.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50596851013e6db82021-12-22 11:51:08.957root 11241100x80000000000000003864358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df35ca52837e47142021-12-22 11:51:09.443root 11241100x80000000000000003864359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec60647754b064d82021-12-22 11:51:09.443root 11241100x80000000000000003864360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f885a86a36c2a7d2021-12-22 11:51:09.443root 11241100x80000000000000003864361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2923fe15384c229f2021-12-22 11:51:09.443root 11241100x80000000000000003864362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2500fade4138c42021-12-22 11:51:09.444root 11241100x80000000000000003864363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2c131a40508ac82021-12-22 11:51:09.444root 11241100x80000000000000003864364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85b50bb9e6398372021-12-22 11:51:09.444root 11241100x80000000000000003864365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b029ce2c8713592021-12-22 11:51:09.444root 11241100x80000000000000003864366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5766da2bdb8e9b682021-12-22 11:51:09.444root 11241100x80000000000000003864367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1fca209f1915e5e2021-12-22 11:51:09.444root 11241100x80000000000000003864368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817e6d3d31d0856c2021-12-22 11:51:09.444root 11241100x80000000000000003864369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e37d88106967f022021-12-22 11:51:09.444root 11241100x80000000000000003864370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506486893812f6492021-12-22 11:51:09.444root 11241100x80000000000000003864371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8ca1cf7a20dff52021-12-22 11:51:09.444root 11241100x80000000000000003864372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a35885d1ebaa90f2021-12-22 11:51:09.444root 11241100x80000000000000003864373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac006f207d258d72021-12-22 11:51:09.444root 11241100x80000000000000003864374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50260be5ccb17212021-12-22 11:51:09.444root 11241100x80000000000000003864375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b379ed898968170c2021-12-22 11:51:09.444root 11241100x80000000000000003864376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3321920edfbbfdf2021-12-22 11:51:09.444root 11241100x80000000000000003864377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4070ac77ba731942021-12-22 11:51:09.444root 11241100x80000000000000003864378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a71e8c314e03092021-12-22 11:51:09.445root 11241100x80000000000000003864379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8d81cf118533142021-12-22 11:51:09.445root 11241100x80000000000000003864380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104d0950829aacd72021-12-22 11:51:09.445root 11241100x80000000000000003864381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f7309b53602f502021-12-22 11:51:09.445root 11241100x80000000000000003864382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a368a04d10fc68a2021-12-22 11:51:09.445root 11241100x80000000000000003864383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3027bb89a9dacc522021-12-22 11:51:09.445root 11241100x80000000000000003864384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7fc872b947318d62021-12-22 11:51:09.445root 11241100x80000000000000003864385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086ac46ee2c703fc2021-12-22 11:51:09.445root 11241100x80000000000000003864386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba2e7247840931c2021-12-22 11:51:09.445root 11241100x80000000000000003864387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299f4f4ece04a1fb2021-12-22 11:51:09.445root 11241100x80000000000000003864388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011814c4c0350d9a2021-12-22 11:51:09.445root 11241100x80000000000000003864389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059929d124b045362021-12-22 11:51:09.445root 11241100x80000000000000003864390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7979d1c922b98c6c2021-12-22 11:51:09.445root 11241100x80000000000000003864391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f5637586741e222021-12-22 11:51:09.445root 11241100x80000000000000003864392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f49a4646945a9672021-12-22 11:51:09.445root 11241100x80000000000000003864393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e708a7ec1f7b20272021-12-22 11:51:09.446root 11241100x80000000000000003864394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b70e2ca0d57710c2021-12-22 11:51:09.446root 11241100x80000000000000003864395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfcdae896c0712b92021-12-22 11:51:09.446root 11241100x80000000000000003864396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b221ef293193632021-12-22 11:51:09.446root 11241100x80000000000000003864397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e9c349f7a345dc2021-12-22 11:51:09.446root 11241100x80000000000000003864398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da62267fb6b437a02021-12-22 11:51:09.446root 11241100x80000000000000003864399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae22f2602fc8cbb32021-12-22 11:51:09.446root 11241100x80000000000000003864400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c9970fb73e93b62021-12-22 11:51:09.446root 11241100x80000000000000003864401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c018d0d741508be2021-12-22 11:51:09.446root 11241100x80000000000000003864402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4ee55405e5a1a62021-12-22 11:51:09.446root 11241100x80000000000000003864403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8c11417539e4252021-12-22 11:51:09.446root 11241100x80000000000000003864404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4ee05a5a5df3e72021-12-22 11:51:09.446root 11241100x80000000000000003864405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9725e8db3e06bd2021-12-22 11:51:09.446root 11241100x80000000000000003864406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535e4f42b6a847ef2021-12-22 11:51:09.446root 11241100x80000000000000003864407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e14764dea5da1f2021-12-22 11:51:09.446root 11241100x80000000000000003864408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3151619dddeb6b2021-12-22 11:51:09.446root 11241100x80000000000000003864409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c66278feb288e72021-12-22 11:51:09.448root 11241100x80000000000000003864410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfca9b7c958e3dd2021-12-22 11:51:09.448root 11241100x80000000000000003864411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b597f7053eca19b32021-12-22 11:51:09.449root 11241100x80000000000000003864412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0c4b5b9bed14832021-12-22 11:51:09.450root 11241100x80000000000000003864413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e65f6fcae7bfffd2021-12-22 11:51:09.450root 11241100x80000000000000003864414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdcedd2f0783e0732021-12-22 11:51:09.450root 11241100x80000000000000003864415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1d51ed34a079252021-12-22 11:51:09.450root 11241100x80000000000000003864416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c25054db0ee6f22021-12-22 11:51:09.450root 11241100x80000000000000003864417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9977310656a3aa802021-12-22 11:51:09.450root 11241100x80000000000000003864418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b465ee0ac01d1aed2021-12-22 11:51:09.450root 11241100x80000000000000003864419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb14a3185f74adfd2021-12-22 11:51:09.450root 11241100x80000000000000003864420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514ed694488988822021-12-22 11:51:09.450root 11241100x80000000000000003864421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3997b974dcce0e72021-12-22 11:51:09.451root 11241100x80000000000000003864422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e5e5f908c487fb2021-12-22 11:51:09.451root 11241100x80000000000000003864423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9e4f0aad05ccd32021-12-22 11:51:09.451root 11241100x80000000000000003864424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc1fe93f630d3612021-12-22 11:51:09.451root 11241100x80000000000000003864425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61476daf0d06f07d2021-12-22 11:51:09.451root 11241100x80000000000000003864426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de50057d5f6ea2b82021-12-22 11:51:09.451root 11241100x80000000000000003864427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6d722bd0a2a14b2021-12-22 11:51:09.451root 11241100x80000000000000003864428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67d80e6aa31d4ec2021-12-22 11:51:09.452root 11241100x80000000000000003864429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d22ed6e727a64b42021-12-22 11:51:09.452root 11241100x80000000000000003864430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8406ffa46cc9645e2021-12-22 11:51:09.452root 11241100x80000000000000003864431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08301446ff835e22021-12-22 11:51:09.452root 11241100x80000000000000003864432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1477a64959e760052021-12-22 11:51:09.452root 11241100x80000000000000003864433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e559e21ba3890df02021-12-22 11:51:09.452root 11241100x80000000000000003864434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d78cd8acc8a4a562021-12-22 11:51:09.452root 11241100x80000000000000003864435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abcfddf5a1d7cb82021-12-22 11:51:09.452root 11241100x80000000000000003864436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e789708bb3ef3a642021-12-22 11:51:09.452root 11241100x80000000000000003864437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd21cc6a3f49a2a02021-12-22 11:51:09.452root 11241100x80000000000000003864438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56fac4ed7e304aa92021-12-22 11:51:09.452root 11241100x80000000000000003864439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33e49cef0e491722021-12-22 11:51:09.943root 11241100x80000000000000003864440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a745cfbce103a52021-12-22 11:51:09.943root 11241100x80000000000000003864441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f9fbef43695e242021-12-22 11:51:09.943root 11241100x80000000000000003864442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffa26a4b21cc9902021-12-22 11:51:09.943root 11241100x80000000000000003864443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5936f6eecd0da81e2021-12-22 11:51:09.943root 11241100x80000000000000003864444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a6d41b58f22aae2021-12-22 11:51:09.943root 11241100x80000000000000003864445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb0977d8e3577722021-12-22 11:51:09.943root 11241100x80000000000000003864446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6f0959c16293e82021-12-22 11:51:09.944root 11241100x80000000000000003864447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2399097a04cd5172021-12-22 11:51:09.944root 11241100x80000000000000003864448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2af120edeea9ae82021-12-22 11:51:09.944root 11241100x80000000000000003864449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ab19e9eb3fe3522021-12-22 11:51:09.944root 11241100x80000000000000003864450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb052dcd6a08f1142021-12-22 11:51:09.944root 11241100x80000000000000003864451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efc8e7915977a912021-12-22 11:51:09.944root 11241100x80000000000000003864452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91751b9c78b2ed8d2021-12-22 11:51:09.944root 11241100x80000000000000003864453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce02b596f8be5bb2021-12-22 11:51:09.944root 11241100x80000000000000003864454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b1ea5bdbeee0082021-12-22 11:51:09.944root 11241100x80000000000000003864455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261dbd7fddd6b1982021-12-22 11:51:09.944root 11241100x80000000000000003864456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc145e3db331afd2021-12-22 11:51:09.944root 11241100x80000000000000003864457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ad41d551f5b6552021-12-22 11:51:09.945root 11241100x80000000000000003864458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9401d9617d3c8b42021-12-22 11:51:09.945root 11241100x80000000000000003864459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040551d99e2ce0732021-12-22 11:51:09.945root 11241100x80000000000000003864460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d26f59e34e233f22021-12-22 11:51:09.945root 11241100x80000000000000003864461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954fb2084dfed8d62021-12-22 11:51:09.945root 11241100x80000000000000003864462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1f7220470b6ddb2021-12-22 11:51:09.945root 11241100x80000000000000003864463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a8af4a9c8bc020d2021-12-22 11:51:09.945root 11241100x80000000000000003864464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885acc619a92057d2021-12-22 11:51:09.945root 11241100x80000000000000003864465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e15b40abba74e92021-12-22 11:51:09.945root 11241100x80000000000000003864466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d16507932caa462021-12-22 11:51:09.945root 11241100x80000000000000003864467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965dab4ea260fc5f2021-12-22 11:51:09.946root 11241100x80000000000000003864468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f63ff4ed62db222021-12-22 11:51:09.946root 11241100x80000000000000003864469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796a57a2c64278632021-12-22 11:51:09.946root 11241100x80000000000000003864470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0155febde7ac97562021-12-22 11:51:09.946root 11241100x80000000000000003864471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01e578e6b5746462021-12-22 11:51:09.946root 11241100x80000000000000003864472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194115461e74e8812021-12-22 11:51:09.946root 11241100x80000000000000003864473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed512eac7867ed992021-12-22 11:51:09.946root 11241100x80000000000000003864474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b878850a79193e2021-12-22 11:51:09.946root 11241100x80000000000000003864475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b428270802d25e2021-12-22 11:51:09.947root 11241100x80000000000000003864476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12023cff620c502b2021-12-22 11:51:09.947root 11241100x80000000000000003864477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09405f72b0a6dbaf2021-12-22 11:51:09.947root 11241100x80000000000000003864478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de45211f081632c2021-12-22 11:51:09.947root 11241100x80000000000000003864479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e7ed65e87191dd2021-12-22 11:51:09.947root 11241100x80000000000000003864480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85eb2aa493cf76c2021-12-22 11:51:09.947root 11241100x80000000000000003864481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72065130bb757272021-12-22 11:51:09.947root 11241100x80000000000000003864482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5ae6c95e012daa2021-12-22 11:51:09.947root 11241100x80000000000000003864483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256b32c7160f1e042021-12-22 11:51:09.947root 11241100x80000000000000003864484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaff19fa2799fe992021-12-22 11:51:09.948root 11241100x80000000000000003864485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ffba1679e6e7a562021-12-22 11:51:09.948root 11241100x80000000000000003864486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f8c9ba6fb60f942021-12-22 11:51:09.948root 11241100x80000000000000003864487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a470971b3b536c12021-12-22 11:51:09.948root 11241100x80000000000000003864488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7992a691850916d72021-12-22 11:51:09.948root 11241100x80000000000000003864489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:09.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4898d8812b2d252021-12-22 11:51:09.948root 11241100x80000000000000003864490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be61c5467c6897b2021-12-22 11:51:10.442root 11241100x80000000000000003864491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b8dba5abab14e12021-12-22 11:51:10.443root 11241100x80000000000000003864492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945f4af79b2157142021-12-22 11:51:10.443root 11241100x80000000000000003864493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e1d747df1ea51b2021-12-22 11:51:10.443root 11241100x80000000000000003864494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f171ea7c3ef6e92021-12-22 11:51:10.443root 11241100x80000000000000003864495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15babf0d820f77ba2021-12-22 11:51:10.443root 11241100x80000000000000003864496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8598a86ba1ff005b2021-12-22 11:51:10.443root 11241100x80000000000000003864497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7023a090f81d05a2021-12-22 11:51:10.444root 11241100x80000000000000003864498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b71d3637fc2d452021-12-22 11:51:10.444root 11241100x80000000000000003864499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a9ddb8906458b02021-12-22 11:51:10.444root 11241100x80000000000000003864500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0c38196375bb932021-12-22 11:51:10.444root 11241100x80000000000000003864501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bbf76d7a1249bb72021-12-22 11:51:10.444root 11241100x80000000000000003864502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c7e82b433178c12021-12-22 11:51:10.444root 11241100x80000000000000003864503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb4ce7bdec47bfa2021-12-22 11:51:10.445root 11241100x80000000000000003864504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb73df8f28b5f892021-12-22 11:51:10.445root 11241100x80000000000000003864505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307a5a12e54a33152021-12-22 11:51:10.445root 11241100x80000000000000003864506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05c18de0f860cf62021-12-22 11:51:10.445root 11241100x80000000000000003864507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4aed9a9df4fbf542021-12-22 11:51:10.445root 11241100x80000000000000003864508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2faf67143ba6a42021-12-22 11:51:10.445root 11241100x80000000000000003864509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6bf0bdfda3b5722021-12-22 11:51:10.445root 11241100x80000000000000003864510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139bbadf8339af1f2021-12-22 11:51:10.445root 11241100x80000000000000003864511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b00a8d42670c9112021-12-22 11:51:10.445root 11241100x80000000000000003864512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5016230b03d5bb2021-12-22 11:51:10.445root 11241100x80000000000000003864513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590d7d237f77cd302021-12-22 11:51:10.445root 11241100x80000000000000003864514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370f54aedf5ba9182021-12-22 11:51:10.445root 11241100x80000000000000003864515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be2aa3af6e9e2b02021-12-22 11:51:10.446root 11241100x80000000000000003864516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13d63b9abf2bedf2021-12-22 11:51:10.446root 11241100x80000000000000003864517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f91149c768115582021-12-22 11:51:10.446root 11241100x80000000000000003864518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a82b26efe6ccfa2021-12-22 11:51:10.446root 11241100x80000000000000003864519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15e3662a3c338752021-12-22 11:51:10.446root 11241100x80000000000000003864520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57655437ce9e2f02021-12-22 11:51:10.446root 11241100x80000000000000003864521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee973210feb44b8a2021-12-22 11:51:10.446root 11241100x80000000000000003864522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f82aae17f8d3f662021-12-22 11:51:10.446root 11241100x80000000000000003864523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ed32e7cd389dbd2021-12-22 11:51:10.446root 11241100x80000000000000003864524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3bf88b0da886432021-12-22 11:51:10.446root 11241100x80000000000000003864525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff265e7d6447f6d2021-12-22 11:51:10.446root 11241100x80000000000000003864526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1ed7112ed58e142021-12-22 11:51:10.446root 11241100x80000000000000003864527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f72728647f62002021-12-22 11:51:10.447root 11241100x80000000000000003864528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1f9f937be70b552021-12-22 11:51:10.447root 11241100x80000000000000003864529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7876ab275eb71bc2021-12-22 11:51:10.447root 11241100x80000000000000003864530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e02a88cef3127cd2021-12-22 11:51:10.447root 11241100x80000000000000003864531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169ffa4a03888ea92021-12-22 11:51:10.447root 11241100x80000000000000003864532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32cc2c233dba4f342021-12-22 11:51:10.447root 11241100x80000000000000003864533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4230b7ffd6d13a342021-12-22 11:51:10.447root 11241100x80000000000000003864534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b38fd17c82d3a1062021-12-22 11:51:10.447root 11241100x80000000000000003864535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226263255a744adb2021-12-22 11:51:10.447root 11241100x80000000000000003864536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef575e31b805fbe2021-12-22 11:51:10.447root 11241100x80000000000000003864537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66368ee73710baf92021-12-22 11:51:10.448root 11241100x80000000000000003864538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa81965abd8c846e2021-12-22 11:51:10.448root 11241100x80000000000000003864539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cccdbdf30227d5342021-12-22 11:51:10.448root 11241100x80000000000000003864540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c98b87fec486722021-12-22 11:51:10.448root 11241100x80000000000000003864541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e035c8fde91b2b22021-12-22 11:51:10.448root 11241100x80000000000000003864542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ee1469bcd7ee6d2021-12-22 11:51:10.448root 11241100x80000000000000003864543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2ffc226d3fc2862021-12-22 11:51:10.448root 11241100x80000000000000003864544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c4b993bcdd24532021-12-22 11:51:10.448root 11241100x80000000000000003864545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf24239d04317072021-12-22 11:51:10.448root 11241100x80000000000000003864546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a067965a07262d2021-12-22 11:51:10.448root 11241100x80000000000000003864547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e5aae42e8f68112021-12-22 11:51:10.448root 11241100x80000000000000003864548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c692d2f914580782021-12-22 11:51:10.448root 11241100x80000000000000003864549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c5338f1f3132852021-12-22 11:51:10.448root 11241100x80000000000000003864550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188a17a3f6669b292021-12-22 11:51:10.448root 11241100x80000000000000003864551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8807caab65477d32021-12-22 11:51:10.449root 11241100x80000000000000003864552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957badbec0feac9b2021-12-22 11:51:10.449root 11241100x80000000000000003864553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc75ce19db046f02021-12-22 11:51:10.449root 11241100x80000000000000003864554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c888ae8eb738d32021-12-22 11:51:10.449root 11241100x80000000000000003864555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339cdc5eab04e8122021-12-22 11:51:10.449root 11241100x80000000000000003864556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d116fd69ed945f2021-12-22 11:51:10.449root 11241100x80000000000000003864557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573bc75b7eeec0ce2021-12-22 11:51:10.449root 11241100x80000000000000003864558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e095ff24ec11e5032021-12-22 11:51:10.449root 11241100x80000000000000003864559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59ab7eb791778e52021-12-22 11:51:10.449root 11241100x80000000000000003864560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d500997f54fa032021-12-22 11:51:10.449root 11241100x80000000000000003864561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2105e3e6da77ce492021-12-22 11:51:10.449root 11241100x80000000000000003864562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d52c141c98b91e2021-12-22 11:51:10.449root 11241100x80000000000000003864563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384811c333c27cb12021-12-22 11:51:10.449root 11241100x80000000000000003864564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adcd34bc60b6a1ed2021-12-22 11:51:10.449root 11241100x80000000000000003864565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4f675cfb9a4d432021-12-22 11:51:10.449root 11241100x80000000000000003864566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c616647c2934b52021-12-22 11:51:10.450root 11241100x80000000000000003864567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2767249b330c2cd42021-12-22 11:51:10.450root 11241100x80000000000000003864568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b780210eb26078032021-12-22 11:51:10.450root 11241100x80000000000000003864569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa1d1bc80953e412021-12-22 11:51:10.450root 11241100x80000000000000003864570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380fc5e5de209c062021-12-22 11:51:10.450root 11241100x80000000000000003864571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfcf5da898c00f112021-12-22 11:51:10.450root 11241100x80000000000000003864572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3beca6a5328e076c2021-12-22 11:51:10.450root 11241100x80000000000000003864573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d75d2afb885d822021-12-22 11:51:10.450root 11241100x80000000000000003864574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6720af351984102021-12-22 11:51:10.943root 11241100x80000000000000003864575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b599bcf4f48b0db02021-12-22 11:51:10.943root 11241100x80000000000000003864576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51b4508a4b503852021-12-22 11:51:10.943root 11241100x80000000000000003864577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.827fbf46cfc641ee2021-12-22 11:51:10.943root 11241100x80000000000000003864578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3482f037c174a5322021-12-22 11:51:10.944root 11241100x80000000000000003864579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da893f9789b36f62021-12-22 11:51:10.944root 11241100x80000000000000003864580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a098473a68fc66d2021-12-22 11:51:10.944root 11241100x80000000000000003864581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d275b8ec4f3734c2021-12-22 11:51:10.944root 11241100x80000000000000003864582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42c64e50b776fb02021-12-22 11:51:10.944root 11241100x80000000000000003864583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c26f60f612ef3d32021-12-22 11:51:10.944root 11241100x80000000000000003864584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17f38e96386b85b2021-12-22 11:51:10.944root 11241100x80000000000000003864585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48aac9991099caca2021-12-22 11:51:10.944root 11241100x80000000000000003864586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46cef073102002622021-12-22 11:51:10.944root 11241100x80000000000000003864587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95a16d904ceb35c2021-12-22 11:51:10.944root 11241100x80000000000000003864588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db5574c3dc42a2a2021-12-22 11:51:10.944root 11241100x80000000000000003864589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e480017396e8c842021-12-22 11:51:10.945root 11241100x80000000000000003864590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94f1c19ae0b64472021-12-22 11:51:10.945root 354300x80000000000000003864639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:18.190{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55548-false10.0.1.12-8000- 11241100x80000000000000003864640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:18.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a305e4cc705e2652021-12-22 11:51:18.442root 11241100x80000000000000003864641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:18.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a22a0bd6b0d83872021-12-22 11:51:18.942root 11241100x80000000000000003864642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:19.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8321dc3d649918602021-12-22 11:51:19.442root 11241100x80000000000000003864643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:19.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5f538ae1fde4262021-12-22 11:51:19.942root 11241100x80000000000000003864644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:20.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a63ac1ee6e1e1c42021-12-22 11:51:20.442root 11241100x80000000000000003864645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:20.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80605a7a2f22021c2021-12-22 11:51:20.942root 11241100x80000000000000003864646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:21.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75dfd9ca13df9ded2021-12-22 11:51:21.442root 11241100x80000000000000003864647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:21.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68cbd8586f0d384f2021-12-22 11:51:21.942root 11241100x80000000000000003864648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:22.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1fd302e4287ce72021-12-22 11:51:22.442root 11241100x80000000000000003864649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:22.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a4694e97e7e1b22021-12-22 11:51:22.942root 354300x80000000000000003864650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:23.228{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55550-false10.0.1.12-8000- 11241100x80000000000000003864651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:23.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9c00bc0fca8fbe2021-12-22 11:51:23.229root 11241100x80000000000000003864652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:23.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab2795cfb40816e2021-12-22 11:51:23.692root 11241100x80000000000000003864653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd30d8dbf00b8352021-12-22 11:51:23.693root 11241100x80000000000000003864654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:24.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830614f3f022dd1a2021-12-22 11:51:24.192root 11241100x80000000000000003864655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a159c3175d8ad4bb2021-12-22 11:51:24.193root 11241100x80000000000000003864656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:24.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46df698e839aa3a62021-12-22 11:51:24.692root 11241100x80000000000000003864657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:24.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4427db597a169c2021-12-22 11:51:24.692root 11241100x80000000000000003864658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:25.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a046e2aa9c1b39fb2021-12-22 11:51:25.192root 11241100x80000000000000003864659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367af7002c9698082021-12-22 11:51:25.193root 11241100x80000000000000003864660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:25.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753c1ae3a10516162021-12-22 11:51:25.692root 11241100x80000000000000003864661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad105c1182b63e02021-12-22 11:51:25.693root 11241100x80000000000000003864662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:26.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5258af5c925bc102021-12-22 11:51:26.192root 11241100x80000000000000003864663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10792250788507a32021-12-22 11:51:26.193root 11241100x80000000000000003864664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:26.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7086ca6506524e562021-12-22 11:51:26.692root 11241100x80000000000000003864665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085e55bfe19961d42021-12-22 11:51:26.693root 11241100x80000000000000003864666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:27.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aad568e91ecea382021-12-22 11:51:27.192root 11241100x80000000000000003864667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c19ace3ccd1b702021-12-22 11:51:27.193root 11241100x80000000000000003864668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:27.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4197fbcfa5ec552021-12-22 11:51:27.692root 11241100x80000000000000003864669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfe60bf73521f912021-12-22 11:51:27.693root 11241100x80000000000000003864670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:28.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb94b06850a57cf2021-12-22 11:51:28.192root 11241100x80000000000000003864671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:28.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f62efcfa7445ad92021-12-22 11:51:28.192root 11241100x80000000000000003864672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:28.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4901bb4d0709af52021-12-22 11:51:28.692root 11241100x80000000000000003864673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ace2fbb3e49d7d2021-12-22 11:51:28.693root 354300x80000000000000003864674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:29.121{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55552-false10.0.1.12-8000- 11241100x80000000000000003864675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:29.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900c25059d128e112021-12-22 11:51:29.122root 11241100x80000000000000003864676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:29.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7395e56b9db5d72021-12-22 11:51:29.122root 11241100x80000000000000003864677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:29.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d22c29c9db53b972021-12-22 11:51:29.442root 11241100x80000000000000003864678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9957cb9f4a6c4ae52021-12-22 11:51:29.443root 11241100x80000000000000003864679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf60a9b8c8a241a2021-12-22 11:51:29.443root 11241100x80000000000000003864680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:29.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9470006fc5ab3042021-12-22 11:51:29.942root 11241100x80000000000000003864681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8deb77f4a61c992021-12-22 11:51:29.943root 11241100x80000000000000003864682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4de94918d2c8ee22021-12-22 11:51:29.943root 11241100x80000000000000003864683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:30.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddead3184b9551f92021-12-22 11:51:30.442root 11241100x80000000000000003864684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c796e1e4246f072021-12-22 11:51:30.443root 11241100x80000000000000003864685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42e5e377ae3de8c2021-12-22 11:51:30.443root 11241100x80000000000000003864686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:30.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896e0366d70877092021-12-22 11:51:30.942root 11241100x80000000000000003864687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f2f51d02e988562021-12-22 11:51:30.943root 11241100x80000000000000003864688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4afd2184f4e4875a2021-12-22 11:51:30.943root 11241100x80000000000000003864689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:31.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9095b0f4525a68b62021-12-22 11:51:31.442root 11241100x80000000000000003864690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c470e0c6d98609bf2021-12-22 11:51:31.443root 11241100x80000000000000003864691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f586c533caa54f2021-12-22 11:51:31.443root 11241100x80000000000000003864692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:31.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937058d4e3a15f742021-12-22 11:51:31.942root 11241100x80000000000000003864693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f43164d3aafcf1f2021-12-22 11:51:31.943root 11241100x80000000000000003864694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d8576749cf94722021-12-22 11:51:31.943root 11241100x80000000000000003864695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:32.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7762af6c6a0d5ba92021-12-22 11:51:32.442root 11241100x80000000000000003864696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965e09aca1e2684b2021-12-22 11:51:32.443root 11241100x80000000000000003864697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef402c9d958ef1d52021-12-22 11:51:32.443root 11241100x80000000000000003864698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba5672133fd15422021-12-22 11:51:32.943root 11241100x80000000000000003864699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d65ad52983764e02021-12-22 11:51:32.943root 11241100x80000000000000003864700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3450c00a62e2df292021-12-22 11:51:32.943root 11241100x80000000000000003864701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:33.141{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-22 11:51:33.141root 11241100x80000000000000003864702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebe7d54ca36c0aa2021-12-22 11:51:33.443root 11241100x80000000000000003864703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea2c3984b8b84b52021-12-22 11:51:33.443root 11241100x80000000000000003864704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed243308a3e22752021-12-22 11:51:33.443root 11241100x80000000000000003864705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a5505b1b78722fb2021-12-22 11:51:33.443root 11241100x80000000000000003864706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:33.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e589da2d9c5edcba2021-12-22 11:51:33.942root 11241100x80000000000000003864707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1ce57a3b7131d62021-12-22 11:51:33.943root 11241100x80000000000000003864708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2abfa9e12916bac2021-12-22 11:51:33.943root 11241100x80000000000000003864709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c81f93fdb071fbe2021-12-22 11:51:33.943root 354300x80000000000000003864710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:33.991{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-42618-false10.0.1.12-8089- 11241100x80000000000000003864711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472c49d3f2286bc92021-12-22 11:51:34.443root 11241100x80000000000000003864712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9f834216152a7b2021-12-22 11:51:34.443root 11241100x80000000000000003864713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6dd820a5b4cbc3b2021-12-22 11:51:34.443root 11241100x80000000000000003864714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c88df2ae34ece72021-12-22 11:51:34.443root 11241100x80000000000000003864715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ea822c6930fb5d2021-12-22 11:51:34.443root 11241100x80000000000000003864716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:34.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7969e1f949532c2a2021-12-22 11:51:34.942root 11241100x80000000000000003864717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160bbe58af7b13ef2021-12-22 11:51:34.943root 11241100x80000000000000003864718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb43f8d72a7be052021-12-22 11:51:34.943root 11241100x80000000000000003864719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942609d1d5dc0dff2021-12-22 11:51:34.943root 11241100x80000000000000003864720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e74564cc15470cd2021-12-22 11:51:34.943root 354300x80000000000000003864721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:35.079{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55556-false10.0.1.12-8000- 11241100x80000000000000003864722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5bea1577368b3f02021-12-22 11:51:35.443root 11241100x80000000000000003864723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe632da403c3a5c2021-12-22 11:51:35.443root 11241100x80000000000000003864724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d249e22bb4c8ba2021-12-22 11:51:35.443root 11241100x80000000000000003864725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1493ad2dcda7eb2021-12-22 11:51:35.443root 11241100x80000000000000003864726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b827b7c7c0dd872021-12-22 11:51:35.443root 11241100x80000000000000003864727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5f25e71a419ab12021-12-22 11:51:35.443root 154100x80000000000000003864728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:35.673{ec2b6afe-1147-61c3-6834-ae9f53560000}19121/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x80000000000000003864729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:35.685{ec2b6afe-1147-61c3-6834-ae9f53560000}19121/bin/psroot 11241100x80000000000000003864730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3454e47228a72dc12021-12-22 11:51:35.943root 11241100x80000000000000003864731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd9d2c3fa428fde2021-12-22 11:51:35.943root 11241100x80000000000000003864732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa0afaa823b6e9f2021-12-22 11:51:35.943root 11241100x80000000000000003864733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b117071669b3b82021-12-22 11:51:35.943root 11241100x80000000000000003864734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb4ba1ffe84fa672021-12-22 11:51:35.943root 11241100x80000000000000003864735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffac2afcfb276f702021-12-22 11:51:35.943root 11241100x80000000000000003864736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4f90f3ebf0f3a82021-12-22 11:51:35.943root 11241100x80000000000000003864737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1917ee14bd5e3e8e2021-12-22 11:51:35.944root 23542300x80000000000000003864738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:36.142{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000003864739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8934880d8611290c2021-12-22 11:51:36.443root 11241100x80000000000000003864740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde539f3ffcafdd62021-12-22 11:51:36.443root 11241100x80000000000000003864741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc1617759b187a82021-12-22 11:51:36.443root 11241100x80000000000000003864742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbbfcfd984a9b162021-12-22 11:51:36.443root 11241100x80000000000000003864743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2d0efc73f3cd802021-12-22 11:51:36.443root 11241100x80000000000000003864744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c15da6065114692021-12-22 11:51:36.443root 11241100x80000000000000003864745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee80ef4eb3cf5202021-12-22 11:51:36.443root 11241100x80000000000000003864746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bcb86a188f662962021-12-22 11:51:36.443root 11241100x80000000000000003864747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828d8e384bc9dbb32021-12-22 11:51:36.443root 11241100x80000000000000003864748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e272380c9e4f13b92021-12-22 11:51:36.943root 11241100x80000000000000003864749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89d8c5ab8f164ec2021-12-22 11:51:36.943root 11241100x80000000000000003864750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce40aa7b39e94a572021-12-22 11:51:36.943root 11241100x80000000000000003864751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8c117541b69f852021-12-22 11:51:36.943root 11241100x80000000000000003864752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7b2ee9113931e92021-12-22 11:51:36.943root 11241100x80000000000000003864753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2979e939c4949a222021-12-22 11:51:36.943root 11241100x80000000000000003864754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b24eefd210c3642021-12-22 11:51:36.943root 11241100x80000000000000003864755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886ca4f7caa5d6a92021-12-22 11:51:36.943root 11241100x80000000000000003864756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd840b51695b0ca82021-12-22 11:51:36.943root 11241100x80000000000000003864757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57637da25c51ec132021-12-22 11:51:37.443root 11241100x80000000000000003864758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f68fe16df611bf52021-12-22 11:51:37.443root 11241100x80000000000000003864759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0e7b2e0fb031932021-12-22 11:51:37.443root 11241100x80000000000000003864760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff25226f684e04e2021-12-22 11:51:37.443root 11241100x80000000000000003864761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360373fdbd7272632021-12-22 11:51:37.443root 11241100x80000000000000003864762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e60eb11d547b7b12021-12-22 11:51:37.443root 11241100x80000000000000003864763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd208940276a8b942021-12-22 11:51:37.443root 11241100x80000000000000003864764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8e1fa7c6430d912021-12-22 11:51:37.443root 11241100x80000000000000003864765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5e90b23fe7bad72021-12-22 11:51:37.443root 11241100x80000000000000003864766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984e733163d75b922021-12-22 11:51:37.943root 11241100x80000000000000003864767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c18174e19ab8142021-12-22 11:51:37.943root 11241100x80000000000000003864768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303fa5f4cd7170a92021-12-22 11:51:37.943root 11241100x80000000000000003864769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eebd71b021fe82182021-12-22 11:51:37.943root 11241100x80000000000000003864770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba68d9795a930f12021-12-22 11:51:37.943root 11241100x80000000000000003864771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f496d0955767bd12021-12-22 11:51:37.943root 11241100x80000000000000003864772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2749f3745e5852382021-12-22 11:51:37.943root 11241100x80000000000000003864773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad974cf43d430e7b2021-12-22 11:51:37.943root 11241100x80000000000000003864774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00131832f219dbe32021-12-22 11:51:37.943root 11241100x80000000000000003864775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f3ff530ae932152021-12-22 11:51:38.443root 11241100x80000000000000003864776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a82fcaf5e7b9172021-12-22 11:51:38.443root 11241100x80000000000000003864777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d98bdbd60e41092021-12-22 11:51:38.443root 11241100x80000000000000003864778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8922a7f4ff6949432021-12-22 11:51:38.443root 11241100x80000000000000003864779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da4683bfaf32c4662021-12-22 11:51:38.443root 11241100x80000000000000003864780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8a5d254e34a85c2021-12-22 11:51:38.443root 11241100x80000000000000003864781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf810ef61a411012021-12-22 11:51:38.443root 11241100x80000000000000003864782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31853745a1ba86d2021-12-22 11:51:38.443root 11241100x80000000000000003864783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71d8583a0b00e712021-12-22 11:51:38.443root 11241100x80000000000000003864784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3556fe7e61dc11e2021-12-22 11:51:38.943root 11241100x80000000000000003864785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5e0f4fed9a36d72021-12-22 11:51:38.943root 11241100x80000000000000003864786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f30d35a5f195572021-12-22 11:51:38.943root 11241100x80000000000000003864787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b791ed100ef0122021-12-22 11:51:38.943root 11241100x80000000000000003864788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74883b2bc51c574e2021-12-22 11:51:38.943root 11241100x80000000000000003864789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5966474bd969af972021-12-22 11:51:38.943root 11241100x80000000000000003864790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c0d0f40910430d2021-12-22 11:51:38.943root 11241100x80000000000000003864791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27247e975ab6a9512021-12-22 11:51:38.943root 11241100x80000000000000003864792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a239a66330d4bf42021-12-22 11:51:38.943root 11241100x80000000000000003864793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca833c45da387b52021-12-22 11:51:39.443root 11241100x80000000000000003864794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af835a7bbfcf62372021-12-22 11:51:39.443root 11241100x80000000000000003864795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e77f8ed9609ecb2021-12-22 11:51:39.443root 11241100x80000000000000003864796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01545a1ff11888722021-12-22 11:51:39.443root 11241100x80000000000000003864797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47108718101c5d3c2021-12-22 11:51:39.443root 11241100x80000000000000003864798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6292000985ef0cd42021-12-22 11:51:39.443root 11241100x80000000000000003864799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28322c5644c13692021-12-22 11:51:39.443root 11241100x80000000000000003864800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df21ec9dc2248092021-12-22 11:51:39.444root 11241100x80000000000000003864801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511cc86a9fec1a062021-12-22 11:51:39.444root 154100x80000000000000003864802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:39.454{ec2b6afe-114b-61c3-1040-008272550000}19122/bin/touch-----touch run_dllhook.c/home/ubuntuubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 11241100x80000000000000003864803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:39.455{ec2b6afe-114b-61c3-1040-008272550000}19122/bin/touch/home/ubuntu/run_dllhook.c2021-12-22 11:51:39.455ubuntu 534500x80000000000000003864804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:39.455{ec2b6afe-114b-61c3-1040-008272550000}19122/bin/touchubuntu 11241100x80000000000000003864805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911c002173992b622021-12-22 11:51:39.943root 11241100x80000000000000003864806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea95f4ac7c808ce2021-12-22 11:51:39.943root 11241100x80000000000000003864807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294c9d36d73b89c52021-12-22 11:51:39.943root 11241100x80000000000000003864808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff95460e02b73792021-12-22 11:51:39.943root 11241100x80000000000000003864809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5157374876d4882021-12-22 11:51:39.943root 11241100x80000000000000003864810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5782d34264885cab2021-12-22 11:51:39.943root 11241100x80000000000000003864811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82810f906643a4cb2021-12-22 11:51:39.943root 11241100x80000000000000003864812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f0614433438dc32021-12-22 11:51:39.943root 11241100x80000000000000003864813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02acdb9498bf9cb72021-12-22 11:51:39.943root 11241100x80000000000000003864814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d607282b079d6e5a2021-12-22 11:51:39.944root 11241100x80000000000000003864815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc23e7671d3c1c212021-12-22 11:51:39.944root 11241100x80000000000000003864816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75fc1d9214331732021-12-22 11:51:39.944root 354300x80000000000000003864817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:40.085{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55558-false10.0.1.12-8000- 11241100x80000000000000003864818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ab636a1426738b2021-12-22 11:51:40.443root 11241100x80000000000000003864819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9987417f7e35bc2021-12-22 11:51:40.443root 11241100x80000000000000003864820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2a7e0cd1b495cc2021-12-22 11:51:40.443root 11241100x80000000000000003864821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4126f873579593bc2021-12-22 11:51:40.443root 11241100x80000000000000003864822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b19fc5d7b935d32021-12-22 11:51:40.443root 11241100x80000000000000003864823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30d86ecadb29a042021-12-22 11:51:40.443root 11241100x80000000000000003864824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7943ce353c87cf302021-12-22 11:51:40.443root 11241100x80000000000000003864825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23a3267221e95862021-12-22 11:51:40.443root 11241100x80000000000000003864826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d1c56d9d6428bb2021-12-22 11:51:40.443root 11241100x80000000000000003864827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd9b06a7dc0de2c2021-12-22 11:51:40.444root 11241100x80000000000000003864828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06a0edccbf3646e2021-12-22 11:51:40.444root 11241100x80000000000000003864829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25587dec67b572b2021-12-22 11:51:40.444root 11241100x80000000000000003864830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274c8fa7b2ff037b2021-12-22 11:51:40.444root 11241100x80000000000000003864831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:40.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc27ddda286b20e2021-12-22 11:51:40.942root 11241100x80000000000000003864832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15370f668653eef22021-12-22 11:51:40.943root 11241100x80000000000000003864833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba43e4c037b829a2021-12-22 11:51:40.943root 11241100x80000000000000003864834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dcc96d06fa372592021-12-22 11:51:40.943root 11241100x80000000000000003864835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c5dca7e829b4be2021-12-22 11:51:40.943root 11241100x80000000000000003864836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af4e1e2e374fd542021-12-22 11:51:40.943root 11241100x80000000000000003864837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c617deddab4c88be2021-12-22 11:51:40.943root 11241100x80000000000000003864838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54138604fe886ebf2021-12-22 11:51:40.943root 11241100x80000000000000003864839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56933d9fe06b5cae2021-12-22 11:51:40.943root 11241100x80000000000000003864840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6fb0883c869e4a2021-12-22 11:51:40.943root 11241100x80000000000000003864841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85087d2c3669bd0d2021-12-22 11:51:40.943root 11241100x80000000000000003864842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91e3efc9e0f1ae02021-12-22 11:51:40.943root 11241100x80000000000000003864843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a989858c9fa3f4532021-12-22 11:51:40.944root 11241100x80000000000000003864844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41ed4b82490d0442021-12-22 11:51:41.443root 11241100x80000000000000003864845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23957864bd7063a22021-12-22 11:51:41.443root 11241100x80000000000000003864846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b622767d820d9f2021-12-22 11:51:41.443root 11241100x80000000000000003864847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc11a176ff3b40b2021-12-22 11:51:41.443root 11241100x80000000000000003864848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6318cb523b773c362021-12-22 11:51:41.443root 11241100x80000000000000003864849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6cd55d6cb771f42021-12-22 11:51:41.443root 11241100x80000000000000003864850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8a9504730de2e92021-12-22 11:51:41.443root 11241100x80000000000000003864851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd360927408353c2021-12-22 11:51:41.444root 11241100x80000000000000003864852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc493758fe01b032021-12-22 11:51:41.444root 11241100x80000000000000003864853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797697817860ebfb2021-12-22 11:51:41.444root 11241100x80000000000000003864854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9965f0816cac14f12021-12-22 11:51:41.444root 11241100x80000000000000003864855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc81eb19cdd2f4622021-12-22 11:51:41.444root 11241100x80000000000000003864856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db8aac6c193f77d2021-12-22 11:51:41.445root 11241100x80000000000000003864857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c5d2b57ae75c512021-12-22 11:51:41.943root 11241100x80000000000000003864858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03c7c74b43cae622021-12-22 11:51:41.943root 11241100x80000000000000003864859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5cd1bc30c460a42021-12-22 11:51:41.943root 11241100x80000000000000003864860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2699023ba0fcbb6b2021-12-22 11:51:41.943root 11241100x80000000000000003864861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2be9343c23bdaa2021-12-22 11:51:41.943root 11241100x80000000000000003864862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0362c2dcbd28052021-12-22 11:51:41.943root 11241100x80000000000000003864863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f2abd093fa17ff2021-12-22 11:51:41.943root 11241100x80000000000000003864864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e0d0ebf1ee08bb2021-12-22 11:51:41.943root 11241100x80000000000000003864865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47778eb82daf37682021-12-22 11:51:41.943root 11241100x80000000000000003864866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0334c0d34e4014c2021-12-22 11:51:41.943root 11241100x80000000000000003864867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832598f2d501d4ca2021-12-22 11:51:41.944root 11241100x80000000000000003864868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e71d864afc90ee2021-12-22 11:51:41.944root 11241100x80000000000000003864869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20071416bb46e1692021-12-22 11:51:41.944root 11241100x80000000000000003864870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f7e21a0e8ba7102021-12-22 11:51:42.443root 11241100x80000000000000003864871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748017fa703432ad2021-12-22 11:51:42.443root 11241100x80000000000000003864872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df797aef395625e32021-12-22 11:51:42.443root 11241100x80000000000000003864873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420a17f4117726ed2021-12-22 11:51:42.443root 11241100x80000000000000003864874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee87ee7eed0035f2021-12-22 11:51:42.443root 11241100x80000000000000003864875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a569786d4306f62021-12-22 11:51:42.443root 11241100x80000000000000003864876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6d5f8be4c8fc0c2021-12-22 11:51:42.443root 11241100x80000000000000003864877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8561527301c11532021-12-22 11:51:42.443root 11241100x80000000000000003864878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ddcf22a17af2352021-12-22 11:51:42.443root 11241100x80000000000000003864879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92f79aa713fefff2021-12-22 11:51:42.443root 11241100x80000000000000003864880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6866afa1617bbfc72021-12-22 11:51:42.443root 11241100x80000000000000003864881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c769a0dbf37ee8d42021-12-22 11:51:42.444root 11241100x80000000000000003864882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515e35a9bfe95b822021-12-22 11:51:42.444root 11241100x80000000000000003864883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4a182aee8f2e8e2021-12-22 11:51:42.943root 11241100x80000000000000003864884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a691fb9a38bb852021-12-22 11:51:42.943root 11241100x80000000000000003864885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7980ee420ba6d8cf2021-12-22 11:51:42.943root 11241100x80000000000000003864886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c948a8ad5e04183f2021-12-22 11:51:42.943root 11241100x80000000000000003864887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9405fa454484cf262021-12-22 11:51:42.943root 11241100x80000000000000003864888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7f7b54a870d94c2021-12-22 11:51:42.943root 11241100x80000000000000003864889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95d5a2725b24fa32021-12-22 11:51:42.944root 11241100x80000000000000003864890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92f6973623e902f2021-12-22 11:51:42.944root 11241100x80000000000000003864891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3943022f71f0502021-12-22 11:51:42.944root 11241100x80000000000000003864892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b2d90ac3c659292021-12-22 11:51:42.944root 11241100x80000000000000003864893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b453568b5f566beb2021-12-22 11:51:42.944root 11241100x80000000000000003864894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3003163760b886742021-12-22 11:51:42.944root 11241100x80000000000000003864895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d760bec9b68cbdf02021-12-22 11:51:42.944root 11241100x80000000000000003864896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1357748b630eb52021-12-22 11:51:43.443root 11241100x80000000000000003864897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbdb06ae4ebf08532021-12-22 11:51:43.443root 11241100x80000000000000003864898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191ac9f9404bbac12021-12-22 11:51:43.443root 11241100x80000000000000003864899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cece862219b834f2021-12-22 11:51:43.443root 11241100x80000000000000003864900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351099d3d8cdf40b2021-12-22 11:51:43.443root 11241100x80000000000000003864901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2bd827260703f72021-12-22 11:51:43.443root 11241100x80000000000000003864902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0039e27c6e8564002021-12-22 11:51:43.444root 11241100x80000000000000003864903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a029b709f9de212021-12-22 11:51:43.444root 11241100x80000000000000003864904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2c04d7ac1be6972021-12-22 11:51:43.444root 11241100x80000000000000003864905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bedd33fff266ce92021-12-22 11:51:43.444root 11241100x80000000000000003864906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37577ea3eccb7c92021-12-22 11:51:43.444root 11241100x80000000000000003864907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6d3beca8fa64822021-12-22 11:51:43.444root 11241100x80000000000000003864908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faca901781df67942021-12-22 11:51:43.444root 11241100x80000000000000003864909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb6dff69c7ab4722021-12-22 11:51:43.943root 11241100x80000000000000003864910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec79e3859cca9d12021-12-22 11:51:43.943root 11241100x80000000000000003864911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2166e3511f5f94102021-12-22 11:51:43.943root 11241100x80000000000000003864912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0c66b73da0e7ef2021-12-22 11:51:43.943root 11241100x80000000000000003864913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ea0e3d9b56fefa2021-12-22 11:51:43.943root 11241100x80000000000000003864914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80263174e393ebe12021-12-22 11:51:43.944root 11241100x80000000000000003864915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494e2aa86b90e75a2021-12-22 11:51:43.944root 11241100x80000000000000003864916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30d9c2243d84e1d2021-12-22 11:51:43.944root 11241100x80000000000000003864917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b30dc29294194e2021-12-22 11:51:43.944root 11241100x80000000000000003864918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4cb861e322d7bda2021-12-22 11:51:43.944root 11241100x80000000000000003864919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6875fed16cbe2042021-12-22 11:51:43.944root 11241100x80000000000000003864920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35caa3a89022b2a32021-12-22 11:51:43.944root 11241100x80000000000000003864921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3ad163956763e22021-12-22 11:51:43.944root 11241100x80000000000000003864922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403e4e261c2e45df2021-12-22 11:51:44.443root 11241100x80000000000000003864923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984d166e3b2a42fa2021-12-22 11:51:44.443root 11241100x80000000000000003864924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e6bc068c45492e2021-12-22 11:51:44.443root 11241100x80000000000000003864925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb0efecf55023332021-12-22 11:51:44.443root 11241100x80000000000000003864926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5b9d1e8890deed2021-12-22 11:51:44.443root 11241100x80000000000000003864927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a8e4d601223d432021-12-22 11:51:44.444root 11241100x80000000000000003864928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a7a48ef19510d52021-12-22 11:51:44.444root 11241100x80000000000000003864929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e17e60d821ce982021-12-22 11:51:44.444root 11241100x80000000000000003864930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9357d96d045de62021-12-22 11:51:44.444root 11241100x80000000000000003864931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398426ec7845fbc32021-12-22 11:51:44.444root 11241100x80000000000000003864932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0e313dfa38e6412021-12-22 11:51:44.444root 11241100x80000000000000003864933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24384cd07c7370672021-12-22 11:51:44.444root 11241100x80000000000000003864934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3336c8ecb26a7332021-12-22 11:51:44.444root 11241100x80000000000000003864935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91af14fb7a23e0fe2021-12-22 11:51:44.943root 11241100x80000000000000003864936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074d5d731c8b2f6c2021-12-22 11:51:44.943root 11241100x80000000000000003864937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987476b816c89e582021-12-22 11:51:44.943root 11241100x80000000000000003864938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43327572d1aa97992021-12-22 11:51:44.944root 11241100x80000000000000003864939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9b07225c110fdb2021-12-22 11:51:44.944root 11241100x80000000000000003864940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb4253a0459102e2021-12-22 11:51:44.944root 11241100x80000000000000003864941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4bc02048da5b0fa2021-12-22 11:51:44.944root 11241100x80000000000000003864942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a5aa572f2eea1f2021-12-22 11:51:44.945root 11241100x80000000000000003864943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce3ffe9390a7fb22021-12-22 11:51:44.945root 11241100x80000000000000003864944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95aec8fe90098e482021-12-22 11:51:44.945root 11241100x80000000000000003864945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d708e7cb4623c22021-12-22 11:51:44.945root 11241100x80000000000000003864946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666bab5cf1282b322021-12-22 11:51:44.945root 11241100x80000000000000003864947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1466e386cdcc6ed2021-12-22 11:51:44.945root 354300x80000000000000003864948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:45.123{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55560-false10.0.1.12-8000- 11241100x80000000000000003864949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0661549c6dc1c4f72021-12-22 11:51:45.443root 11241100x80000000000000003864950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd752e7aef2f46c2021-12-22 11:51:45.443root 11241100x80000000000000003864951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471413e3b54c00ef2021-12-22 11:51:45.443root 11241100x80000000000000003864952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070d255c3bba7d542021-12-22 11:51:45.443root 11241100x80000000000000003864953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d809dec8d7081cb12021-12-22 11:51:45.443root 11241100x80000000000000003864954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bacbf5ce4d26f4b12021-12-22 11:51:45.443root 11241100x80000000000000003864955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be16b9025bb89772021-12-22 11:51:45.443root 11241100x80000000000000003864956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e123ddd00659042021-12-22 11:51:45.443root 11241100x80000000000000003864957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e55e72a5c33ccbf2021-12-22 11:51:45.444root 11241100x80000000000000003864958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89c8a905129cc5e2021-12-22 11:51:45.444root 11241100x80000000000000003864959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d430cbdb7a563dee2021-12-22 11:51:45.444root 11241100x80000000000000003864960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cd4854fec5fc152021-12-22 11:51:45.444root 11241100x80000000000000003864961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834b7c789fc66bae2021-12-22 11:51:45.444root 11241100x80000000000000003864962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0622ca41c1c1e7622021-12-22 11:51:45.444root 11241100x80000000000000003864963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ddc7a42b34f57cb2021-12-22 11:51:45.943root 11241100x80000000000000003864964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a51df76ea768f9c2021-12-22 11:51:45.943root 11241100x80000000000000003864965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ea66673ec1f76e2021-12-22 11:51:45.943root 11241100x80000000000000003864966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67945ff654639cc52021-12-22 11:51:45.943root 11241100x80000000000000003864967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77879adeee6400382021-12-22 11:51:45.943root 11241100x80000000000000003864968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74892574c49b2142021-12-22 11:51:45.943root 11241100x80000000000000003864969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc49c9debd50773c2021-12-22 11:51:45.944root 11241100x80000000000000003864970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc62b49490b1d6fa2021-12-22 11:51:45.944root 11241100x80000000000000003864971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfe3e960ffed8402021-12-22 11:51:45.944root 11241100x80000000000000003864972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3468a57b0a897452021-12-22 11:51:45.944root 11241100x80000000000000003864973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b0e5d8827ff18b2021-12-22 11:51:45.944root 11241100x80000000000000003864974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447451d7b7923c5e2021-12-22 11:51:45.944root 11241100x80000000000000003864975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183f57b841e09d9c2021-12-22 11:51:45.944root 11241100x80000000000000003864976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d06ed7fac953822021-12-22 11:51:45.944root 11241100x80000000000000003864977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d825a855df5f9f6a2021-12-22 11:51:46.442root 11241100x80000000000000003864978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60482c5c972e04782021-12-22 11:51:46.443root 11241100x80000000000000003864979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486b234a48c8accf2021-12-22 11:51:46.443root 11241100x80000000000000003864980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399a3c16ac6564832021-12-22 11:51:46.443root 11241100x80000000000000003864981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f156f54f8b03742021-12-22 11:51:46.443root 11241100x80000000000000003864982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e9afedb8ea53332021-12-22 11:51:46.443root 11241100x80000000000000003864983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3319e105ee9dc02021-12-22 11:51:46.443root 11241100x80000000000000003864984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db028ed3dbce78ef2021-12-22 11:51:46.443root 11241100x80000000000000003864985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0bb6c91094881c2021-12-22 11:51:46.443root 11241100x80000000000000003864986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f47db604b531222021-12-22 11:51:46.443root 11241100x80000000000000003864987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ffdb5050f16b9a22021-12-22 11:51:46.444root 11241100x80000000000000003864988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3749ea23fcff4e1c2021-12-22 11:51:46.444root 11241100x80000000000000003864989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e79c577c2cc8e22021-12-22 11:51:46.444root 11241100x80000000000000003864990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aef7f61680b44302021-12-22 11:51:46.444root 534500x80000000000000003864991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.818{00000000-0000-0000-0000-000000000000}19123<unknown process>ubuntu 11241100x80000000000000003864992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.818{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de063ba2d2a6cffa2021-12-22 11:51:46.818root 11241100x80000000000000003864993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.818{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d43ea9118244d12021-12-22 11:51:46.818root 11241100x80000000000000003864994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.819{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd74298be4c7b6b92021-12-22 11:51:46.819root 11241100x80000000000000003864995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.819{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a3e8546dfab07c2021-12-22 11:51:46.819root 11241100x80000000000000003864996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.819{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf7a6783d8cd7482021-12-22 11:51:46.819root 11241100x80000000000000003864997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.819{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06cde817fd9af16d2021-12-22 11:51:46.819root 11241100x80000000000000003864998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.819{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf036dec1596296d2021-12-22 11:51:46.819root 11241100x80000000000000003864999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.819{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885295df94c4cafb2021-12-22 11:51:46.819root 11241100x80000000000000003865000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.819{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd860d4fb35840252021-12-22 11:51:46.819root 534500x80000000000000003865001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.819{00000000-0000-0000-0000-000000000000}19124<unknown process>ubuntu 11241100x80000000000000003865002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.819{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a347440caafa7912021-12-22 11:51:46.819root 11241100x80000000000000003865003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.820{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488294c73562a7dd2021-12-22 11:51:46.820root 11241100x80000000000000003865004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.820{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81da4cabfc77a03b2021-12-22 11:51:46.820root 11241100x80000000000000003865005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.820{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dedc16d332949662021-12-22 11:51:46.820root 11241100x80000000000000003865006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.819{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash/tmp/sh-thd.STkMAu2021-12-22 11:51:46.819ubuntu 23542300x80000000000000003865007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.820{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702ubuntu/bin/bash/tmp/sh-thd.STkMAu--- 11241100x80000000000000003865008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.820{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3928b0d464840ea52021-12-22 11:51:46.820root 11241100x80000000000000003865009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.820{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be6f2caa032779a2021-12-22 11:51:46.820root 11241100x80000000000000003865010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.820{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb754ba40c9b335e2021-12-22 11:51:46.820root 11241100x80000000000000003865011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.820{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a056528efe3dd482021-12-22 11:51:46.820root 11241100x80000000000000003865012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.820{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39739cbde90b052b2021-12-22 11:51:46.820root 11241100x80000000000000003865013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.821{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d687399e76fbd74e2021-12-22 11:51:46.821root 11241100x80000000000000003865014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.821{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8398e86fd758315e2021-12-22 11:51:46.821root 11241100x80000000000000003865015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.821{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d58b580971e6e642021-12-22 11:51:46.821root 11241100x80000000000000003865016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.821{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5121f4ecd9035152021-12-22 11:51:46.821root 11241100x80000000000000003865017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.821{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ce4ee4d63b83902021-12-22 11:51:46.821root 11241100x80000000000000003865018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.821{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f933658526c12fa52021-12-22 11:51:46.821root 11241100x80000000000000003865019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.821{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5193dc94ed9f4412021-12-22 11:51:46.821root 11241100x80000000000000003865020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.822{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30af8ec089fbb8ee2021-12-22 11:51:46.822root 11241100x80000000000000003865021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.822{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bc2cb805b0ddc42021-12-22 11:51:46.822root 11241100x80000000000000003865022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.822{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5a5a9db1379e462021-12-22 11:51:46.822root 11241100x80000000000000003865023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.822{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdcc98c8a56eaee12021-12-22 11:51:46.822root 11241100x80000000000000003865024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.822{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7649d9f0193ecb2021-12-22 11:51:46.822root 11241100x80000000000000003865025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.822{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c669975f0b103ca12021-12-22 11:51:46.822root 11241100x80000000000000003865026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.822{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1eaef71d0926702021-12-22 11:51:46.822root 11241100x80000000000000003865027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.822{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b85cc38d4acc56c2021-12-22 11:51:46.822root 11241100x80000000000000003865028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.823{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d966b01445f9b2f2021-12-22 11:51:46.823root 11241100x80000000000000003865029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.823{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711a6d56e810bd802021-12-22 11:51:46.823root 11241100x80000000000000003865030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.823{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78443fc5ad0bf4d32021-12-22 11:51:46.823root 11241100x80000000000000003865031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.823{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e3a316c26da7152021-12-22 11:51:46.823root 11241100x80000000000000003865032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.823{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f7fb0b7603c8ef2021-12-22 11:51:46.823root 11241100x80000000000000003865033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.823{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73503692a9bdf0392021-12-22 11:51:46.823root 11241100x80000000000000003865034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.823{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132a74a1eefcd6e62021-12-22 11:51:46.823root 11241100x80000000000000003865035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.823{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f620f23ed8764acd2021-12-22 11:51:46.823root 11241100x80000000000000003865036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.824{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af458bc41ef3b3012021-12-22 11:51:46.824root 11241100x80000000000000003865037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.824{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18f9a99987caf6f2021-12-22 11:51:46.824root 11241100x80000000000000003865038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.824{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e81a75610d01742021-12-22 11:51:46.824root 11241100x80000000000000003865039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.824{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff06327609b1f4722021-12-22 11:51:46.824root 11241100x80000000000000003865040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.824{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e1ebc076ffb5d92021-12-22 11:51:46.824root 11241100x80000000000000003865041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.825{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8861f3eef1d05212021-12-22 11:51:46.825root 11241100x80000000000000003865042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.825{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53bc827805d097e92021-12-22 11:51:46.825root 11241100x80000000000000003865043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.825{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d36fd290e541b202021-12-22 11:51:46.825root 11241100x80000000000000003865044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.825{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f90a0603a634b882021-12-22 11:51:46.825root 11241100x80000000000000003865045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.825{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4131acedd2e922822021-12-22 11:51:46.825root 11241100x80000000000000003865046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.825{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab561d859f21b022021-12-22 11:51:46.825root 11241100x80000000000000003865047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.825{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e3bd200d70ec212021-12-22 11:51:46.825root 11241100x80000000000000003865048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.826{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6118f192cdd832562021-12-22 11:51:46.826root 11241100x80000000000000003865049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.826{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738a78d1723e67782021-12-22 11:51:46.826root 11241100x80000000000000003865050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.826{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887210d2f3a4a2c52021-12-22 11:51:46.826root 11241100x80000000000000003865051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.826{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5edb524ed86d0f682021-12-22 11:51:46.826root 11241100x80000000000000003865052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.826{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7faa87d90949c342021-12-22 11:51:46.826root 11241100x80000000000000003865053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.826{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f164fff1c44a0a152021-12-22 11:51:46.826root 11241100x80000000000000003865054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.826{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40edff4f887069a42021-12-22 11:51:46.826root 11241100x80000000000000003865055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.826{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4ad107bda0bf5a2021-12-22 11:51:46.826root 11241100x80000000000000003865056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.826{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8b4e01535c30e62021-12-22 11:51:46.826root 11241100x80000000000000003865057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.827{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1194c85b6ccb9612021-12-22 11:51:46.827root 11241100x80000000000000003865058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.827{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce658360cb4886e2021-12-22 11:51:46.827root 11241100x80000000000000003865059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.827{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50199c787990da7b2021-12-22 11:51:46.827root 11241100x80000000000000003865060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.827{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c5c9372a6d527b2021-12-22 11:51:46.827root 11241100x80000000000000003865061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.827{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b66960d397ed922021-12-22 11:51:46.827root 11241100x80000000000000003865062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.827{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac4eb5c1dfdc2692021-12-22 11:51:46.827root 11241100x80000000000000003865063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:46.827{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795ae58a0c72d8542021-12-22 11:51:46.827root 11241100x80000000000000003865064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0704f2b0fcb8ae2021-12-22 11:51:47.193root 11241100x80000000000000003865065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d9b8c5f31e73ba2021-12-22 11:51:47.193root 11241100x80000000000000003865066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577ba464b0fda8b42021-12-22 11:51:47.194root 11241100x80000000000000003865067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5568dd381c295b2021-12-22 11:51:47.194root 11241100x80000000000000003865068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c11e4632889e0392021-12-22 11:51:47.194root 11241100x80000000000000003865069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9ca85b6053361d2021-12-22 11:51:47.194root 11241100x80000000000000003865070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e845b079463261eb2021-12-22 11:51:47.194root 11241100x80000000000000003865071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57277b71c4fed51b2021-12-22 11:51:47.194root 11241100x80000000000000003865072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c345b4aa8261195e2021-12-22 11:51:47.194root 11241100x80000000000000003865073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1a1ae15cee2a512021-12-22 11:51:47.194root 11241100x80000000000000003865074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c20ee18d6c8c32f2021-12-22 11:51:47.194root 11241100x80000000000000003865075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb507476d89d5bc2021-12-22 11:51:47.194root 11241100x80000000000000003865076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a926fbbfaecaeb02021-12-22 11:51:47.194root 11241100x80000000000000003865077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628169fbf6c5ad092021-12-22 11:51:47.194root 11241100x80000000000000003865078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0a6a037d276b742021-12-22 11:51:47.194root 11241100x80000000000000003865079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee628a96182519f2021-12-22 11:51:47.195root 11241100x80000000000000003865080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1bcbf517d1cdce2021-12-22 11:51:47.195root 11241100x80000000000000003865081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a474865f34e52802021-12-22 11:51:47.195root 154100x80000000000000003865082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.347{ec2b6afe-1153-61c3-8032-71faf5550000}19125/bin/nano-----nano run_dllhook.c/home/ubuntuubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 11241100x80000000000000003865083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.366{ec2b6afe-1153-61c3-8032-71faf5550000}19125/bin/nano/home/ubuntu/.run_dllhook.c.swp2021-12-22 11:51:47.366ubuntu 11241100x80000000000000003865084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7a7a175b154af62021-12-22 11:51:47.693root 11241100x80000000000000003865085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ae8932024398f72021-12-22 11:51:47.693root 11241100x80000000000000003865086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca010f3bd59b2382021-12-22 11:51:47.693root 11241100x80000000000000003865087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410a7963a19d7f932021-12-22 11:51:47.693root 11241100x80000000000000003865088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8331d2c3de22bdbd2021-12-22 11:51:47.693root 11241100x80000000000000003865089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20421d6e8194a4f72021-12-22 11:51:47.694root 11241100x80000000000000003865090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c238cf7df7c2bf312021-12-22 11:51:47.694root 11241100x80000000000000003865091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d92bab5a67b3972021-12-22 11:51:47.694root 11241100x80000000000000003865092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39ff65de90aa99f2021-12-22 11:51:47.694root 11241100x80000000000000003865093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c827197de158002021-12-22 11:51:47.694root 11241100x80000000000000003865094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e44ca3c80e3be1d2021-12-22 11:51:47.694root 11241100x80000000000000003865095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed6e6b223013b8d2021-12-22 11:51:47.694root 11241100x80000000000000003865096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385d9ad255e1ee452021-12-22 11:51:47.694root 11241100x80000000000000003865097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9cb5df817e363392021-12-22 11:51:47.694root 11241100x80000000000000003865098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27939b1f51f95432021-12-22 11:51:47.694root 11241100x80000000000000003865099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca58536f679fb2df2021-12-22 11:51:47.695root 11241100x80000000000000003865100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043b3292bf45b6d02021-12-22 11:51:47.695root 11241100x80000000000000003865101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72df91f379aebfa02021-12-22 11:51:47.695root 11241100x80000000000000003865102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e2839705782a1c2021-12-22 11:51:47.695root 11241100x80000000000000003865103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337ef996681fc66e2021-12-22 11:51:47.695root 11241100x80000000000000003865104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2245466bace5c32021-12-22 11:51:48.193root 11241100x80000000000000003865105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb7c134198d2f152021-12-22 11:51:48.194root 11241100x80000000000000003865106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e82366653ddc242021-12-22 11:51:48.194root 11241100x80000000000000003865107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b10f458af5ce2002021-12-22 11:51:48.194root 11241100x80000000000000003865108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc6498849cf869f2021-12-22 11:51:48.194root 11241100x80000000000000003865109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4f656927828af32021-12-22 11:51:48.194root 11241100x80000000000000003865110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b82b105c275c802021-12-22 11:51:48.194root 11241100x80000000000000003865111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637e52b8053f25dc2021-12-22 11:51:48.194root 11241100x80000000000000003865112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bfca487cda31b642021-12-22 11:51:48.194root 11241100x80000000000000003865113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de95572734eed7632021-12-22 11:51:48.194root 11241100x80000000000000003865114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6bbbc8035c14e22021-12-22 11:51:48.194root 11241100x80000000000000003865115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1cc4dba3a3bc0d2021-12-22 11:51:48.195root 11241100x80000000000000003865116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a8c45aadd35b7f2021-12-22 11:51:48.195root 11241100x80000000000000003865117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8aefd7e8f0f6dff2021-12-22 11:51:48.195root 11241100x80000000000000003865118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545e612eafb0399c2021-12-22 11:51:48.195root 11241100x80000000000000003865119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a608a44c9463205c2021-12-22 11:51:48.195root 11241100x80000000000000003865120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9292523af3b767aa2021-12-22 11:51:48.195root 11241100x80000000000000003865121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a5f4c05f6dc5602021-12-22 11:51:48.195root 11241100x80000000000000003865122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28a80697326f8d02021-12-22 11:51:48.195root 11241100x80000000000000003865123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99b1a9f5ed416392021-12-22 11:51:48.195root 11241100x80000000000000003865124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f553ecfb92290e2021-12-22 11:51:48.693root 11241100x80000000000000003865125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997a2540c8a795712021-12-22 11:51:48.693root 11241100x80000000000000003865126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13b782328eb4a6e2021-12-22 11:51:48.693root 11241100x80000000000000003865127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119e3339563a61522021-12-22 11:51:48.693root 11241100x80000000000000003865128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a756e706ea780e9e2021-12-22 11:51:48.693root 11241100x80000000000000003865129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52265fa4ccfdc6852021-12-22 11:51:48.694root 11241100x80000000000000003865130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c07eb700a9f97472021-12-22 11:51:48.694root 11241100x80000000000000003865131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f036ee7a616b80cb2021-12-22 11:51:48.694root 11241100x80000000000000003865132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87444ab78e5f66cd2021-12-22 11:51:48.694root 11241100x80000000000000003865133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd5d5c694c3a1fa2021-12-22 11:51:48.694root 11241100x80000000000000003865134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d75c4529c2ed0c82021-12-22 11:51:48.694root 11241100x80000000000000003865135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bb57283d701f3d2021-12-22 11:51:48.694root 11241100x80000000000000003865136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9777031e9914f82021-12-22 11:51:48.694root 11241100x80000000000000003865137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23c05bddf0dca4e2021-12-22 11:51:48.694root 11241100x80000000000000003865138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1cf3314f6af7932021-12-22 11:51:48.694root 11241100x80000000000000003865139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181f7fa50851b7352021-12-22 11:51:48.695root 11241100x80000000000000003865140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb00cac679560cc62021-12-22 11:51:48.695root 11241100x80000000000000003865141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a61705319a393a2021-12-22 11:51:48.695root 11241100x80000000000000003865142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f7f05cc31cf8f32021-12-22 11:51:48.695root 11241100x80000000000000003865143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf533eb98aa716d92021-12-22 11:51:48.695root 11241100x80000000000000003865144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6ae90a8ccdac4e2021-12-22 11:51:49.193root 11241100x80000000000000003865145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28114ce9f6afb97f2021-12-22 11:51:49.193root 11241100x80000000000000003865146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be3f04cdd36173e2021-12-22 11:51:49.193root 11241100x80000000000000003865147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db049d17b79f60c92021-12-22 11:51:49.193root 11241100x80000000000000003865148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e7354c86b65b022021-12-22 11:51:49.194root 11241100x80000000000000003865149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b849034bc44a1f812021-12-22 11:51:49.194root 11241100x80000000000000003865150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5d639f18734b552021-12-22 11:51:49.194root 11241100x80000000000000003865151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b71764081dcd1c2021-12-22 11:51:49.194root 11241100x80000000000000003865152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93a9739b1f377202021-12-22 11:51:49.194root 11241100x80000000000000003865153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397ac1904886e63a2021-12-22 11:51:49.194root 11241100x80000000000000003865154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7741519829198fdb2021-12-22 11:51:49.194root 11241100x80000000000000003865155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e56f177dad2a0402021-12-22 11:51:49.194root 11241100x80000000000000003865156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f841d11bc4299c302021-12-22 11:51:49.194root 11241100x80000000000000003865157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2273454026df572021-12-22 11:51:49.194root 11241100x80000000000000003865158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8679a6e0832698852021-12-22 11:51:49.194root 11241100x80000000000000003865159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d761bba72032bd232021-12-22 11:51:49.195root 11241100x80000000000000003865160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef1493bc84ac9862021-12-22 11:51:49.195root 11241100x80000000000000003865161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c665f213806d98132021-12-22 11:51:49.195root 11241100x80000000000000003865162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db8494df9fa9c8432021-12-22 11:51:49.195root 11241100x80000000000000003865163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e01f6c64707fa32021-12-22 11:51:49.195root 11241100x80000000000000003865164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9b37b68e28ec0f2021-12-22 11:51:49.693root 11241100x80000000000000003865165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9dd1b85f774ee2b2021-12-22 11:51:49.693root 11241100x80000000000000003865166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e37778c728461fe2021-12-22 11:51:49.693root 11241100x80000000000000003865167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654d9d0295c639c32021-12-22 11:51:49.693root 11241100x80000000000000003865168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61cd13b5bb15c5742021-12-22 11:51:49.693root 11241100x80000000000000003865169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b0a0945f937ea152021-12-22 11:51:49.693root 11241100x80000000000000003865170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2150b74b5ca569ed2021-12-22 11:51:49.693root 11241100x80000000000000003865171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8539185af3da37462021-12-22 11:51:49.693root 11241100x80000000000000003865172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038ed6ef7b98e8c82021-12-22 11:51:49.694root 11241100x80000000000000003865173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d552551cf5f080262021-12-22 11:51:49.694root 11241100x80000000000000003865174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff0f7cb7b08fd492021-12-22 11:51:49.694root 11241100x80000000000000003865175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c843b44e235fcbb92021-12-22 11:51:49.694root 11241100x80000000000000003865176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69bb3221730bc09b2021-12-22 11:51:49.694root 11241100x80000000000000003865177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48589e2d0b2efaad2021-12-22 11:51:49.694root 11241100x80000000000000003865178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658c9d8c060f26202021-12-22 11:51:49.694root 11241100x80000000000000003865179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f4c921af77ee752021-12-22 11:51:49.694root 11241100x80000000000000003865180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541dc473a004383a2021-12-22 11:51:49.694root 11241100x80000000000000003865181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542f3e6fc73217672021-12-22 11:51:49.695root 11241100x80000000000000003865182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b1c150ff04dde82021-12-22 11:51:49.695root 11241100x80000000000000003865183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9d4fba9ab803ed2021-12-22 11:51:49.695root 11241100x80000000000000003865184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396b9f7fdf1b96512021-12-22 11:51:49.695root 354300x80000000000000003865185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.161{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55562-false10.0.1.12-8000- 11241100x80000000000000003865186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.162{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959dcd82f522f3992021-12-22 11:51:50.162root 11241100x80000000000000003865187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.162{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a675035ba6b042792021-12-22 11:51:50.162root 11241100x80000000000000003865188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68507307c67149812021-12-22 11:51:50.163root 11241100x80000000000000003865189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f44da486dfe003c2021-12-22 11:51:50.163root 11241100x80000000000000003865190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497b7038c010aae12021-12-22 11:51:50.163root 11241100x80000000000000003865191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fecd7484984d85c2021-12-22 11:51:50.163root 11241100x80000000000000003865192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d74ac247df01fe2021-12-22 11:51:50.163root 11241100x80000000000000003865193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b6107f2fc6ed652021-12-22 11:51:50.163root 11241100x80000000000000003865194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef624fd7b5136ac02021-12-22 11:51:50.163root 11241100x80000000000000003865195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78da76abddfcc25d2021-12-22 11:51:50.163root 11241100x80000000000000003865196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0f39695217b1542021-12-22 11:51:50.163root 11241100x80000000000000003865197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333a4b87f8b196b32021-12-22 11:51:50.163root 11241100x80000000000000003865198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43fc2701210525b92021-12-22 11:51:50.163root 11241100x80000000000000003865199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86097da26874cf242021-12-22 11:51:50.163root 11241100x80000000000000003865200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d99d3ee1fcabcbf2021-12-22 11:51:50.163root 11241100x80000000000000003865201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.164{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bb606aa49bc1df2021-12-22 11:51:50.164root 11241100x80000000000000003865202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.164{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a8b09a0e37cfbc2021-12-22 11:51:50.164root 11241100x80000000000000003865203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.164{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd2eb69b6fb46952021-12-22 11:51:50.164root 11241100x80000000000000003865204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.164{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0195c5f93eec25912021-12-22 11:51:50.164root 11241100x80000000000000003865205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.164{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a93a3f6996e61eb2021-12-22 11:51:50.164root 11241100x80000000000000003865206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.164{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8edd6c861a3fc662021-12-22 11:51:50.164root 11241100x80000000000000003865207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.164{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc51b65eefe4f032021-12-22 11:51:50.164root 11241100x80000000000000003865208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.164{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2914d605d908d92021-12-22 11:51:50.164root 11241100x80000000000000003865209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.164{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39814c1c2ada3e602021-12-22 11:51:50.164root 11241100x80000000000000003865210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b36d40349da5122021-12-22 11:51:50.443root 11241100x80000000000000003865211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc99ed9ece252a802021-12-22 11:51:50.443root 11241100x80000000000000003865212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8413482dfd6f86db2021-12-22 11:51:50.443root 11241100x80000000000000003865213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0f3ebee19e32012021-12-22 11:51:50.444root 11241100x80000000000000003865214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed7839a355cd3072021-12-22 11:51:50.444root 11241100x80000000000000003865215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae397376019de072021-12-22 11:51:50.444root 11241100x80000000000000003865216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcec3621d138f8f42021-12-22 11:51:50.444root 11241100x80000000000000003865217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c560569eeb78e8dd2021-12-22 11:51:50.444root 11241100x80000000000000003865218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b7c3afd79788062021-12-22 11:51:50.444root 11241100x80000000000000003865219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ffac02a1c90ad922021-12-22 11:51:50.444root 11241100x80000000000000003865220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc0870bdf30899f2021-12-22 11:51:50.444root 11241100x80000000000000003865221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be7b7ff343c6a2f2021-12-22 11:51:50.444root 11241100x80000000000000003865222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f506faf4e4ca78d2021-12-22 11:51:50.445root 11241100x80000000000000003865223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca3ab35fee2e3ae2021-12-22 11:51:50.445root 11241100x80000000000000003865224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8f3151a01ae94c2021-12-22 11:51:50.445root 11241100x80000000000000003865225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04c4d97a254e72a2021-12-22 11:51:50.445root 11241100x80000000000000003865226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc4c493d18a67e32021-12-22 11:51:50.446root 11241100x80000000000000003865227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012de2d76b2085482021-12-22 11:51:50.446root 11241100x80000000000000003865228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756d9690e1e6db102021-12-22 11:51:50.446root 11241100x80000000000000003865229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815bfe87416132ba2021-12-22 11:51:50.447root 11241100x80000000000000003865230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f6a2f85cc8d3dd2021-12-22 11:51:50.447root 23542300x80000000000000003865231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.533{ec2b6afe-1153-61c3-8032-71faf5550000}19125ubuntu/bin/nano/home/ubuntu/./.run_dllhook.c.swp--- 11241100x80000000000000003865232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.533{ec2b6afe-1153-61c3-8032-71faf5550000}19125/bin/nano/home/ubuntu/.run_dllhook.c.swp2021-12-22 11:51:50.533ubuntu 11241100x80000000000000003865233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f588ceaadaec6f2021-12-22 11:51:50.942root 11241100x80000000000000003865234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ff3e0a08c77e0f2021-12-22 11:51:50.943root 11241100x80000000000000003865235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854aba44c5f6f9dd2021-12-22 11:51:50.943root 11241100x80000000000000003865236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a56d5336b2dd3cb2021-12-22 11:51:50.943root 11241100x80000000000000003865237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d73db53a644c862021-12-22 11:51:50.943root 11241100x80000000000000003865238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f0aeb010fc9c982021-12-22 11:51:50.944root 11241100x80000000000000003865239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670a3d90dcd10c452021-12-22 11:51:50.944root 11241100x80000000000000003865240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea9adbf820a597f2021-12-22 11:51:50.944root 11241100x80000000000000003865241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3dae5618d97362c2021-12-22 11:51:50.944root 11241100x80000000000000003865242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778c931522dd23f82021-12-22 11:51:50.944root 11241100x80000000000000003865243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667a7a2eccfd71432021-12-22 11:51:50.945root 11241100x80000000000000003865244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff9b86f0377ef2d2021-12-22 11:51:50.945root 11241100x80000000000000003865245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2040420abfb7962021-12-22 11:51:50.945root 11241100x80000000000000003865246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86509c1ea09fc7cc2021-12-22 11:51:50.945root 11241100x80000000000000003865247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5f53428d21e6892021-12-22 11:51:50.945root 11241100x80000000000000003865248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c2061acd0615662021-12-22 11:51:50.945root 11241100x80000000000000003865249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1477ea46ca578a382021-12-22 11:51:50.946root 11241100x80000000000000003865250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877c6fed7c561d812021-12-22 11:51:50.946root 11241100x80000000000000003865251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a81ee6bebe1e83e2021-12-22 11:51:50.946root 11241100x80000000000000003865252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0781fbcbd9d28e2021-12-22 11:51:50.946root 11241100x80000000000000003865253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e50055a1bca8952021-12-22 11:51:50.946root 11241100x80000000000000003865254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada6de3d462a1f802021-12-22 11:51:50.946root 11241100x80000000000000003865255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a16455d3cae8be72021-12-22 11:51:50.946root 11241100x80000000000000003865256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd694e0c79589e562021-12-22 11:51:50.946root 11241100x80000000000000003865257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f21f634426865152021-12-22 11:51:50.946root 11241100x80000000000000003865258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22033146aad7c3f12021-12-22 11:51:50.947root 11241100x80000000000000003865259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64af02113014d84f2021-12-22 11:51:50.947root 11241100x80000000000000003865260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1828e449e49e8242021-12-22 11:51:50.947root 11241100x80000000000000003865261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b5ad18f5881dd82021-12-22 11:51:50.947root 11241100x80000000000000003865262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59011ae20c364a02021-12-22 11:51:50.947root 11241100x80000000000000003865263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ecc5c9d1062ae82021-12-22 11:51:51.443root 11241100x80000000000000003865264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0cb35e45d223642021-12-22 11:51:51.443root 11241100x80000000000000003865265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcded63d9ff7703a2021-12-22 11:51:51.443root 11241100x80000000000000003865266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf912990c2aa283b2021-12-22 11:51:51.443root 11241100x80000000000000003865267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862418f7ce68c7572021-12-22 11:51:51.444root 11241100x80000000000000003865268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65edacd1391622e2021-12-22 11:51:51.444root 11241100x80000000000000003865269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eda6df61c75fa972021-12-22 11:51:51.444root 11241100x80000000000000003865270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfbf3ec36cfcd772021-12-22 11:51:51.444root 11241100x80000000000000003865271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9823328eb1deaa382021-12-22 11:51:51.444root 11241100x80000000000000003865272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd208e0a9c65a7dd2021-12-22 11:51:51.444root 11241100x80000000000000003865273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43791733810d9a0a2021-12-22 11:51:51.444root 11241100x80000000000000003865274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8bc010d082a8f52021-12-22 11:51:51.444root 11241100x80000000000000003865275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6080108f1baa44e52021-12-22 11:51:51.444root 11241100x80000000000000003865276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490b1b257b3f971e2021-12-22 11:51:51.444root 11241100x80000000000000003865277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccbec5f50fd13be92021-12-22 11:51:51.444root 11241100x80000000000000003865278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076091c41b68d3822021-12-22 11:51:51.444root 11241100x80000000000000003865279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab20c397ec5456e02021-12-22 11:51:51.444root 11241100x80000000000000003865280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36aa35e9187cceb62021-12-22 11:51:51.444root 11241100x80000000000000003865281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46de5cd48a9bdb42021-12-22 11:51:51.444root 11241100x80000000000000003865282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a65858ae8bcc192021-12-22 11:51:51.444root 11241100x80000000000000003865283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3734084db1124cc2021-12-22 11:51:51.445root 11241100x80000000000000003865284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eeb706398cd095c2021-12-22 11:51:51.445root 11241100x80000000000000003865285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b89fbc351ea8b62021-12-22 11:51:51.445root 11241100x80000000000000003865286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177564755d23989f2021-12-22 11:51:51.943root 11241100x80000000000000003865287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1197ca4d47cb522021-12-22 11:51:51.943root 11241100x80000000000000003865288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba49a623801116a42021-12-22 11:51:51.943root 11241100x80000000000000003865289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c95dbaccaf3be02021-12-22 11:51:51.943root 11241100x80000000000000003865290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424b30f121612a872021-12-22 11:51:51.943root 11241100x80000000000000003865291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a0326989242a6f2021-12-22 11:51:51.944root 11241100x80000000000000003865292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61468c2fad11473a2021-12-22 11:51:51.944root 11241100x80000000000000003865293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b3554d3e89bc812021-12-22 11:51:51.944root 11241100x80000000000000003865294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5366311015bce32021-12-22 11:51:51.944root 11241100x80000000000000003865295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616c5036ab239a552021-12-22 11:51:51.944root 11241100x80000000000000003865296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e823f8b67469257b2021-12-22 11:51:51.945root 11241100x80000000000000003865297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae06fd7c06f912892021-12-22 11:51:51.945root 11241100x80000000000000003865298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9c128d8185ef592021-12-22 11:51:51.945root 11241100x80000000000000003865299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca44e7cccc2f070c2021-12-22 11:51:51.945root 11241100x80000000000000003865300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1110a0cf6572f84c2021-12-22 11:51:51.945root 11241100x80000000000000003865301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b6fb90c03c77a12021-12-22 11:51:51.945root 11241100x80000000000000003865302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68bd7d6b21454f22021-12-22 11:51:51.945root 11241100x80000000000000003865303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26c36df6060158a2021-12-22 11:51:51.945root 11241100x80000000000000003865304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68a048df42c30b02021-12-22 11:51:51.946root 11241100x80000000000000003865305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181d9f6132a19e1d2021-12-22 11:51:51.946root 11241100x80000000000000003865306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128a9599de49390a2021-12-22 11:51:51.946root 11241100x80000000000000003865307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b82bcfacfdd4372021-12-22 11:51:51.946root 11241100x80000000000000003865308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe536fac32c1218e2021-12-22 11:51:51.946root 11241100x80000000000000003865309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d305ad66eadf45162021-12-22 11:51:51.946root 11241100x80000000000000003865310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7cb01f5331b040d2021-12-22 11:51:51.946root 11241100x80000000000000003865311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922550fbdb6291d62021-12-22 11:51:51.946root 11241100x80000000000000003865312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4006fd5204c0f7232021-12-22 11:51:51.946root 11241100x80000000000000003865313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df012ac9e2800a922021-12-22 11:51:51.947root 11241100x80000000000000003865314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c362466616e01d2021-12-22 11:51:52.443root 11241100x80000000000000003865315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4202d05714008922021-12-22 11:51:52.443root 11241100x80000000000000003865316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6718eca80592a8172021-12-22 11:51:52.444root 11241100x80000000000000003865317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc989613ede249d2021-12-22 11:51:52.444root 11241100x80000000000000003865318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dad5b14e3aeb45e2021-12-22 11:51:52.444root 11241100x80000000000000003865319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62878fcc2b78a752021-12-22 11:51:52.444root 11241100x80000000000000003865320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2d1a58039fbeb92021-12-22 11:51:52.444root 11241100x80000000000000003865321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32453f0579aa3de2021-12-22 11:51:52.445root 11241100x80000000000000003865322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277755001db91b842021-12-22 11:51:52.445root 11241100x80000000000000003865323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597164c8ceb9e7af2021-12-22 11:51:52.445root 11241100x80000000000000003865324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcc7fcacc47ac7f2021-12-22 11:51:52.445root 11241100x80000000000000003865325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d699cd49f1ecbc02021-12-22 11:51:52.445root 11241100x80000000000000003865326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1e577d2baae69f2021-12-22 11:51:52.445root 11241100x80000000000000003865327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18bbde8ec5479b3f2021-12-22 11:51:52.445root 11241100x80000000000000003865328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6a887a946d3e4b2021-12-22 11:51:52.445root 11241100x80000000000000003865329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c93f32259df79202021-12-22 11:51:52.446root 11241100x80000000000000003865330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbab8729e83413d72021-12-22 11:51:52.446root 11241100x80000000000000003865331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72d818f5027df8f2021-12-22 11:51:52.446root 11241100x80000000000000003865332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbc82536e5090292021-12-22 11:51:52.446root 11241100x80000000000000003865333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7906141dfd43862021-12-22 11:51:52.446root 11241100x80000000000000003865334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1594b713020fe70c2021-12-22 11:51:52.446root 11241100x80000000000000003865335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bfe454294380f852021-12-22 11:51:52.446root 11241100x80000000000000003865336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a59a31f47420892021-12-22 11:51:52.446root 11241100x80000000000000003865337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212135a02fe34cb52021-12-22 11:51:52.942root 11241100x80000000000000003865338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d078e55801bea52021-12-22 11:51:52.943root 11241100x80000000000000003865339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e00c34a34251d52021-12-22 11:51:52.943root 11241100x80000000000000003865340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637bfa33b0bec94e2021-12-22 11:51:52.944root 11241100x80000000000000003865341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ebec01514517942021-12-22 11:51:52.944root 11241100x80000000000000003865342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79fe43e604a5dcd2021-12-22 11:51:52.945root 11241100x80000000000000003865343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b450a85538f7d22021-12-22 11:51:52.945root 11241100x80000000000000003865344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2181ec5ac77b66582021-12-22 11:51:52.945root 11241100x80000000000000003865345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e316171f4071d6a42021-12-22 11:51:52.946root 11241100x80000000000000003865346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478223caae12c23c2021-12-22 11:51:52.946root 11241100x80000000000000003865347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639f7ec74cfd8aa32021-12-22 11:51:52.946root 11241100x80000000000000003865348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cbaded32e5b9ebd2021-12-22 11:51:52.946root 11241100x80000000000000003865349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d963f812489b9e62021-12-22 11:51:52.947root 11241100x80000000000000003865350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e9b31c4f774a4e2021-12-22 11:51:52.947root 11241100x80000000000000003865351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c259ee42c8992b312021-12-22 11:51:52.947root 11241100x80000000000000003865352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00daf8eba4fc04ab2021-12-22 11:51:52.947root 11241100x80000000000000003865353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49553af76c1c1f62021-12-22 11:51:52.948root 11241100x80000000000000003865354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7e496e4be64c572021-12-22 11:51:52.948root 11241100x80000000000000003865355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8e03916a35bb702021-12-22 11:51:52.948root 11241100x80000000000000003865356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99eec32bc414822a2021-12-22 11:51:52.948root 11241100x80000000000000003865357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e01828dfb523462021-12-22 11:51:52.949root 11241100x80000000000000003865358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc932c5f65d28942021-12-22 11:51:52.949root 11241100x80000000000000003865359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e376c41fa14c1e2021-12-22 11:51:52.949root 11241100x80000000000000003865360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d2b1830fcc7ad72021-12-22 11:51:52.949root 11241100x80000000000000003865361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdf78868a42880f2021-12-22 11:51:52.949root 11241100x80000000000000003865362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eadec5b147820c312021-12-22 11:51:53.443root 11241100x80000000000000003865363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6173ecc680d834b2021-12-22 11:51:53.443root 11241100x80000000000000003865364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ad18f48f32ed3e2021-12-22 11:51:53.443root 11241100x80000000000000003865365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcef2ba0c226d73d2021-12-22 11:51:53.443root 11241100x80000000000000003865366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2a7d48353d0e3e2021-12-22 11:51:53.444root 11241100x80000000000000003865367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c89a052eccdd75d2021-12-22 11:51:53.444root 11241100x80000000000000003865368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1fc83f87e58f8a2021-12-22 11:51:53.444root 11241100x80000000000000003865369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1148c7aaadd9441f2021-12-22 11:51:53.444root 11241100x80000000000000003865370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8926ba3ac7c808a82021-12-22 11:51:53.444root 11241100x80000000000000003865371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ccbd413cf2ab612021-12-22 11:51:53.444root 11241100x80000000000000003865372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3902e7b1fc4c49e2021-12-22 11:51:53.444root 11241100x80000000000000003865373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0535eead35eceeb52021-12-22 11:51:53.444root 11241100x80000000000000003865374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61c62d73eb6f0122021-12-22 11:51:53.444root 11241100x80000000000000003865375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f62b572ade1a4be2021-12-22 11:51:53.444root 11241100x80000000000000003865376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b007a2a837a767a72021-12-22 11:51:53.444root 11241100x80000000000000003865377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45da3c35b405ac362021-12-22 11:51:53.445root 11241100x80000000000000003865378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4402d252d02b46162021-12-22 11:51:53.445root 11241100x80000000000000003865379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af914036e5197ad2021-12-22 11:51:53.445root 11241100x80000000000000003865380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc5a6f1b1cd46b02021-12-22 11:51:53.445root 11241100x80000000000000003865381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f644c03c3d23b2b72021-12-22 11:51:53.445root 11241100x80000000000000003865382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fac85769e2f64e32021-12-22 11:51:53.445root 11241100x80000000000000003865383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b351783a5f0e366b2021-12-22 11:51:53.445root 11241100x80000000000000003865384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3b9dc3271425632021-12-22 11:51:53.445root 11241100x80000000000000003865385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e80bf8431df87d72021-12-22 11:51:53.943root 11241100x80000000000000003865386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3576ea1cca92dbb92021-12-22 11:51:53.943root 11241100x80000000000000003865387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2c9c1212881f542021-12-22 11:51:53.943root 11241100x80000000000000003865388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8dde1adaca18aee2021-12-22 11:51:53.943root 11241100x80000000000000003865389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e295702f8b153912021-12-22 11:51:53.944root 11241100x80000000000000003865390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7713722baf04102021-12-22 11:51:53.944root 11241100x80000000000000003865391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d108b37dcba11ad62021-12-22 11:51:53.944root 11241100x80000000000000003865392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30fa2cda61348eb42021-12-22 11:51:53.944root 11241100x80000000000000003865393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57357e16b03e4da32021-12-22 11:51:53.944root 11241100x80000000000000003865394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9865c01db7179dab2021-12-22 11:51:53.944root 11241100x80000000000000003865395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595eb9b16083c8102021-12-22 11:51:53.944root 11241100x80000000000000003865396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383fecbc1705e5662021-12-22 11:51:53.944root 11241100x80000000000000003865397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bced693e349f18702021-12-22 11:51:53.944root 11241100x80000000000000003865398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d20902856e9dc52021-12-22 11:51:53.944root 11241100x80000000000000003865399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f3e20d1ea1ed1f2021-12-22 11:51:53.945root 11241100x80000000000000003865400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04875771aa1f5d212021-12-22 11:51:53.945root 11241100x80000000000000003865401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd677dbea8e8875f2021-12-22 11:51:53.945root 11241100x80000000000000003865402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecabbafa9fa88ad2021-12-22 11:51:53.945root 11241100x80000000000000003865403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33673729c9962302021-12-22 11:51:53.945root 11241100x80000000000000003865404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4535df9537d3f27b2021-12-22 11:51:53.945root 11241100x80000000000000003865405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe94dfb0df17f562021-12-22 11:51:53.945root 11241100x80000000000000003865406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aef3de239defe342021-12-22 11:51:53.945root 11241100x80000000000000003865407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde494c0cbe26acf2021-12-22 11:51:53.945root 11241100x80000000000000003865408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e8458be98dd1932021-12-22 11:51:54.442root 11241100x80000000000000003865409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec1adfafdd71c582021-12-22 11:51:54.443root 11241100x80000000000000003865410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd33717e249a575d2021-12-22 11:51:54.443root 11241100x80000000000000003865411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929b941ac8b420d22021-12-22 11:51:54.443root 11241100x80000000000000003865412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1627d468f155fcd52021-12-22 11:51:54.443root 11241100x80000000000000003865413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77af49f7fbe4a6df2021-12-22 11:51:54.443root 11241100x80000000000000003865414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f85d95889da8af42021-12-22 11:51:54.443root 11241100x80000000000000003865415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01528306c4370fa2021-12-22 11:51:54.443root 11241100x80000000000000003865416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecdf934f9cc2b3872021-12-22 11:51:54.443root 11241100x80000000000000003865417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be7ff2bebcfb51b2021-12-22 11:51:54.443root 11241100x80000000000000003865418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7fa7ca662b0f852021-12-22 11:51:54.444root 11241100x80000000000000003865419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95e427cfc5f14032021-12-22 11:51:54.444root 11241100x80000000000000003865420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b7de4be7f7aa582021-12-22 11:51:54.444root 11241100x80000000000000003865421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b971ed66a1a88a2021-12-22 11:51:54.444root 11241100x80000000000000003865422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7c451b7769e99d2021-12-22 11:51:54.444root 11241100x80000000000000003865423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579595b8b9dfb5be2021-12-22 11:51:54.444root 11241100x80000000000000003865424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d649c30bd57de082021-12-22 11:51:54.444root 11241100x80000000000000003865425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a910c6f4c5e92cf2021-12-22 11:51:54.445root 11241100x80000000000000003865426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921925ac54e9985a2021-12-22 11:51:54.445root 11241100x80000000000000003865427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116fd17873b5d9712021-12-22 11:51:54.445root 11241100x80000000000000003865428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9836fabff78287f82021-12-22 11:51:54.445root 11241100x80000000000000003865429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae04991c222c17262021-12-22 11:51:54.445root 11241100x80000000000000003865430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe63b2833fb82812021-12-22 11:51:54.445root 11241100x80000000000000003865431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb4024d789a9b3f2021-12-22 11:51:54.446root 11241100x80000000000000003865432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d95cd3ddf2c1bec2021-12-22 11:51:54.943root 11241100x80000000000000003865433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bcbfcaec4f9a942021-12-22 11:51:54.943root 11241100x80000000000000003865434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c159073105affaa2021-12-22 11:51:54.943root 11241100x80000000000000003865435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777139f14a8ce4b62021-12-22 11:51:54.943root 11241100x80000000000000003865436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ad575604bb15e92021-12-22 11:51:54.943root 11241100x80000000000000003865437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619cc91fc8c05ec92021-12-22 11:51:54.944root 11241100x80000000000000003865438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca18e188b93bbd12021-12-22 11:51:54.944root 11241100x80000000000000003865439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f65bf21efdc49322021-12-22 11:51:54.944root 11241100x80000000000000003865440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c4020169e27d962021-12-22 11:51:54.944root 11241100x80000000000000003865441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59800a9391271bf2021-12-22 11:51:54.944root 11241100x80000000000000003865442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd3aefd2f4c7b082021-12-22 11:51:54.944root 11241100x80000000000000003865443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330e776f2bbd22622021-12-22 11:51:54.944root 11241100x80000000000000003865444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae7c22d095f79122021-12-22 11:51:54.945root 11241100x80000000000000003865445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc64f5352fbe9de92021-12-22 11:51:54.945root 11241100x80000000000000003865446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4b64cfaa7b54ae2021-12-22 11:51:54.945root 11241100x80000000000000003865447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb392b86a4e46f9a2021-12-22 11:51:54.945root 11241100x80000000000000003865448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bae1f573fe36e682021-12-22 11:51:54.945root 11241100x80000000000000003865449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd724d23089dc1432021-12-22 11:51:54.945root 11241100x80000000000000003865450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac7c62643fd343f2021-12-22 11:51:54.945root 11241100x80000000000000003865451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28a346c67dda9be2021-12-22 11:51:54.946root 11241100x80000000000000003865452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7160936dd6d00e22021-12-22 11:51:54.946root 11241100x80000000000000003865453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae234845c318b7e2021-12-22 11:51:54.946root 11241100x80000000000000003865454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71223c022803edb02021-12-22 11:51:54.946root 11241100x80000000000000003865455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242a6358aaf2c6612021-12-22 11:51:54.946root 11241100x80000000000000003865456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd82cda0702daa12021-12-22 11:51:54.946root 11241100x80000000000000003865457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b4399ae94173a62021-12-22 11:51:54.946root 11241100x80000000000000003865458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb70020f997586922021-12-22 11:51:54.946root 11241100x80000000000000003865459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ae1602f6a7c5962021-12-22 11:51:55.443root 11241100x80000000000000003865460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9297e2a24f16e88c2021-12-22 11:51:55.443root 11241100x80000000000000003865461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17c54b86803d8022021-12-22 11:51:55.443root 11241100x80000000000000003865462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e7412e14191af32021-12-22 11:51:55.443root 11241100x80000000000000003865463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf8c913a26078f42021-12-22 11:51:55.444root 11241100x80000000000000003865464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b8b3299a47bd062021-12-22 11:51:55.444root 11241100x80000000000000003865465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab190a2e0e1bc502021-12-22 11:51:55.444root 11241100x80000000000000003865466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e4178d7c5c0b852021-12-22 11:51:55.444root 11241100x80000000000000003865467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3a598c646b720f2021-12-22 11:51:55.444root 11241100x80000000000000003865468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a823c3ed1a6c652021-12-22 11:51:55.444root 11241100x80000000000000003865469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7dfd62a777d6b2b2021-12-22 11:51:55.444root 11241100x80000000000000003865470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0931f7f39dd673af2021-12-22 11:51:55.444root 11241100x80000000000000003865471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d821fddb54ab6ff2021-12-22 11:51:55.445root 11241100x80000000000000003865472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b8f7044db49bed2021-12-22 11:51:55.445root 11241100x80000000000000003865473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94e569275bb4d312021-12-22 11:51:55.445root 11241100x80000000000000003865474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c5b00ab83d30492021-12-22 11:51:55.445root 11241100x80000000000000003865475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cea1ef57e8eea682021-12-22 11:51:55.445root 11241100x80000000000000003865476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736ed7330cb592162021-12-22 11:51:55.445root 11241100x80000000000000003865477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b813588b20c07d2021-12-22 11:51:55.445root 11241100x80000000000000003865478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5da7e41176951a2021-12-22 11:51:55.445root 11241100x80000000000000003865479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056381eb1804f4ab2021-12-22 11:51:55.445root 11241100x80000000000000003865480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8602d9c62c073c1f2021-12-22 11:51:55.445root 11241100x80000000000000003865481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b11ae6664a380292021-12-22 11:51:55.445root 11241100x80000000000000003865482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d46674d421bd01b2021-12-22 11:51:55.943root 11241100x80000000000000003865483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d132296ddb2beb2021-12-22 11:51:55.943root 11241100x80000000000000003865484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986369475e5f0dc52021-12-22 11:51:55.943root 11241100x80000000000000003865485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23c4c30f113a6d52021-12-22 11:51:55.944root 11241100x80000000000000003865486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652d9bebf1f01ee12021-12-22 11:51:55.944root 11241100x80000000000000003865487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc726b8e851a362a2021-12-22 11:51:55.944root 11241100x80000000000000003865488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc3b3f690f053e12021-12-22 11:51:55.944root 11241100x80000000000000003865489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8562d7fcea5964a92021-12-22 11:51:55.944root 11241100x80000000000000003865490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab070c10a853fce2021-12-22 11:51:55.944root 11241100x80000000000000003865491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d6756e36dfc3102021-12-22 11:51:55.945root 11241100x80000000000000003865492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41213591b125d7d2021-12-22 11:51:55.945root 11241100x80000000000000003865493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580a84cb636460632021-12-22 11:51:55.945root 11241100x80000000000000003865494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328bc17ac68441a32021-12-22 11:51:55.945root 11241100x80000000000000003865495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d53496ff20c6dc2021-12-22 11:51:55.945root 11241100x80000000000000003865496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c338e580aea3c12021-12-22 11:51:55.945root 11241100x80000000000000003865497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97fefdf7f292d882021-12-22 11:51:55.945root 11241100x80000000000000003865498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c8a3f219e63a8c2021-12-22 11:51:55.946root 11241100x80000000000000003865499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f373f129282550d92021-12-22 11:51:55.946root 11241100x80000000000000003865500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55121634d4e704b12021-12-22 11:51:55.946root 11241100x80000000000000003865501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50df0c41d38968d12021-12-22 11:51:55.946root 11241100x80000000000000003865502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4668213776f7a3582021-12-22 11:51:55.946root 11241100x80000000000000003865503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acad569812e6a9cd2021-12-22 11:51:55.946root 11241100x80000000000000003865504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829ea8d22c92a9982021-12-22 11:51:55.946root 11241100x80000000000000003865505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e4f593223162952021-12-22 11:51:55.947root 354300x80000000000000003865506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.152{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55564-false10.0.1.12-8000- 11241100x80000000000000003865507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b8528da0c85b732021-12-22 11:51:56.443root 11241100x80000000000000003865508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ae4a2ebd49fc0c2021-12-22 11:51:56.443root 11241100x80000000000000003865509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da876e43c030e06a2021-12-22 11:51:56.443root 11241100x80000000000000003865510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24766decc37c6c192021-12-22 11:51:56.443root 11241100x80000000000000003865511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348dee1af002475b2021-12-22 11:51:56.443root 11241100x80000000000000003865512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b52bcdd11f25cd2021-12-22 11:51:56.443root 11241100x80000000000000003865513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85d183a0ae7ae0c2021-12-22 11:51:56.443root 11241100x80000000000000003865514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c156eba74a4d7ae92021-12-22 11:51:56.443root 11241100x80000000000000003865515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f24e11d4c6f39c2021-12-22 11:51:56.443root 11241100x80000000000000003865516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056d34b66d94086d2021-12-22 11:51:56.444root 11241100x80000000000000003865517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e20824365b5beb2021-12-22 11:51:56.444root 11241100x80000000000000003865518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6384b8a9aa2c1e172021-12-22 11:51:56.444root 11241100x80000000000000003865519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a17d02d94cb18d72021-12-22 11:51:56.444root 11241100x80000000000000003865520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60268ce188e1b56c2021-12-22 11:51:56.444root 11241100x80000000000000003865521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830479370bb0f2c92021-12-22 11:51:56.444root 11241100x80000000000000003865522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd902f92b9c1732a2021-12-22 11:51:56.444root 11241100x80000000000000003865523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f20c7b3c168e5802021-12-22 11:51:56.444root 11241100x80000000000000003865524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee70388fb8357402021-12-22 11:51:56.445root 11241100x80000000000000003865525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f519d7cb8e399eec2021-12-22 11:51:56.445root 11241100x80000000000000003865526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f773dd36f6cb21fa2021-12-22 11:51:56.445root 11241100x80000000000000003865527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f9ff56ca4b95702021-12-22 11:51:56.445root 11241100x80000000000000003865528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2a7c1e542245242021-12-22 11:51:56.445root 11241100x80000000000000003865529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0a5a56b76dc1942021-12-22 11:51:56.445root 11241100x80000000000000003865530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45afdae08cb05aad2021-12-22 11:51:56.445root 11241100x80000000000000003865531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3172457573003bd2021-12-22 11:51:56.942root 11241100x80000000000000003865532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e6b66039e3afec2021-12-22 11:51:56.943root 11241100x80000000000000003865533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32587a8e71600fc2021-12-22 11:51:56.943root 11241100x80000000000000003865534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75a0e9e57a22af32021-12-22 11:51:56.943root 11241100x80000000000000003865535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e17451b368e505f2021-12-22 11:51:56.943root 11241100x80000000000000003865536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b04803e32d9eaa2021-12-22 11:51:56.943root 11241100x80000000000000003865537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d65a6770208caa02021-12-22 11:51:56.943root 11241100x80000000000000003865538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1614cc4cfdceea812021-12-22 11:51:56.944root 11241100x80000000000000003865539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfdacddc30f5eb9d2021-12-22 11:51:56.944root 11241100x80000000000000003865540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0033145e0f5592b52021-12-22 11:51:56.944root 11241100x80000000000000003865541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3053a22324f7b5b42021-12-22 11:51:56.944root 11241100x80000000000000003865542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3109e25e4bd0f2ae2021-12-22 11:51:56.944root 11241100x80000000000000003865543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f615400ceeb57f72021-12-22 11:51:56.944root 11241100x80000000000000003865544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb90d94a9de61bde2021-12-22 11:51:56.944root 11241100x80000000000000003865545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9c33541948cdfd2021-12-22 11:51:56.945root 11241100x80000000000000003865546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7615c6b04737f5ff2021-12-22 11:51:56.945root 11241100x80000000000000003865547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8025f0c2a7f3cf422021-12-22 11:51:56.945root 11241100x80000000000000003865548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fbdab9771e9eabd2021-12-22 11:51:56.945root 11241100x80000000000000003865549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81093ddaac32d90e2021-12-22 11:51:56.945root 11241100x80000000000000003865550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c92e1c54e81077a2021-12-22 11:51:56.945root 11241100x80000000000000003865551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44019e02fdf0884f2021-12-22 11:51:56.945root 11241100x80000000000000003865552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855c2cb2a65d2a052021-12-22 11:51:56.945root 11241100x80000000000000003865553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ec5eeb3c01449c2021-12-22 11:51:56.945root 11241100x80000000000000003865554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ea5bd1facc3a112021-12-22 11:51:56.946root 11241100x80000000000000003865555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b9bbf35e7dae002021-12-22 11:51:56.946root 11241100x80000000000000003865556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6054b158cd1043d52021-12-22 11:51:56.946root 11241100x80000000000000003865557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d54881b581e28f22021-12-22 11:51:56.946root 11241100x80000000000000003865558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73de33a51d5252ec2021-12-22 11:51:56.946root 11241100x80000000000000003865559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25bbca6e5a49dd162021-12-22 11:51:56.946root 11241100x80000000000000003865560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8825b23e659e8272021-12-22 11:51:56.946root 11241100x80000000000000003865561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199ec01157036d182021-12-22 11:51:56.947root 11241100x80000000000000003865562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ca03739c2b332c2021-12-22 11:51:56.947root 11241100x80000000000000003865563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac0261d306b2a0d2021-12-22 11:51:56.947root 11241100x80000000000000003865564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:56.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97cf6e335f73dd892021-12-22 11:51:56.947root 11241100x80000000000000003865565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a19a3547938fb82021-12-22 11:51:57.443root 11241100x80000000000000003865566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517647d2418549752021-12-22 11:51:57.443root 11241100x80000000000000003865567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26636d1f3d974c6e2021-12-22 11:51:57.443root 11241100x80000000000000003865568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474a26d32428359e2021-12-22 11:51:57.444root 11241100x80000000000000003865569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85168a86acf395442021-12-22 11:51:57.444root 11241100x80000000000000003865570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fbbbb89323c9c62021-12-22 11:51:57.444root 11241100x80000000000000003865571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101b12872ab630452021-12-22 11:51:57.444root 11241100x80000000000000003865572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253d59fd1c6685ae2021-12-22 11:51:57.444root 11241100x80000000000000003865573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a407455c0243d82021-12-22 11:51:57.444root 11241100x80000000000000003865574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c73905e34857b712021-12-22 11:51:57.444root 11241100x80000000000000003865575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73771b380c1666ca2021-12-22 11:51:57.444root 11241100x80000000000000003865576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815d52b8ded45d6d2021-12-22 11:51:57.444root 11241100x80000000000000003865577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceeba8f0e86ef9e92021-12-22 11:51:57.445root 11241100x80000000000000003865578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a52fcada8ff13d2021-12-22 11:51:57.445root 11241100x80000000000000003865579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7dcaddfc4ef84f2021-12-22 11:51:57.445root 11241100x80000000000000003865580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97fc740619a364652021-12-22 11:51:57.445root 11241100x80000000000000003865581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b4fc5a1774cc772021-12-22 11:51:57.445root 11241100x80000000000000003865582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f530960915f4b8cf2021-12-22 11:51:57.446root 11241100x80000000000000003865583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a31880d81c0b172021-12-22 11:51:57.446root 11241100x80000000000000003865584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cbe599ca6f54962021-12-22 11:51:57.446root 11241100x80000000000000003865585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b01d2d7363190822021-12-22 11:51:57.446root 11241100x80000000000000003865586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d35d3859d63b1332021-12-22 11:51:57.446root 11241100x80000000000000003865587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e24bb4330fe5832021-12-22 11:51:57.447root 11241100x80000000000000003865588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f05b7b9d9f46de62021-12-22 11:51:57.447root 11241100x80000000000000003865589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de7c748b0cdb2102021-12-22 11:51:57.943root 11241100x80000000000000003865590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6897b9b177c55d2021-12-22 11:51:57.943root 11241100x80000000000000003865591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb3753fc6d730272021-12-22 11:51:57.943root 11241100x80000000000000003865592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533a7270943146662021-12-22 11:51:57.943root 11241100x80000000000000003865593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbfecb8e042ff9a2021-12-22 11:51:57.943root 11241100x80000000000000003865594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.023b70053fefc6a12021-12-22 11:51:57.943root 11241100x80000000000000003865595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ffc9b68e455f6f2021-12-22 11:51:57.943root 11241100x80000000000000003865596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00596cbe0a025e722021-12-22 11:51:57.944root 11241100x80000000000000003865597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2c9ae4e74b22662021-12-22 11:51:57.944root 11241100x80000000000000003865598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cef963cf71e35d32021-12-22 11:51:57.944root 11241100x80000000000000003865599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2a9c6c2f456ec02021-12-22 11:51:57.944root 11241100x80000000000000003865600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8f219f4dc25e112021-12-22 11:51:57.944root 11241100x80000000000000003865601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da1c93ed86857642021-12-22 11:51:57.944root 11241100x80000000000000003865602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da950f7a2be2f502021-12-22 11:51:57.945root 11241100x80000000000000003865603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e94b9fc551cdd9c2021-12-22 11:51:57.945root 11241100x80000000000000003865604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c3b190b975a6b52021-12-22 11:51:57.945root 11241100x80000000000000003865605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598c22572588eabf2021-12-22 11:51:57.945root 11241100x80000000000000003865606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0c389651aa66f32021-12-22 11:51:57.945root 11241100x80000000000000003865607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86eab6658ed35fc62021-12-22 11:51:57.945root 11241100x80000000000000003865608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7da0ecdefacec22021-12-22 11:51:57.946root 11241100x80000000000000003865609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da68963d2112032c2021-12-22 11:51:57.946root 11241100x80000000000000003865610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2116bfde4a2029662021-12-22 11:51:57.946root 11241100x80000000000000003865611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f96d227f85d7eb2021-12-22 11:51:57.946root 11241100x80000000000000003865612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d8f0893e28a2342021-12-22 11:51:57.946root 11241100x80000000000000003865613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66496bc47be261e2021-12-22 11:51:57.947root 11241100x80000000000000003865614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573fb872c4e66b912021-12-22 11:51:58.443root 11241100x80000000000000003865615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c36dee1679495a192021-12-22 11:51:58.443root 11241100x80000000000000003865616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2584a8f9ebc588a92021-12-22 11:51:58.444root 11241100x80000000000000003865617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c187be92bf04592021-12-22 11:51:58.444root 11241100x80000000000000003865618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa5287e08a979692021-12-22 11:51:58.444root 11241100x80000000000000003865619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6e0ffc122e644b2021-12-22 11:51:58.444root 11241100x80000000000000003865620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ba32a447ebbe172021-12-22 11:51:58.445root 11241100x80000000000000003865621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7bb0651e03a542f2021-12-22 11:51:58.445root 11241100x80000000000000003865622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc49e806b31f26a52021-12-22 11:51:58.445root 11241100x80000000000000003865623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925352d996ca34a32021-12-22 11:51:58.446root 11241100x80000000000000003865624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3fb206b1fa10a72021-12-22 11:51:58.446root 11241100x80000000000000003865625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba329859dbe98822021-12-22 11:51:58.446root 11241100x80000000000000003865626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25f7d548ca808f22021-12-22 11:51:58.446root 11241100x80000000000000003865627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6c50aee6cbcefa2021-12-22 11:51:58.447root 11241100x80000000000000003865628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404d9d6ef73d91b72021-12-22 11:51:58.447root 11241100x80000000000000003865629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476cd2e3565929ef2021-12-22 11:51:58.447root 11241100x80000000000000003865630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae6334d66e0b8092021-12-22 11:51:58.448root 11241100x80000000000000003865631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1115d731ba05a0ad2021-12-22 11:51:58.448root 11241100x80000000000000003865632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e94f754293a35a2021-12-22 11:51:58.448root 11241100x80000000000000003865633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b2ebcefb70ffa32021-12-22 11:51:58.449root 11241100x80000000000000003865634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7e2dc729b4ac982021-12-22 11:51:58.449root 11241100x80000000000000003865635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048e0fabfd47adad2021-12-22 11:51:58.449root 11241100x80000000000000003865636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66bfeaefcb6ce3142021-12-22 11:51:58.449root 11241100x80000000000000003865637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b17ba62b4e97ae2021-12-22 11:51:58.449root 11241100x80000000000000003865638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92411fa115ac09dc2021-12-22 11:51:58.943root 11241100x80000000000000003865639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd06406c18cbd5622021-12-22 11:51:58.943root 11241100x80000000000000003865640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fbe5e193967a2be2021-12-22 11:51:58.943root 11241100x80000000000000003865641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f804b69b50c56e102021-12-22 11:51:58.943root 11241100x80000000000000003865642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f229af521848e22021-12-22 11:51:58.943root 11241100x80000000000000003865643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea7ba419cf180a02021-12-22 11:51:58.943root 11241100x80000000000000003865644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c13bc143ec61be2021-12-22 11:51:58.944root 11241100x80000000000000003865645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0405dd5c777b052021-12-22 11:51:58.944root 11241100x80000000000000003865646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67d3f1ecd511d8a2021-12-22 11:51:58.944root 11241100x80000000000000003865647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403e9824a78635b42021-12-22 11:51:58.944root 11241100x80000000000000003865648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2ead36109fe2fc2021-12-22 11:51:58.944root 11241100x80000000000000003865649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b080056b9236f04d2021-12-22 11:51:58.944root 11241100x80000000000000003865650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9006f378d7197b252021-12-22 11:51:58.945root 11241100x80000000000000003865651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84500fc93446b1012021-12-22 11:51:58.945root 11241100x80000000000000003865652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3a8e2f1da407ea2021-12-22 11:51:58.945root 11241100x80000000000000003865653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3bed2c5d26afc772021-12-22 11:51:58.945root 11241100x80000000000000003865654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2173877d0d953fe2021-12-22 11:51:58.945root 11241100x80000000000000003865655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d1bc85cff77b452021-12-22 11:51:58.945root 11241100x80000000000000003865656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8954dbd9c204bff22021-12-22 11:51:58.945root 11241100x80000000000000003865657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ef40b76637dfe82021-12-22 11:51:58.945root 11241100x80000000000000003865658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40d439592d2a7192021-12-22 11:51:58.945root 11241100x80000000000000003865659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3236731f783d7a422021-12-22 11:51:58.946root 11241100x80000000000000003865660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2285bc6871742312021-12-22 11:51:58.946root 11241100x80000000000000003865661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b89d6733a839b52021-12-22 11:51:58.946root 11241100x80000000000000003865662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f979675e43cdd82021-12-22 11:51:58.946root 11241100x80000000000000003865663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a33064c16516a1a2021-12-22 11:51:58.946root 11241100x80000000000000003865664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a267fa4211b1c0642021-12-22 11:51:58.946root 11241100x80000000000000003865665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d28b925044cd2a2021-12-22 11:51:58.946root 11241100x80000000000000003865666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f1b2da82e20c602021-12-22 11:51:58.947root 11241100x80000000000000003865667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f04025cd53252112021-12-22 11:51:58.947root 11241100x80000000000000003865668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd651876f167189f2021-12-22 11:51:59.443root 11241100x80000000000000003865669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a02fb60d02f4bc62021-12-22 11:51:59.443root 11241100x80000000000000003865670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b89b870687678e2021-12-22 11:51:59.443root 11241100x80000000000000003865671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3fc990e7c8d9322021-12-22 11:51:59.443root 11241100x80000000000000003865672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4f894de66e9e542021-12-22 11:51:59.444root 11241100x80000000000000003865673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c4cd4b115f8d242021-12-22 11:51:59.444root 11241100x80000000000000003865674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34854748cac7cf262021-12-22 11:51:59.444root 11241100x80000000000000003865675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a59fc55b7ab2882021-12-22 11:51:59.444root 11241100x80000000000000003865676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a44c86298a357762021-12-22 11:51:59.444root 11241100x80000000000000003865677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939bb5f67b6e0d052021-12-22 11:51:59.444root 11241100x80000000000000003865678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19cda410e67f586c2021-12-22 11:51:59.444root 11241100x80000000000000003865679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a58db948e46d7832021-12-22 11:51:59.444root 11241100x80000000000000003865680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e16b440a7c8698c2021-12-22 11:51:59.444root 11241100x80000000000000003865681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c477616f94443d2021-12-22 11:51:59.444root 11241100x80000000000000003865682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d961a1127eeef7d2021-12-22 11:51:59.445root 11241100x80000000000000003865683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79adf30f7c4057722021-12-22 11:51:59.445root 11241100x80000000000000003865684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c9c916158f07e02021-12-22 11:51:59.445root 11241100x80000000000000003865685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca941f42c1ae7d6e2021-12-22 11:51:59.445root 11241100x80000000000000003865686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc3d2ffc8e3fb932021-12-22 11:51:59.445root 11241100x80000000000000003865687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228d7ab5bf089ddc2021-12-22 11:51:59.445root 11241100x80000000000000003865688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad6041f602e3af52021-12-22 11:51:59.445root 11241100x80000000000000003865689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890dec6e9f49ae722021-12-22 11:51:59.445root 11241100x80000000000000003865690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a723857fdd588692021-12-22 11:51:59.446root 11241100x80000000000000003865691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9504e44baa1990482021-12-22 11:51:59.446root 23542300x80000000000000003865692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.542{ec2b6afe-1153-61c3-8032-71faf5550000}19125ubuntu/bin/nano/home/ubuntu/./.run_dllhook.c.swp--- 534500x80000000000000003865693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.542{ec2b6afe-1153-61c3-8032-71faf5550000}19125/bin/nanoubuntu 11241100x80000000000000003865694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2234fdb58d5757d72021-12-22 11:51:59.942root 11241100x80000000000000003865695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6340cf0d46b5b4f2021-12-22 11:51:59.943root 11241100x80000000000000003865696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d2b6716a0747f62021-12-22 11:51:59.943root 11241100x80000000000000003865697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087de0d86fe3554e2021-12-22 11:51:59.943root 11241100x80000000000000003865698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea9f623ed6d52072021-12-22 11:51:59.943root 11241100x80000000000000003865699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021422f08c5a0b9a2021-12-22 11:51:59.943root 11241100x80000000000000003865700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0bd40c6d7aeed22021-12-22 11:51:59.943root 11241100x80000000000000003865701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b0ff9a8f3db864d2021-12-22 11:51:59.943root 11241100x80000000000000003865702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63b417aa44297442021-12-22 11:51:59.943root 11241100x80000000000000003865703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa5595ba11ddba52021-12-22 11:51:59.943root 11241100x80000000000000003865704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82449a921586e7592021-12-22 11:51:59.943root 11241100x80000000000000003865705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6c06c6186b05942021-12-22 11:51:59.943root 11241100x80000000000000003865706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e856729ed2c1c2712021-12-22 11:51:59.944root 11241100x80000000000000003865707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb109dc3ad6f45c2021-12-22 11:51:59.944root 11241100x80000000000000003865708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a951e2145653ec32021-12-22 11:51:59.944root 11241100x80000000000000003865709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aae05ce84d6e5692021-12-22 11:51:59.944root 11241100x80000000000000003865710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c05e624ce38c1d2021-12-22 11:51:59.944root 11241100x80000000000000003865711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c6a5eff509bad02021-12-22 11:51:59.945root 11241100x80000000000000003865712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402452f5688de4e92021-12-22 11:51:59.945root 11241100x80000000000000003865713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62f79af5fc9298b2021-12-22 11:51:59.945root 11241100x80000000000000003865714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393164d877f898142021-12-22 11:51:59.945root 11241100x80000000000000003865715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4569831d793344932021-12-22 11:51:59.945root 11241100x80000000000000003865716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d82fd2f877272a32021-12-22 11:51:59.946root 11241100x80000000000000003865717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc68e01d2387f1d2021-12-22 11:51:59.946root 11241100x80000000000000003865718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3ff8d09b1bbb952021-12-22 11:51:59.946root 11241100x80000000000000003865719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82bb1972306b5c262021-12-22 11:51:59.946root 11241100x80000000000000003865720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2efaa8d7abce59d62021-12-22 11:51:59.946root 11241100x80000000000000003865721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a011870e012dd6b32021-12-22 11:51:59.946root 11241100x80000000000000003865722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80dcfb3106a35fcd2021-12-22 11:51:59.947root 11241100x80000000000000003865723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa72e2cc2d3af1292021-12-22 11:51:59.947root 11241100x80000000000000003865724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32c5064847de1e52021-12-22 11:51:59.947root 11241100x80000000000000003865725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45722a38dd6756102021-12-22 11:51:59.947root 11241100x80000000000000003865726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd505980b31ec7a2021-12-22 11:51:59.947root 11241100x80000000000000003865727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117bc4eb22f85a962021-12-22 11:51:59.947root 11241100x80000000000000003865728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337e8a5c6367841d2021-12-22 11:51:59.948root 11241100x80000000000000003865729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c3bc52695527882021-12-22 11:51:59.948root 11241100x80000000000000003865730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f54cf38313035f2021-12-22 11:51:59.948root 11241100x80000000000000003865731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09836ad3541a9bb12021-12-22 11:51:59.948root 11241100x80000000000000003865732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34741b58120efc22021-12-22 11:51:59.948root 11241100x80000000000000003865733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5246b5fc04f7b1132021-12-22 11:51:59.949root 11241100x80000000000000003865734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510ff971da0d0cf82021-12-22 11:51:59.949root 11241100x80000000000000003865735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69ff507e8ae23072021-12-22 11:51:59.949root 11241100x80000000000000003865736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60a78694b9c0ca22021-12-22 11:51:59.949root 11241100x80000000000000003865737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c3c5826669daf22021-12-22 11:51:59.949root 11241100x80000000000000003865738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a545e5cdef34c1a2021-12-22 11:51:59.949root 11241100x80000000000000003865739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12efbabef093e4d12021-12-22 11:51:59.949root 11241100x80000000000000003865740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a30bc363165dc392021-12-22 11:51:59.949root 11241100x80000000000000003865741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950569bac822db0a2021-12-22 11:51:59.950root 11241100x80000000000000003865742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8e120c1deeb3f32021-12-22 11:51:59.950root 11241100x80000000000000003865743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a572b1be3611da62021-12-22 11:51:59.950root 11241100x80000000000000003865744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd011f57ae0513f2021-12-22 11:51:59.950root 11241100x80000000000000003865745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b5246e029c13852021-12-22 11:51:59.950root 11241100x80000000000000003865746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d69baf2a9d07e642021-12-22 11:51:59.950root 11241100x80000000000000003865747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0276ce493d500b972021-12-22 11:51:59.950root 11241100x80000000000000003865748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08263b50bae8dd7d2021-12-22 11:51:59.951root 11241100x80000000000000003865749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70dfb2d8247fadbd2021-12-22 11:51:59.951root 11241100x80000000000000003865750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c76d07ea5c01f712021-12-22 11:51:59.951root 11241100x80000000000000003865751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f83a7ab71220bf32021-12-22 11:51:59.951root 11241100x80000000000000003865752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef33c3dced6f1cb32021-12-22 11:51:59.954root 11241100x80000000000000003865753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6ddb9b0c0d4b252021-12-22 11:51:59.954root 11241100x80000000000000003865754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e91f03e81731f092021-12-22 11:51:59.954root 11241100x80000000000000003865755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9d7b939c9e18072021-12-22 11:51:59.954root 11241100x80000000000000003865756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:51:59.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fea0e48b411e7c22021-12-22 11:51:59.954root 11241100x80000000000000003865757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b03c32bacef21f2021-12-22 11:52:00.442root 11241100x80000000000000003865758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7deb162c68fe4b052021-12-22 11:52:00.443root 11241100x80000000000000003865759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44cf0d1a0866cdce2021-12-22 11:52:00.443root 11241100x80000000000000003865760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141a02219979768e2021-12-22 11:52:00.443root 11241100x80000000000000003865761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6183999eb0e59e822021-12-22 11:52:00.443root 11241100x80000000000000003865762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33af4df9a70461302021-12-22 11:52:00.443root 11241100x80000000000000003865763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edade56a0d2621912021-12-22 11:52:00.443root 11241100x80000000000000003865764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e34e436b30fffe02021-12-22 11:52:00.443root 11241100x80000000000000003865765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0617d790bdc84682021-12-22 11:52:00.444root 11241100x80000000000000003865766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdd592ed1f0f8f62021-12-22 11:52:00.444root 11241100x80000000000000003865767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c034ba6c58ca87842021-12-22 11:52:00.444root 11241100x80000000000000003865768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e4fdc761d96abc2021-12-22 11:52:00.444root 11241100x80000000000000003865769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a4db7ab0bfd4f52021-12-22 11:52:00.444root 11241100x80000000000000003865770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab4ca998ad494552021-12-22 11:52:00.444root 11241100x80000000000000003865771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6e2fec5184435c2021-12-22 11:52:00.445root 11241100x80000000000000003865772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bda98ddfa32ea7b2021-12-22 11:52:00.445root 11241100x80000000000000003865773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352e86593553a64d2021-12-22 11:52:00.445root 11241100x80000000000000003865774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8a8e7fdad384162021-12-22 11:52:00.445root 11241100x80000000000000003865775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d28d289f9526642021-12-22 11:52:00.445root 11241100x80000000000000003865776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b675cbe48464e02021-12-22 11:52:00.445root 11241100x80000000000000003865777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e359350ac298cc002021-12-22 11:52:00.445root 11241100x80000000000000003865778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c849933d653e41b92021-12-22 11:52:00.445root 11241100x80000000000000003865779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc33fb2fcffdf0a2021-12-22 11:52:00.446root 11241100x80000000000000003865780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf87c2faff274822021-12-22 11:52:00.446root 11241100x80000000000000003865781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ef8ed8ddfd115d2021-12-22 11:52:00.446root 11241100x80000000000000003865782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0786ff24a844bc2021-12-22 11:52:00.446root 11241100x80000000000000003865783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399110bbe5339e462021-12-22 11:52:00.447root 11241100x80000000000000003865784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f570d4ac55309c42021-12-22 11:52:00.447root 11241100x80000000000000003865785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ffafc3ad1c2b14f2021-12-22 11:52:00.447root 11241100x80000000000000003865786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292fdc4b8a53eb402021-12-22 11:52:00.447root 11241100x80000000000000003865787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae6bd989e4a53882021-12-22 11:52:00.447root 11241100x80000000000000003865788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5118a258afd3372021-12-22 11:52:00.447root 11241100x80000000000000003865789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928d1425d2b602ef2021-12-22 11:52:00.448root 11241100x80000000000000003865790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18866b910b4bbb62021-12-22 11:52:00.448root 11241100x80000000000000003865791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6f0f75148cb6912021-12-22 11:52:00.448root 11241100x80000000000000003865792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7628187d63d732d42021-12-22 11:52:00.448root 11241100x80000000000000003865793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3f0f7c652a649e2021-12-22 11:52:00.448root 11241100x80000000000000003865794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a058d369652416c2021-12-22 11:52:00.449root 11241100x80000000000000003865795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0043aa063d5a782021-12-22 11:52:00.449root 11241100x80000000000000003865796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b971b8f01221e72021-12-22 11:52:00.449root 11241100x80000000000000003865797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfbac82cdb34b642021-12-22 11:52:00.943root 11241100x80000000000000003865798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b775ff00a754cdf2021-12-22 11:52:00.943root 11241100x80000000000000003865799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3cc00ef81c34ce92021-12-22 11:52:00.943root 11241100x80000000000000003865800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61e7447c9f3c0fc2021-12-22 11:52:00.943root 11241100x80000000000000003865801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f4772c06c88a642021-12-22 11:52:00.943root 11241100x80000000000000003865802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0bbf59cb4e681c82021-12-22 11:52:00.943root 11241100x80000000000000003865803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df466577d55f44e92021-12-22 11:52:00.943root 11241100x80000000000000003865804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52bf0c9bec01fc82021-12-22 11:52:00.944root 11241100x80000000000000003865805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8f0bfa52cb5f3c2021-12-22 11:52:00.944root 11241100x80000000000000003865806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd57168af8edea062021-12-22 11:52:00.944root 11241100x80000000000000003865807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e07af50d91dd9302021-12-22 11:52:00.944root 11241100x80000000000000003865808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe935acf2e496be2021-12-22 11:52:00.944root 11241100x80000000000000003865809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6854d3153d99bfe52021-12-22 11:52:00.944root 11241100x80000000000000003865810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20a256e5cb390872021-12-22 11:52:00.944root 11241100x80000000000000003865811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3252e493117400e2021-12-22 11:52:00.944root 11241100x80000000000000003865812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4677ff2b2af6422021-12-22 11:52:00.945root 11241100x80000000000000003865813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b57ae2c2ed183ff2021-12-22 11:52:00.945root 11241100x80000000000000003865814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf299d20697e40e2021-12-22 11:52:00.945root 11241100x80000000000000003865815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd1a4309fecc08c2021-12-22 11:52:00.945root 11241100x80000000000000003865816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b27f7dae4f5f622021-12-22 11:52:00.945root 11241100x80000000000000003865817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0b090b7e5798b92021-12-22 11:52:00.945root 11241100x80000000000000003865818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0594fb3d228392d2021-12-22 11:52:00.945root 11241100x80000000000000003865819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016ca872119c658d2021-12-22 11:52:00.946root 11241100x80000000000000003865820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3391dfb16aec8d162021-12-22 11:52:00.946root 11241100x80000000000000003865821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b66b8af055114f2021-12-22 11:52:00.946root 11241100x80000000000000003865822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d50434c91a8fae2021-12-22 11:52:00.946root 354300x80000000000000003865823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.215{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55566-false10.0.1.12-8000- 11241100x80000000000000003865824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a462e01a09beb752021-12-22 11:52:01.216root 11241100x80000000000000003865825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc665183c91b1c622021-12-22 11:52:01.217root 11241100x80000000000000003865826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900962c550df1c772021-12-22 11:52:01.217root 11241100x80000000000000003865827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a047410c0482c9a2021-12-22 11:52:01.217root 11241100x80000000000000003865828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb693f55015489d42021-12-22 11:52:01.217root 11241100x80000000000000003865829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63823a41d95c473d2021-12-22 11:52:01.217root 11241100x80000000000000003865830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbb2ff4dc6e20042021-12-22 11:52:01.217root 11241100x80000000000000003865831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b2ef60ee358d3f2021-12-22 11:52:01.217root 11241100x80000000000000003865832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312569709369cadd2021-12-22 11:52:01.217root 11241100x80000000000000003865833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321da8c6e48beef52021-12-22 11:52:01.217root 11241100x80000000000000003865834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1778906b4b4b1b2021-12-22 11:52:01.218root 11241100x80000000000000003865835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34869df11fc5607a2021-12-22 11:52:01.218root 11241100x80000000000000003865836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6afb048699a80dd42021-12-22 11:52:01.218root 11241100x80000000000000003865837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c78a22882832672021-12-22 11:52:01.218root 11241100x80000000000000003865838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a787de30b1655c0a2021-12-22 11:52:01.218root 11241100x80000000000000003865839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f916b13d6dc8da2021-12-22 11:52:01.218root 11241100x80000000000000003865840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599cb9adfeaf95362021-12-22 11:52:01.218root 11241100x80000000000000003865841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a047865695a0bfb82021-12-22 11:52:01.218root 11241100x80000000000000003865842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49cd2f733d833f032021-12-22 11:52:01.218root 11241100x80000000000000003865843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af406eccfe8550f2021-12-22 11:52:01.218root 11241100x80000000000000003865844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.827b92a6d14536e82021-12-22 11:52:01.219root 11241100x80000000000000003865845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8476d3533f4268e42021-12-22 11:52:01.219root 11241100x80000000000000003865846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd90cc3456baf042021-12-22 11:52:01.219root 11241100x80000000000000003865847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8c1a3dbcd46de32021-12-22 11:52:01.219root 11241100x80000000000000003865848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7d4b4a56b07db32021-12-22 11:52:01.219root 11241100x80000000000000003865849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618342de15aed9a12021-12-22 11:52:01.219root 11241100x80000000000000003865850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a90cb7b78eb70b2021-12-22 11:52:01.219root 11241100x80000000000000003865851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7080f030360bccf2021-12-22 11:52:01.693root 11241100x80000000000000003865852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9a2ed172da3de22021-12-22 11:52:01.693root 11241100x80000000000000003865853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36ed531672d55162021-12-22 11:52:01.693root 11241100x80000000000000003865854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3155a845f019bc52021-12-22 11:52:01.694root 11241100x80000000000000003865855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05040dd3252c29882021-12-22 11:52:01.694root 11241100x80000000000000003865856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cabbf0317d790242021-12-22 11:52:01.694root 11241100x80000000000000003865857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ce47e2fce989bc2021-12-22 11:52:01.694root 11241100x80000000000000003865858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062a95f0911420872021-12-22 11:52:01.694root 11241100x80000000000000003865859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f078e51bc723b7d2021-12-22 11:52:01.694root 11241100x80000000000000003865860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2dbd8ca043013b2021-12-22 11:52:01.694root 11241100x80000000000000003865861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edcbcc8372a139742021-12-22 11:52:01.694root 11241100x80000000000000003865862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35881c2d23f721a42021-12-22 11:52:01.695root 11241100x80000000000000003865863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8a675905de731e2021-12-22 11:52:01.695root 11241100x80000000000000003865864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a65e1d376f49862021-12-22 11:52:01.695root 11241100x80000000000000003865865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0edea11954550d072021-12-22 11:52:01.695root 11241100x80000000000000003865866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5103821d36533012021-12-22 11:52:01.695root 11241100x80000000000000003865867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92105dd0e47548842021-12-22 11:52:01.695root 11241100x80000000000000003865868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79836b77863ddc42021-12-22 11:52:01.695root 11241100x80000000000000003865869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32bff4d570a262782021-12-22 11:52:01.696root 11241100x80000000000000003865870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f452f0e4a3dd200c2021-12-22 11:52:01.696root 11241100x80000000000000003865871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7c032bffa0df162021-12-22 11:52:01.696root 11241100x80000000000000003865872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1106172e44387c512021-12-22 11:52:01.696root 11241100x80000000000000003865873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a76aaf5677337e352021-12-22 11:52:01.696root 11241100x80000000000000003865874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2575688f7d4fb8ae2021-12-22 11:52:01.696root 11241100x80000000000000003865875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a64ab101cd7da2f2021-12-22 11:52:01.697root 11241100x80000000000000003865876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dfb2488b4e09dc32021-12-22 11:52:01.697root 11241100x80000000000000003865877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7dfe509b092f532021-12-22 11:52:01.697root 11241100x80000000000000003865878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a423cea91fad152021-12-22 11:52:02.193root 11241100x80000000000000003865879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b39a46b8e0aa872021-12-22 11:52:02.193root 11241100x80000000000000003865880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f6cc02225b7c142021-12-22 11:52:02.193root 11241100x80000000000000003865881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2bbc52a8e2a5f82021-12-22 11:52:02.193root 11241100x80000000000000003865882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb401bd0f921c852021-12-22 11:52:02.194root 11241100x80000000000000003865883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287ea70bb43aea082021-12-22 11:52:02.194root 11241100x80000000000000003865884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862f908746144cf92021-12-22 11:52:02.194root 11241100x80000000000000003865885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72a507ddf1734e62021-12-22 11:52:02.194root 11241100x80000000000000003865886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b903d133a0fef1dc2021-12-22 11:52:02.194root 11241100x80000000000000003865887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fea34bfbccd0572021-12-22 11:52:02.194root 11241100x80000000000000003865888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8283b228d077502f2021-12-22 11:52:02.194root 11241100x80000000000000003865889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d66c1bc4c252c22021-12-22 11:52:02.195root 11241100x80000000000000003865890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab659fc217ccdcc2021-12-22 11:52:02.195root 11241100x80000000000000003865891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8194720628f897d2021-12-22 11:52:02.195root 11241100x80000000000000003865892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11bf3ad48a0e4e32021-12-22 11:52:02.195root 11241100x80000000000000003865893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a4e0ac2905ebd92021-12-22 11:52:02.195root 11241100x80000000000000003865894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a322eb3237cd6ce32021-12-22 11:52:02.195root 11241100x80000000000000003865895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37faff3be4309d12021-12-22 11:52:02.196root 11241100x80000000000000003865896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602d10dc7e31d9142021-12-22 11:52:02.196root 11241100x80000000000000003865897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d28ecf3808fd552021-12-22 11:52:02.196root 11241100x80000000000000003865898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41beecbe71fe9ea2021-12-22 11:52:02.196root 11241100x80000000000000003865899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7704280be5fc4f2021-12-22 11:52:02.196root 11241100x80000000000000003865900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffaafb1d2f615f6a2021-12-22 11:52:02.196root 11241100x80000000000000003865901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99241a6d22f4bae92021-12-22 11:52:02.196root 11241100x80000000000000003865902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d87d2866eb65062021-12-22 11:52:02.197root 11241100x80000000000000003865903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea143a8e130aaefc2021-12-22 11:52:02.197root 11241100x80000000000000003865904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce50e97285f40f852021-12-22 11:52:02.197root 11241100x80000000000000003865905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7f1589cb2b8e962021-12-22 11:52:02.197root 11241100x80000000000000003865906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6d69afe24169082021-12-22 11:52:02.197root 11241100x80000000000000003865907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453feccb369be6c22021-12-22 11:52:02.197root 11241100x80000000000000003865908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c82ccb4da76cc392021-12-22 11:52:02.197root 11241100x80000000000000003865909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91de2379fdc8cab42021-12-22 11:52:02.693root 11241100x80000000000000003865910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc434a8e8f7f4b22021-12-22 11:52:02.693root 11241100x80000000000000003865911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49cef993e78c3be22021-12-22 11:52:02.694root 11241100x80000000000000003865912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ac7564683d3b752021-12-22 11:52:02.694root 11241100x80000000000000003865913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781adb1b6b1bf4ca2021-12-22 11:52:02.694root 11241100x80000000000000003865914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3e453f3a5a161b2021-12-22 11:52:02.694root 11241100x80000000000000003865915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a6ec83d238c1af2021-12-22 11:52:02.695root 11241100x80000000000000003865916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a19c2c829c2f7f52021-12-22 11:52:02.695root 11241100x80000000000000003865917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44206e2037cd88e22021-12-22 11:52:02.695root 11241100x80000000000000003865918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f208d029a339822021-12-22 11:52:02.695root 11241100x80000000000000003865919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583fb8baf3eeddaf2021-12-22 11:52:02.695root 11241100x80000000000000003865920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b183c6f35d2a72a52021-12-22 11:52:02.696root 11241100x80000000000000003865921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a8e7186505f4ea82021-12-22 11:52:02.696root 11241100x80000000000000003865922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421494c2bd2c9f272021-12-22 11:52:02.696root 11241100x80000000000000003865923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f34e5cd352e6552021-12-22 11:52:02.696root 11241100x80000000000000003865924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e23091c061db3ee2021-12-22 11:52:02.696root 11241100x80000000000000003865925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b3159993824ee82021-12-22 11:52:02.696root 11241100x80000000000000003865926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5d1da003583ad02021-12-22 11:52:02.696root 11241100x80000000000000003865927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4a6db8b9dfb1442021-12-22 11:52:02.696root 11241100x80000000000000003865928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f3391aa837f01b2021-12-22 11:52:02.696root 11241100x80000000000000003865929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff07e293758b3552021-12-22 11:52:02.697root 11241100x80000000000000003865930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6226bb33dee2952021-12-22 11:52:02.697root 11241100x80000000000000003865931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6e571e07ec3f352021-12-22 11:52:02.697root 11241100x80000000000000003865932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102fdfc04943092a2021-12-22 11:52:02.697root 11241100x80000000000000003865933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe0283b4b6be1f82021-12-22 11:52:02.697root 11241100x80000000000000003865934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a739f305e0176452021-12-22 11:52:02.697root 11241100x80000000000000003865935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf570cc994c086c12021-12-22 11:52:02.697root 11241100x80000000000000003865936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e1f2c629067c602021-12-22 11:52:02.697root 11241100x80000000000000003865937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435f5d511942125d2021-12-22 11:52:02.697root 11241100x80000000000000003865938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.141{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-22 11:52:03.141root 11241100x80000000000000003865939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33de680727fd86632021-12-22 11:52:03.142root 11241100x80000000000000003865940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0543a459887418d12021-12-22 11:52:03.142root 11241100x80000000000000003865941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0464252d1e6266512021-12-22 11:52:03.142root 11241100x80000000000000003865942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03fcb920841eba562021-12-22 11:52:03.142root 11241100x80000000000000003865943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50212526ee43f0022021-12-22 11:52:03.143root 11241100x80000000000000003865944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1745f3733e958b772021-12-22 11:52:03.143root 11241100x80000000000000003865945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5738b8e1be3e3a2a2021-12-22 11:52:03.143root 11241100x80000000000000003865946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb590b3be792fa332021-12-22 11:52:03.143root 11241100x80000000000000003865947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33b4718e4b5c66a2021-12-22 11:52:03.143root 11241100x80000000000000003865948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bafaff6bc0e06b02021-12-22 11:52:03.143root 11241100x80000000000000003865949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28c676ab7b810292021-12-22 11:52:03.143root 11241100x80000000000000003865950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c888ef1a3cc11fdd2021-12-22 11:52:03.143root 11241100x80000000000000003865951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a21e33f583ca26a12021-12-22 11:52:03.143root 11241100x80000000000000003865952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64be88bf3eabcf7b2021-12-22 11:52:03.144root 11241100x80000000000000003865953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b78f30759399c222021-12-22 11:52:03.144root 11241100x80000000000000003865954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3625af2792fbb8322021-12-22 11:52:03.144root 11241100x80000000000000003865955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a8b011d55bce712021-12-22 11:52:03.144root 11241100x80000000000000003865956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517100845e008e512021-12-22 11:52:03.144root 11241100x80000000000000003865957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1deb7e2ec7f00bef2021-12-22 11:52:03.144root 11241100x80000000000000003865958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a49e935256797f72021-12-22 11:52:03.144root 11241100x80000000000000003865959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ddef18232393242021-12-22 11:52:03.145root 11241100x80000000000000003865960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b15acd6bb841f352021-12-22 11:52:03.145root 11241100x80000000000000003865961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a0489f5a683eec2021-12-22 11:52:03.145root 11241100x80000000000000003865962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041629ec66fc2c0c2021-12-22 11:52:03.145root 11241100x80000000000000003865963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5dfac9bda57c3cb2021-12-22 11:52:03.145root 11241100x80000000000000003865964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b53a35b806871b2021-12-22 11:52:03.146root 11241100x80000000000000003865965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a356d289039c23862021-12-22 11:52:03.146root 11241100x80000000000000003865966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b250958a36a9752021-12-22 11:52:03.146root 11241100x80000000000000003865967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c25e36e53fbdc52021-12-22 11:52:03.146root 11241100x80000000000000003865968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ad31b39da8b5f02021-12-22 11:52:03.146root 11241100x80000000000000003865969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3891da4531b1fd2021-12-22 11:52:03.146root 11241100x80000000000000003865970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0004980f9a01d9be2021-12-22 11:52:03.146root 11241100x80000000000000003865971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b1ed2cf5d15d262021-12-22 11:52:03.147root 11241100x80000000000000003865972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824a27682fb849c92021-12-22 11:52:03.147root 11241100x80000000000000003865973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ed3787d5ca64092021-12-22 11:52:03.147root 11241100x80000000000000003865974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd74f51a2267ad02021-12-22 11:52:03.443root 11241100x80000000000000003865975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c256f85e04c4ce092021-12-22 11:52:03.443root 11241100x80000000000000003865976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608a23b7685013aa2021-12-22 11:52:03.443root 11241100x80000000000000003865977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a24da0f123f4b12021-12-22 11:52:03.443root 11241100x80000000000000003865978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd14ad61d1f8f122021-12-22 11:52:03.444root 11241100x80000000000000003865979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22626025285e6ae62021-12-22 11:52:03.444root 11241100x80000000000000003865980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c434f16e0a0b0d2021-12-22 11:52:03.444root 11241100x80000000000000003865981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590f04e4e3998c032021-12-22 11:52:03.444root 11241100x80000000000000003865982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e9698cfa5116c62021-12-22 11:52:03.445root 11241100x80000000000000003865983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0815886c31deb1352021-12-22 11:52:03.445root 11241100x80000000000000003865984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a79edbb02d338ec2021-12-22 11:52:03.445root 11241100x80000000000000003865985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a851aa42aedee6d02021-12-22 11:52:03.445root 11241100x80000000000000003865986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3acb46214f3faeff2021-12-22 11:52:03.445root 11241100x80000000000000003865987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b835efb08ff8b88c2021-12-22 11:52:03.445root 11241100x80000000000000003865988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95b5607034df6f72021-12-22 11:52:03.445root 11241100x80000000000000003865989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6db48e48b6a5f42021-12-22 11:52:03.445root 11241100x80000000000000003865990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ffe7dfbeedf39e52021-12-22 11:52:03.445root 11241100x80000000000000003865991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7a2d0c8ae6700d2021-12-22 11:52:03.446root 11241100x80000000000000003865992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1732f4fade396e32021-12-22 11:52:03.446root 11241100x80000000000000003865993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74423d625e4826be2021-12-22 11:52:03.446root 11241100x80000000000000003865994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d720034a0afdb302021-12-22 11:52:03.446root 11241100x80000000000000003865995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b80f99e85ceb9f2021-12-22 11:52:03.446root 11241100x80000000000000003865996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18bcca61a24d3262021-12-22 11:52:03.446root 11241100x80000000000000003865997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c460eb2afeaad42f2021-12-22 11:52:03.446root 11241100x80000000000000003865998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c10490f620a4fb2021-12-22 11:52:03.447root 11241100x80000000000000003865999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7353ab0402b6a22c2021-12-22 11:52:03.447root 11241100x80000000000000003866000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6557f5b9c4dc975d2021-12-22 11:52:03.447root 11241100x80000000000000003866001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24cb4d1da953cfe12021-12-22 11:52:03.447root 11241100x80000000000000003866002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd77a55e58c642e42021-12-22 11:52:03.447root 11241100x80000000000000003866003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1917de67ac0a0d212021-12-22 11:52:03.447root 11241100x80000000000000003866004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d5d03ae4d1f2c32021-12-22 11:52:03.448root 11241100x80000000000000003866005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b372be22bd7ea9972021-12-22 11:52:03.448root 534500x80000000000000003866006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.476{00000000-0000-0000-0000-000000000000}19126<unknown process>ubuntu 534500x80000000000000003866007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.478{00000000-0000-0000-0000-000000000000}19127<unknown process>ubuntu 11241100x80000000000000003866008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.478{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash/tmp/sh-thd.AnVQfA2021-12-22 11:52:03.478ubuntu 23542300x80000000000000003866009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.478{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702ubuntu/bin/bash/tmp/sh-thd.AnVQfA--- 11241100x80000000000000003866010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1e6887ac4e97ce2021-12-22 11:52:03.943root 11241100x80000000000000003866011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6eac885a1d451272021-12-22 11:52:03.943root 11241100x80000000000000003866012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89954b2428c2939a2021-12-22 11:52:03.943root 11241100x80000000000000003866013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5c56c68c7262e22021-12-22 11:52:03.943root 11241100x80000000000000003866014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05020c5cb85ffb8d2021-12-22 11:52:03.943root 11241100x80000000000000003866015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b784bf9625a4627d2021-12-22 11:52:03.944root 11241100x80000000000000003866016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e85eb4a5cd9c31b2021-12-22 11:52:03.944root 11241100x80000000000000003866017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b017b88d41f0ca2021-12-22 11:52:03.944root 11241100x80000000000000003866018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed93cc82d42a1cd52021-12-22 11:52:03.944root 11241100x80000000000000003866019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f461feef7750592021-12-22 11:52:03.944root 11241100x80000000000000003866020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b291844563274ad2021-12-22 11:52:03.944root 11241100x80000000000000003866021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76990995499215e12021-12-22 11:52:03.944root 11241100x80000000000000003866022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eafae6c334370722021-12-22 11:52:03.944root 11241100x80000000000000003866023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6f1cfba5dc449c2021-12-22 11:52:03.944root 11241100x80000000000000003866024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49838cd14b037b632021-12-22 11:52:03.944root 11241100x80000000000000003866025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3324037381f7be2021-12-22 11:52:03.944root 11241100x80000000000000003866026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db90afd9e7976252021-12-22 11:52:03.945root 11241100x80000000000000003866027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2742204e9a7f702021-12-22 11:52:03.945root 11241100x80000000000000003866028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f459ee1d931eb32021-12-22 11:52:03.945root 11241100x80000000000000003866029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7116c9772e881e92021-12-22 11:52:03.945root 11241100x80000000000000003866030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8e4995f37c1f3c2021-12-22 11:52:03.945root 11241100x80000000000000003866031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a9e3a78eb673542021-12-22 11:52:03.945root 11241100x80000000000000003866032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c60eb89459aebdf2021-12-22 11:52:03.945root 11241100x80000000000000003866033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce45a522f08e1b42021-12-22 11:52:03.945root 11241100x80000000000000003866034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b3f0a6b61799cd2021-12-22 11:52:03.945root 11241100x80000000000000003866035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3652efef502d69982021-12-22 11:52:03.946root 11241100x80000000000000003866036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4c604253c4fa492021-12-22 11:52:03.946root 11241100x80000000000000003866037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3c20169cf45cee2021-12-22 11:52:03.946root 11241100x80000000000000003866038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7248e2eea05028c62021-12-22 11:52:03.946root 11241100x80000000000000003866039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa919aceb25178132021-12-22 11:52:03.946root 11241100x80000000000000003866040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be50761b992f73222021-12-22 11:52:03.946root 11241100x80000000000000003866041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9dfbbff56b13a322021-12-22 11:52:03.946root 11241100x80000000000000003866042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9ff90b9ffa94a42021-12-22 11:52:04.443root 11241100x80000000000000003866043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e985eec99144802021-12-22 11:52:04.443root 11241100x80000000000000003866044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805465c59b38e8e72021-12-22 11:52:04.444root 11241100x80000000000000003866045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7631345ab9f61142021-12-22 11:52:04.444root 11241100x80000000000000003866046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01ecac6df3fd3e92021-12-22 11:52:04.444root 11241100x80000000000000003866047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf0c9dae04437952021-12-22 11:52:04.445root 11241100x80000000000000003866048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa615e3c4841e022021-12-22 11:52:04.445root 11241100x80000000000000003866049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e20b85a7e5a4d32021-12-22 11:52:04.445root 11241100x80000000000000003866050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca224f40a501e8c2021-12-22 11:52:04.445root 11241100x80000000000000003866051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a142fa26cfedc22021-12-22 11:52:04.446root 11241100x80000000000000003866052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936c34e88b22fafe2021-12-22 11:52:04.446root 11241100x80000000000000003866053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e272a8fdcd91cc62021-12-22 11:52:04.447root 11241100x80000000000000003866054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db385920e4b08de92021-12-22 11:52:04.447root 11241100x80000000000000003866055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b073ae980d563902021-12-22 11:52:04.447root 11241100x80000000000000003866056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460b4aa70c0ae2c02021-12-22 11:52:04.448root 11241100x80000000000000003866057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb30e3528a14a7c92021-12-22 11:52:04.448root 11241100x80000000000000003866058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98392cdfd5147d822021-12-22 11:52:04.448root 11241100x80000000000000003866059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17948fd927d83a62021-12-22 11:52:04.449root 11241100x80000000000000003866060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecac1f81db4b17f42021-12-22 11:52:04.449root 11241100x80000000000000003866061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0edd446629f73b2021-12-22 11:52:04.450root 11241100x80000000000000003866062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3af2f1192f94082021-12-22 11:52:04.450root 11241100x80000000000000003866063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9559197de5aa55c02021-12-22 11:52:04.450root 11241100x80000000000000003866064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818825da9c2399d22021-12-22 11:52:04.451root 11241100x80000000000000003866065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aedda5ffc5614f6c2021-12-22 11:52:04.451root 11241100x80000000000000003866066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d4d6e8c46d6f7c2021-12-22 11:52:04.452root 11241100x80000000000000003866067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9adc26129745992021-12-22 11:52:04.452root 11241100x80000000000000003866068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b777f01c8e26862021-12-22 11:52:04.452root 11241100x80000000000000003866069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285c8f061beb3f482021-12-22 11:52:04.453root 11241100x80000000000000003866070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd7124fe7b173132021-12-22 11:52:04.454root 11241100x80000000000000003866071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4de7facb0327be2021-12-22 11:52:04.454root 11241100x80000000000000003866072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1803922a1934b8682021-12-22 11:52:04.454root 11241100x80000000000000003866073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6fe69f05965bce2021-12-22 11:52:04.455root 11241100x80000000000000003866074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f057c64245187882021-12-22 11:52:04.455root 11241100x80000000000000003866075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0eff014729657c2021-12-22 11:52:04.943root 11241100x80000000000000003866076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58e669f5a03201e2021-12-22 11:52:04.943root 11241100x80000000000000003866077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9de1c4cae3f9b42021-12-22 11:52:04.944root 11241100x80000000000000003866078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d91034f15a77d692021-12-22 11:52:04.944root 11241100x80000000000000003866079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2b46ff817ceb0d2021-12-22 11:52:04.944root 11241100x80000000000000003866080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6ab85180f8ba752021-12-22 11:52:04.944root 11241100x80000000000000003866081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39171d5da1a112de2021-12-22 11:52:04.944root 11241100x80000000000000003866082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0aaf1b6b8008ea2021-12-22 11:52:04.945root 11241100x80000000000000003866083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466c57366c2f64d32021-12-22 11:52:04.945root 11241100x80000000000000003866084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5debba7d27d0d6a2021-12-22 11:52:04.945root 11241100x80000000000000003866085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6319eed5b6aace212021-12-22 11:52:04.945root 11241100x80000000000000003866086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ce9a17ead0aaca2021-12-22 11:52:04.945root 11241100x80000000000000003866087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23723684dc643e612021-12-22 11:52:04.946root 11241100x80000000000000003866088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd170e059650d5d2021-12-22 11:52:04.946root 11241100x80000000000000003866089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b83729d4129cbb92021-12-22 11:52:04.946root 11241100x80000000000000003866090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c001d54cc8ae682021-12-22 11:52:04.946root 11241100x80000000000000003866091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd966cadcf801162021-12-22 11:52:04.946root 11241100x80000000000000003866092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a079a6ed910b6bdb2021-12-22 11:52:04.947root 11241100x80000000000000003866093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3af97bbeb7e5782021-12-22 11:52:04.947root 11241100x80000000000000003866094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43939c1b63a300632021-12-22 11:52:04.947root 11241100x80000000000000003866095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae6a33bbe921ee22021-12-22 11:52:04.947root 11241100x80000000000000003866096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86604d92deff5b102021-12-22 11:52:04.947root 11241100x80000000000000003866097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71ea89d7662e7592021-12-22 11:52:04.948root 11241100x80000000000000003866098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b1a46ad83836002021-12-22 11:52:04.948root 11241100x80000000000000003866099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0e84a4de29702e2021-12-22 11:52:04.948root 11241100x80000000000000003866100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d1b3c4d58e920e2021-12-22 11:52:04.948root 11241100x80000000000000003866101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93217e29001d7b92021-12-22 11:52:04.948root 11241100x80000000000000003866102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3a18faaffda72d2021-12-22 11:52:04.948root 11241100x80000000000000003866103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41cb4d991ea271202021-12-22 11:52:04.949root 11241100x80000000000000003866104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f22e8eb0bfe79482021-12-22 11:52:04.949root 11241100x80000000000000003866105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a103750278509aa2021-12-22 11:52:04.949root 11241100x80000000000000003866106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da7ef9d2ab207232021-12-22 11:52:04.949root 11241100x80000000000000003866107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac6dc07b1a363e72021-12-22 11:52:04.949root 11241100x80000000000000003866108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84d2d6e2c98da822021-12-22 11:52:04.949root 11241100x80000000000000003866109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c6f395c724c4052021-12-22 11:52:05.442root 11241100x80000000000000003866110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c471d80096b75e2021-12-22 11:52:05.443root 11241100x80000000000000003866111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d5fcc0619f9ea92021-12-22 11:52:05.443root 11241100x80000000000000003866112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53d055da067dc852021-12-22 11:52:05.444root 11241100x80000000000000003866113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738fd3b2538a26112021-12-22 11:52:05.444root 11241100x80000000000000003866114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575020010364b81f2021-12-22 11:52:05.444root 11241100x80000000000000003866115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b206771742bde932021-12-22 11:52:05.445root 11241100x80000000000000003866116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3433bfb015d8f92021-12-22 11:52:05.445root 11241100x80000000000000003866117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d322348b27ef8552021-12-22 11:52:05.445root 11241100x80000000000000003866118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa9d5b85c4321a82021-12-22 11:52:05.445root 11241100x80000000000000003866119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761c13619057c0f22021-12-22 11:52:05.445root 11241100x80000000000000003866120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a0a9ffc17823b12021-12-22 11:52:05.445root 11241100x80000000000000003866121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af049269851abe872021-12-22 11:52:05.445root 11241100x80000000000000003866122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80d5a2088be21742021-12-22 11:52:05.446root 11241100x80000000000000003866123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4dc97c69746f432021-12-22 11:52:05.446root 11241100x80000000000000003866124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75331e2f714f9ef42021-12-22 11:52:05.446root 11241100x80000000000000003866125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b0d67e0b37f9522021-12-22 11:52:05.446root 11241100x80000000000000003866126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eef7fd9996a782c2021-12-22 11:52:05.446root 11241100x80000000000000003866127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394a6c579e203edb2021-12-22 11:52:05.446root 11241100x80000000000000003866128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daff5320db5f4f4c2021-12-22 11:52:05.446root 11241100x80000000000000003866129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4df304d90c9cac2021-12-22 11:52:05.447root 11241100x80000000000000003866130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0697ff555282a5a2021-12-22 11:52:05.447root 11241100x80000000000000003866131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2157db89e91817a72021-12-22 11:52:05.447root 11241100x80000000000000003866132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54b74e3304bdb812021-12-22 11:52:05.447root 11241100x80000000000000003866133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b75df8d9f51ed1d2021-12-22 11:52:05.447root 11241100x80000000000000003866134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b426a73c661b50a2021-12-22 11:52:05.448root 11241100x80000000000000003866135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88944b39239e658f2021-12-22 11:52:05.448root 11241100x80000000000000003866136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c54b99e8e23ee512021-12-22 11:52:05.448root 11241100x80000000000000003866137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b66c6c5ee30f7562021-12-22 11:52:05.448root 11241100x80000000000000003866138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f06a3144f058ca2021-12-22 11:52:05.448root 11241100x80000000000000003866139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8150b58a36e5ff62021-12-22 11:52:05.448root 11241100x80000000000000003866140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c3cecf71c998722021-12-22 11:52:05.448root 11241100x80000000000000003866141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff32c7803e7511c2021-12-22 11:52:05.448root 11241100x80000000000000003866142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a62618ed8e48542021-12-22 11:52:05.449root 11241100x80000000000000003866143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14924de7ea0598a82021-12-22 11:52:05.449root 11241100x80000000000000003866144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d17bfd4d7e6d1332021-12-22 11:52:05.943root 11241100x80000000000000003866145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec684d354c3a8312021-12-22 11:52:05.943root 11241100x80000000000000003866146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78ee353f62f7a032021-12-22 11:52:05.943root 11241100x80000000000000003866147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df689f22ea3f6ac2021-12-22 11:52:05.943root 11241100x80000000000000003866148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a675f5a4444fd452021-12-22 11:52:05.943root 11241100x80000000000000003866149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb31147901d9cc1f2021-12-22 11:52:05.943root 11241100x80000000000000003866150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf480eb3f8458df2021-12-22 11:52:05.944root 11241100x80000000000000003866151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8733aa3c76016d2021-12-22 11:52:05.944root 11241100x80000000000000003866152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efea9b1ada6cbd022021-12-22 11:52:05.944root 11241100x80000000000000003866153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e10073ac54ad15e2021-12-22 11:52:05.944root 11241100x80000000000000003866154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2881e0b5dc6582942021-12-22 11:52:05.944root 11241100x80000000000000003866155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a670e34f1be5d32021-12-22 11:52:05.944root 11241100x80000000000000003866156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc4545be75668af2021-12-22 11:52:05.944root 11241100x80000000000000003866157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d998e83e45cf32542021-12-22 11:52:05.945root 11241100x80000000000000003866158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e985bf3f6232e6fa2021-12-22 11:52:05.945root 11241100x80000000000000003866159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caebcbfdad82d8c32021-12-22 11:52:05.945root 11241100x80000000000000003866160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78265e6c13f04502021-12-22 11:52:05.945root 11241100x80000000000000003866161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa6dffd826b4c3a2021-12-22 11:52:05.945root 11241100x80000000000000003866162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44889da8a156a6d2021-12-22 11:52:05.945root 11241100x80000000000000003866163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d312f16ac21f5ed2021-12-22 11:52:05.946root 11241100x80000000000000003866164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef22e55cd08be4c2021-12-22 11:52:05.946root 11241100x80000000000000003866165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2701dc04409ab4d2021-12-22 11:52:05.946root 11241100x80000000000000003866166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b001bb441b46c85b2021-12-22 11:52:05.946root 11241100x80000000000000003866167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84beb8e712e207512021-12-22 11:52:05.946root 11241100x80000000000000003866168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7492268c68a7becd2021-12-22 11:52:05.946root 11241100x80000000000000003866169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f90c336e8f9833a2021-12-22 11:52:05.946root 11241100x80000000000000003866170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e35736f18213412021-12-22 11:52:05.947root 11241100x80000000000000003866171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94bdd5f06af4d5572021-12-22 11:52:05.947root 11241100x80000000000000003866172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e006621d48ce4712021-12-22 11:52:05.947root 11241100x80000000000000003866173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff18bcb614603f82021-12-22 11:52:05.947root 11241100x80000000000000003866174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c38bd6d575ec07b2021-12-22 11:52:05.948root 11241100x80000000000000003866175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a82628beb3ad1e2021-12-22 11:52:05.948root 11241100x80000000000000003866176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82131025dd169c242021-12-22 11:52:05.948root 11241100x80000000000000003866177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b555dee0dec4e32021-12-22 11:52:05.948root 11241100x80000000000000003866178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b114b889065d3d652021-12-22 11:52:05.948root 11241100x80000000000000003866179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e416bc1d6dcb2e3c2021-12-22 11:52:05.948root 23542300x80000000000000003866180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.019{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000003866181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.236{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55568-false10.0.1.12-8000- 11241100x80000000000000003866182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ffc7d1d7d24da42021-12-22 11:52:06.237root 11241100x80000000000000003866183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ebb2e0d7a9018a2021-12-22 11:52:06.237root 11241100x80000000000000003866184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9965ad933717db02021-12-22 11:52:06.237root 11241100x80000000000000003866185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55844352c6367c6b2021-12-22 11:52:06.237root 11241100x80000000000000003866186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb2053aa9d65ea42021-12-22 11:52:06.238root 11241100x80000000000000003866187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaba9739ead7fecc2021-12-22 11:52:06.238root 11241100x80000000000000003866188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac40a272a73a33e2021-12-22 11:52:06.238root 11241100x80000000000000003866189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6743d08e2e32ef2021-12-22 11:52:06.238root 11241100x80000000000000003866190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa90c2ea9799a2f12021-12-22 11:52:06.238root 11241100x80000000000000003866191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4fef9a837fdfb92021-12-22 11:52:06.238root 11241100x80000000000000003866192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7259edb8180723852021-12-22 11:52:06.238root 11241100x80000000000000003866193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145521266d6883052021-12-22 11:52:06.238root 11241100x80000000000000003866194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0456061d5b22c832021-12-22 11:52:06.239root 11241100x80000000000000003866195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920d9de1b9e046b92021-12-22 11:52:06.239root 11241100x80000000000000003866196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9f549a945b68aa2021-12-22 11:52:06.239root 11241100x80000000000000003866197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2647687193ed62702021-12-22 11:52:06.239root 11241100x80000000000000003866198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf162ff0f2d8c242021-12-22 11:52:06.239root 11241100x80000000000000003866199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5abdddcb3f10682021-12-22 11:52:06.239root 11241100x80000000000000003866200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ec63e3e9d5d7f62021-12-22 11:52:06.240root 11241100x80000000000000003866201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5561d812abd0c6c12021-12-22 11:52:06.240root 11241100x80000000000000003866202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7419656c5376c02021-12-22 11:52:06.240root 11241100x80000000000000003866203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e087a9e64995d49a2021-12-22 11:52:06.240root 11241100x80000000000000003866204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65cdbff78a0be1c12021-12-22 11:52:06.240root 11241100x80000000000000003866205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7359599968246662021-12-22 11:52:06.240root 11241100x80000000000000003866206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ee0514d08e98a02021-12-22 11:52:06.241root 11241100x80000000000000003866207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609b0cda2c8d2d0b2021-12-22 11:52:06.241root 11241100x80000000000000003866208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ce93af197c15aa2021-12-22 11:52:06.241root 11241100x80000000000000003866209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248287e84a3ddc9b2021-12-22 11:52:06.241root 11241100x80000000000000003866210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d9cfa7057af4e12021-12-22 11:52:06.241root 11241100x80000000000000003866211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d9399c3c5869822021-12-22 11:52:06.241root 11241100x80000000000000003866212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177c03555e8f85812021-12-22 11:52:06.242root 11241100x80000000000000003866213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678de76b1b5074622021-12-22 11:52:06.242root 11241100x80000000000000003866214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2f7345ccccb2b72021-12-22 11:52:06.242root 11241100x80000000000000003866215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd34c7fda4a045b2021-12-22 11:52:06.242root 11241100x80000000000000003866216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c94d799fd8f61d12021-12-22 11:52:06.242root 11241100x80000000000000003866217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179dcb3405241fa02021-12-22 11:52:06.242root 11241100x80000000000000003866218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31aea9ed3206acdc2021-12-22 11:52:06.242root 11241100x80000000000000003866219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b489c44fda3a8712021-12-22 11:52:06.243root 11241100x80000000000000003866220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2904c0d8f0aac902021-12-22 11:52:06.243root 11241100x80000000000000003866221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561524499a9e97772021-12-22 11:52:06.243root 11241100x80000000000000003866222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ad480424149efc2021-12-22 11:52:06.243root 11241100x80000000000000003866223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce51e86ddb531292021-12-22 11:52:06.243root 11241100x80000000000000003866224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3921f8f7f5d36e932021-12-22 11:52:06.243root 11241100x80000000000000003866225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8b2905f618ddeb2021-12-22 11:52:06.243root 11241100x80000000000000003866226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2404dabf3de1492021-12-22 11:52:06.243root 11241100x80000000000000003866227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5accd5f085c2de8c2021-12-22 11:52:06.244root 11241100x80000000000000003866228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b13c07fa28ab1292021-12-22 11:52:06.244root 11241100x80000000000000003866229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0ac0572930a9b12021-12-22 11:52:06.244root 11241100x80000000000000003866230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99dc8b1ec1e954bd2021-12-22 11:52:06.244root 11241100x80000000000000003866231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23fb400712f8f8d2021-12-22 11:52:06.244root 11241100x80000000000000003866232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab77aa6481342422021-12-22 11:52:06.693root 11241100x80000000000000003866233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af6fc529266e5012021-12-22 11:52:06.694root 11241100x80000000000000003866234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42a2def58c89dec2021-12-22 11:52:06.694root 11241100x80000000000000003866235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c78a1891a5e34d2021-12-22 11:52:06.694root 11241100x80000000000000003866236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75928ed385293732021-12-22 11:52:06.694root 11241100x80000000000000003866237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d6a6730a98f8572021-12-22 11:52:06.694root 11241100x80000000000000003866238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b0dca16f512ec32021-12-22 11:52:06.695root 11241100x80000000000000003866239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38426e75179ad01a2021-12-22 11:52:06.695root 11241100x80000000000000003866240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa087c36c0406aee2021-12-22 11:52:06.695root 11241100x80000000000000003866241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80761efd95a4b022021-12-22 11:52:06.695root 11241100x80000000000000003866242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dffad6541b8527432021-12-22 11:52:06.696root 11241100x80000000000000003866243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4013a3ac2787c9b2021-12-22 11:52:06.696root 11241100x80000000000000003866244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28c4e38fbb2d8452021-12-22 11:52:06.696root 11241100x80000000000000003866245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f20a8ee7a165452021-12-22 11:52:06.696root 11241100x80000000000000003866246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ac5a1aa7dda29a2021-12-22 11:52:06.696root 11241100x80000000000000003866247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a934d88e0dc1869f2021-12-22 11:52:06.696root 11241100x80000000000000003866248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0df2fc6fe1b7142021-12-22 11:52:06.696root 11241100x80000000000000003866249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3565c5c5165135062021-12-22 11:52:06.697root 11241100x80000000000000003866250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1f4976ae2d687e2021-12-22 11:52:06.697root 11241100x80000000000000003866251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44fafd48d7539d72021-12-22 11:52:06.697root 11241100x80000000000000003866252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2462ec9f7808a632021-12-22 11:52:06.697root 11241100x80000000000000003866253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63058c5824b457ca2021-12-22 11:52:06.698root 11241100x80000000000000003866254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b5196e5168f1ee2021-12-22 11:52:06.698root 11241100x80000000000000003866255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.023d4c4559d3ae742021-12-22 11:52:06.698root 11241100x80000000000000003866256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de9d46527c34a8c2021-12-22 11:52:06.698root 11241100x80000000000000003866257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b243894b18e765062021-12-22 11:52:06.698root 11241100x80000000000000003866258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0218392cea550c2021-12-22 11:52:06.698root 11241100x80000000000000003866259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1ccdde5b2dc4d22021-12-22 11:52:06.699root 11241100x80000000000000003866260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219e1e5bdf4f29432021-12-22 11:52:06.699root 11241100x80000000000000003866261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b7748b5087945b2021-12-22 11:52:06.699root 11241100x80000000000000003866262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77fdde5317ae7a482021-12-22 11:52:06.699root 11241100x80000000000000003866263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd3d515627d67b62021-12-22 11:52:06.700root 11241100x80000000000000003866264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a37ce5008a945462021-12-22 11:52:06.700root 11241100x80000000000000003866265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd465dafbb5a3c2e2021-12-22 11:52:06.700root 11241100x80000000000000003866266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b2b9625d65e9fb2021-12-22 11:52:07.193root 11241100x80000000000000003866267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76fec75983c9367e2021-12-22 11:52:07.193root 11241100x80000000000000003866268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d22a8c933501bf72021-12-22 11:52:07.193root 11241100x80000000000000003866269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43f7265e1a952dc2021-12-22 11:52:07.193root 11241100x80000000000000003866270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a581bf6a96c7cd402021-12-22 11:52:07.193root 11241100x80000000000000003866271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d1d226ca43aeae2021-12-22 11:52:07.193root 11241100x80000000000000003866272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd903691be986de2021-12-22 11:52:07.194root 11241100x80000000000000003866273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ffeaf2030ec21c2021-12-22 11:52:07.194root 11241100x80000000000000003866274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a4c7e03a23e6d82021-12-22 11:52:07.194root 11241100x80000000000000003866275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6680cd7800e924ed2021-12-22 11:52:07.194root 11241100x80000000000000003866276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98689efa11cf78b02021-12-22 11:52:07.195root 11241100x80000000000000003866277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307693cc9858d8fa2021-12-22 11:52:07.195root 11241100x80000000000000003866278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd157970fefb22462021-12-22 11:52:07.195root 11241100x80000000000000003866279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0fdcff8231a319e2021-12-22 11:52:07.195root 11241100x80000000000000003866280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9595b0ca25b807482021-12-22 11:52:07.195root 11241100x80000000000000003866281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5a6f30c208ea6d2021-12-22 11:52:07.196root 11241100x80000000000000003866282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0335a28c0569452021-12-22 11:52:07.196root 11241100x80000000000000003866283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ddad23d25fe1042021-12-22 11:52:07.198root 11241100x80000000000000003866284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68b74b7ea46e3002021-12-22 11:52:07.198root 11241100x80000000000000003866285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d943bca04265532021-12-22 11:52:07.198root 11241100x80000000000000003866286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7589e4ffa649a732021-12-22 11:52:07.198root 11241100x80000000000000003866287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ed3c06d9803c972021-12-22 11:52:07.198root 11241100x80000000000000003866288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cff82ce5b7c53fd2021-12-22 11:52:07.198root 11241100x80000000000000003866289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b02d16e1f8ec672021-12-22 11:52:07.199root 11241100x80000000000000003866290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972b1b7ae57f97af2021-12-22 11:52:07.199root 11241100x80000000000000003866291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b23d454fdc5a4d2021-12-22 11:52:07.199root 11241100x80000000000000003866292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52448ca2c78e14202021-12-22 11:52:07.199root 11241100x80000000000000003866293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073461aa7664875d2021-12-22 11:52:07.199root 11241100x80000000000000003866294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbbd9a2a2dcc61a02021-12-22 11:52:07.199root 11241100x80000000000000003866295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7089f7a6a78fbb2021-12-22 11:52:07.199root 11241100x80000000000000003866296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a072e2594d7496972021-12-22 11:52:07.199root 11241100x80000000000000003866297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b689879b733029b92021-12-22 11:52:07.199root 11241100x80000000000000003866298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718418ca6269b6252021-12-22 11:52:07.200root 11241100x80000000000000003866299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69f7f47166fd94b2021-12-22 11:52:07.200root 11241100x80000000000000003866300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ee35aacf0130082021-12-22 11:52:07.200root 11241100x80000000000000003866301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3b80f1640bedac2021-12-22 11:52:07.200root 11241100x80000000000000003866302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0024a9d73d3ba21c2021-12-22 11:52:07.200root 11241100x80000000000000003866303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab2796c68aca8c82021-12-22 11:52:07.200root 11241100x80000000000000003866304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a943759942d1b582021-12-22 11:52:07.200root 11241100x80000000000000003866305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0d6e6bc8b67b5a2021-12-22 11:52:07.200root 11241100x80000000000000003866306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da6a40b8184867c2021-12-22 11:52:07.200root 11241100x80000000000000003866307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bcfeba2c3e0b13d2021-12-22 11:52:07.200root 11241100x80000000000000003866308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3bdf54119d4c7d2021-12-22 11:52:07.693root 11241100x80000000000000003866309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9c37216e69e3f62021-12-22 11:52:07.693root 11241100x80000000000000003866310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c948a04dcbc49b2021-12-22 11:52:07.693root 11241100x80000000000000003866311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb90fa1b33c09f52021-12-22 11:52:07.693root 11241100x80000000000000003866312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028246a0eb1833162021-12-22 11:52:07.694root 11241100x80000000000000003866313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52cd74aa7f812b32021-12-22 11:52:07.694root 11241100x80000000000000003866314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef51e80935a5be872021-12-22 11:52:07.694root 11241100x80000000000000003866315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28c4063d1b64baf2021-12-22 11:52:07.694root 11241100x80000000000000003866316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400130455ea866ad2021-12-22 11:52:07.695root 11241100x80000000000000003866317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32981b219aa5f1d2021-12-22 11:52:07.695root 11241100x80000000000000003866318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27ccc01feb12bad2021-12-22 11:52:07.695root 11241100x80000000000000003866319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af5cb6cc3110b392021-12-22 11:52:07.695root 11241100x80000000000000003866320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59990643b8e080492021-12-22 11:52:07.696root 11241100x80000000000000003866321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6689238ebcac9d2021-12-22 11:52:07.696root 11241100x80000000000000003866322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8f2c8db796c9592021-12-22 11:52:07.696root 11241100x80000000000000003866323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0836316ec6b3ebee2021-12-22 11:52:07.696root 11241100x80000000000000003866324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa2cfa4c2c53af52021-12-22 11:52:07.697root 11241100x80000000000000003866325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb00b20120384b702021-12-22 11:52:07.697root 11241100x80000000000000003866326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60b7184b9ccddb32021-12-22 11:52:07.697root 11241100x80000000000000003866327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3636efdabb7651132021-12-22 11:52:07.697root 11241100x80000000000000003866328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e2344d9f637dd12021-12-22 11:52:07.698root 11241100x80000000000000003866329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85219d22f1d26dc12021-12-22 11:52:07.698root 11241100x80000000000000003866330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171b8417f2832b4f2021-12-22 11:52:07.698root 11241100x80000000000000003866331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095f6b61dd56b26b2021-12-22 11:52:07.698root 11241100x80000000000000003866332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01988c64dc8b10252021-12-22 11:52:07.698root 11241100x80000000000000003866333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e65519ddc63d7132021-12-22 11:52:07.699root 11241100x80000000000000003866334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa6a5b9abe11e5d2021-12-22 11:52:07.699root 11241100x80000000000000003866335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291664bfe0aa1c232021-12-22 11:52:07.699root 11241100x80000000000000003866336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cf8345a6aefb1e2021-12-22 11:52:07.699root 11241100x80000000000000003866337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7db2e3a372d55102021-12-22 11:52:07.700root 11241100x80000000000000003866338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e726f5bd3dbf55b82021-12-22 11:52:07.700root 11241100x80000000000000003866339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1667bc3aab6bcbf2021-12-22 11:52:07.700root 11241100x80000000000000003866340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e79a4b3666738a72021-12-22 11:52:07.700root 11241100x80000000000000003866341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7c186f46d2c75a2021-12-22 11:52:07.700root 11241100x80000000000000003866342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7cbe62cc69b8fa62021-12-22 11:52:07.701root 11241100x80000000000000003866343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7faf425460241e7b2021-12-22 11:52:07.701root 11241100x80000000000000003866344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd996fa595e2f5992021-12-22 11:52:07.701root 11241100x80000000000000003866345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455bb6e1215ad9512021-12-22 11:52:07.702root 11241100x80000000000000003866346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:07.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67d4111dfe754f62021-12-22 11:52:07.702root 11241100x80000000000000003866347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197d4662b97066f62021-12-22 11:52:08.193root 11241100x80000000000000003866348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a641fb230305ea82021-12-22 11:52:08.193root 11241100x80000000000000003866349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639af31c3a20d3812021-12-22 11:52:08.193root 11241100x80000000000000003866350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ef4b46474ac3942021-12-22 11:52:08.194root 11241100x80000000000000003866351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ddcf86f60870c182021-12-22 11:52:08.194root 11241100x80000000000000003866352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ed732410a53fd32021-12-22 11:52:08.194root 11241100x80000000000000003866353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2951a81878b70fe2021-12-22 11:52:08.194root 11241100x80000000000000003866354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9688ac5d2942c9d2021-12-22 11:52:08.194root 11241100x80000000000000003866355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b6764a08c9bc012021-12-22 11:52:08.195root 11241100x80000000000000003866356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa8849c6e1a94822021-12-22 11:52:08.195root 11241100x80000000000000003866357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7716729bfcd7442021-12-22 11:52:08.195root 11241100x80000000000000003866358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac858b0b3dee73cb2021-12-22 11:52:08.195root 11241100x80000000000000003866359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34081369f753aba82021-12-22 11:52:08.196root 11241100x80000000000000003866360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22929dc846465ef52021-12-22 11:52:08.197root 11241100x80000000000000003866361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bdaa3efad12f10e2021-12-22 11:52:08.197root 11241100x80000000000000003866362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31e0e85a43984862021-12-22 11:52:08.197root 11241100x80000000000000003866363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b51a830033f9ce02021-12-22 11:52:08.197root 11241100x80000000000000003866364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c316df949391e052021-12-22 11:52:08.199root 11241100x80000000000000003866365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5f349b56c25fc02021-12-22 11:52:08.200root 11241100x80000000000000003866366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730f36914d8d30a12021-12-22 11:52:08.200root 11241100x80000000000000003866367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649c7ba4d7fdf59e2021-12-22 11:52:08.200root 11241100x80000000000000003866368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc8b7ade9156c7d2021-12-22 11:52:08.200root 11241100x80000000000000003866369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766776e338069fd02021-12-22 11:52:08.200root 11241100x80000000000000003866370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd0ad2a4da02e392021-12-22 11:52:08.200root 11241100x80000000000000003866371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43cbe3b0d782f4e2021-12-22 11:52:08.200root 11241100x80000000000000003866372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9f1d96b45723522021-12-22 11:52:08.200root 11241100x80000000000000003866373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2e0149768a990b2021-12-22 11:52:08.200root 11241100x80000000000000003866374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666f47cc57cd84512021-12-22 11:52:08.201root 11241100x80000000000000003866375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802a2aa4976745212021-12-22 11:52:08.202root 11241100x80000000000000003866376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d447b693c6c384d2021-12-22 11:52:08.202root 11241100x80000000000000003866377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb791795a3ebaa362021-12-22 11:52:08.202root 11241100x80000000000000003866378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ae83ad6a728fdd2021-12-22 11:52:08.202root 11241100x80000000000000003866379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7493f87a6ae6cf652021-12-22 11:52:08.202root 11241100x80000000000000003866380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1cdec83a1ab88952021-12-22 11:52:08.202root 11241100x80000000000000003866381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f2214d9b3b96fe2021-12-22 11:52:08.202root 11241100x80000000000000003866382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4948f6ef3e3c022021-12-22 11:52:08.202root 11241100x80000000000000003866383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569586d1666e05472021-12-22 11:52:08.202root 11241100x80000000000000003866384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e90888a00ca51c92021-12-22 11:52:08.202root 11241100x80000000000000003866385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c5ebbc8856f38f2021-12-22 11:52:08.693root 11241100x80000000000000003866386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6764bad65e28e122021-12-22 11:52:08.694root 11241100x80000000000000003866387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5b08d382cb80c02021-12-22 11:52:08.694root 11241100x80000000000000003866388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550d8816909c6e3e2021-12-22 11:52:08.694root 11241100x80000000000000003866389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bfed1bd212f661e2021-12-22 11:52:08.694root 11241100x80000000000000003866390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91eb6a59ff653232021-12-22 11:52:08.695root 11241100x80000000000000003866391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23772dd3b02b75a2021-12-22 11:52:08.695root 11241100x80000000000000003866392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1edad3c4f9442022021-12-22 11:52:08.695root 11241100x80000000000000003866393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96387e0340dd8b92021-12-22 11:52:08.695root 11241100x80000000000000003866394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04f983e8950c2862021-12-22 11:52:08.695root 11241100x80000000000000003866395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6429675c21cd0bfd2021-12-22 11:52:08.695root 11241100x80000000000000003866396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf8cb72664f3cac2021-12-22 11:52:08.695root 11241100x80000000000000003866397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bbdb35d93c32b92021-12-22 11:52:08.695root 11241100x80000000000000003866398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfee72481458b2a82021-12-22 11:52:08.695root 11241100x80000000000000003866399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97cb5fea59d52eee2021-12-22 11:52:08.696root 11241100x80000000000000003866400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a56a81acbc4676d2021-12-22 11:52:08.696root 11241100x80000000000000003866401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63674446883c755f2021-12-22 11:52:08.696root 11241100x80000000000000003866402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837379b49e46dcac2021-12-22 11:52:08.696root 11241100x80000000000000003866403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d207344f8b8e6a482021-12-22 11:52:08.696root 11241100x80000000000000003866404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc45166d3519cda62021-12-22 11:52:08.697root 11241100x80000000000000003866405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73e384dea03193d2021-12-22 11:52:08.697root 11241100x80000000000000003866406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2f91abe8f0a09e2021-12-22 11:52:08.697root 11241100x80000000000000003866407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f480c29937a6560f2021-12-22 11:52:08.697root 11241100x80000000000000003866408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6f577ae6c7aec72021-12-22 11:52:08.697root 11241100x80000000000000003866409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a19f3682a7b65d2021-12-22 11:52:08.697root 11241100x80000000000000003866410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce600118264adfe2021-12-22 11:52:08.697root 11241100x80000000000000003866411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac07354ffcc8ba02021-12-22 11:52:08.697root 11241100x80000000000000003866412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf9db7ec1a2691c2021-12-22 11:52:08.697root 11241100x80000000000000003866413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da576f57b77f6b552021-12-22 11:52:08.697root 11241100x80000000000000003866414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e725400f46ad6e2021-12-22 11:52:08.698root 11241100x80000000000000003866415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207005efb831206a2021-12-22 11:52:08.699root 11241100x80000000000000003866416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b2508ca5003a3a2021-12-22 11:52:08.699root 11241100x80000000000000003866417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f86b109dbfa5cd2021-12-22 11:52:08.699root 11241100x80000000000000003866418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:08.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06b4c275042d2aa2021-12-22 11:52:08.699root 11241100x80000000000000003866419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9132686f32983aa32021-12-22 11:52:09.193root 11241100x80000000000000003866420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee01a5bd0a322072021-12-22 11:52:09.193root 11241100x80000000000000003866421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63000816e57a3902021-12-22 11:52:09.193root 11241100x80000000000000003866422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6160283113fbb11c2021-12-22 11:52:09.193root 11241100x80000000000000003866423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381b7c4355b9cc642021-12-22 11:52:09.193root 11241100x80000000000000003866424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58472dbada238ea42021-12-22 11:52:09.194root 11241100x80000000000000003866425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a20adf518710f022021-12-22 11:52:09.194root 11241100x80000000000000003866426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7962851dbdfca8622021-12-22 11:52:09.194root 11241100x80000000000000003866427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368998b4adf315232021-12-22 11:52:09.194root 11241100x80000000000000003866428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994de3ca6ff83c7c2021-12-22 11:52:09.194root 11241100x80000000000000003866429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6055221f88e9143f2021-12-22 11:52:09.194root 11241100x80000000000000003866430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd72b4bb4dcf0982021-12-22 11:52:09.194root 11241100x80000000000000003866431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14aa6926a5c8c9f2021-12-22 11:52:09.195root 11241100x80000000000000003866432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1992c237d68145982021-12-22 11:52:09.195root 11241100x80000000000000003866433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2e73f17827bd362021-12-22 11:52:09.195root 11241100x80000000000000003866434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6030d62fc84dac842021-12-22 11:52:09.195root 11241100x80000000000000003866435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f5d3d51f1b3df92021-12-22 11:52:09.195root 11241100x80000000000000003866436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0644a6969a01592021-12-22 11:52:09.195root 11241100x80000000000000003866437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d5f058d12f1bf22021-12-22 11:52:09.196root 11241100x80000000000000003866438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5f93ec62bba50f2021-12-22 11:52:09.196root 11241100x80000000000000003866439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cf6e028917786f2021-12-22 11:52:09.196root 11241100x80000000000000003866440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a51f9117d8b2af42021-12-22 11:52:09.196root 11241100x80000000000000003866441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8116ae428eb1a3d52021-12-22 11:52:09.196root 11241100x80000000000000003866442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5104f782082cb5172021-12-22 11:52:09.196root 11241100x80000000000000003866443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41b31a1a36114672021-12-22 11:52:09.197root 11241100x80000000000000003866444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1edd4f9c745eff2021-12-22 11:52:09.197root 11241100x80000000000000003866445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f723f5191bb25db12021-12-22 11:52:09.197root 11241100x80000000000000003866446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c36cc37cca5d7b72021-12-22 11:52:09.197root 11241100x80000000000000003866447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63422f107211d3012021-12-22 11:52:09.197root 11241100x80000000000000003866448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ebd3b7a642d2fc2021-12-22 11:52:09.197root 11241100x80000000000000003866449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b6ad5bd5f48c092021-12-22 11:52:09.198root 11241100x80000000000000003866450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5188c31a700da95e2021-12-22 11:52:09.198root 11241100x80000000000000003866451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1de4e413fb25b1a2021-12-22 11:52:09.198root 11241100x80000000000000003866452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca68e87278406512021-12-22 11:52:09.198root 11241100x80000000000000003866453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be85fadbc2d585612021-12-22 11:52:09.198root 11241100x80000000000000003866454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb14f394c63fbc22021-12-22 11:52:09.198root 11241100x80000000000000003866455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b5a8fa4d4a88f62021-12-22 11:52:09.198root 11241100x80000000000000003866456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2675ebc465a32222021-12-22 11:52:09.693root 11241100x80000000000000003866457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986b00af29cfa8902021-12-22 11:52:09.693root 11241100x80000000000000003866458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd43e426de596f22021-12-22 11:52:09.693root 11241100x80000000000000003866459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb289c13bfb98d52021-12-22 11:52:09.693root 11241100x80000000000000003866460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5c125d6d9ce16f2021-12-22 11:52:09.693root 11241100x80000000000000003866461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364df41e83a6c08c2021-12-22 11:52:09.694root 11241100x80000000000000003866462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d247015ac7f0de812021-12-22 11:52:09.694root 11241100x80000000000000003866463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515a49028c0b81782021-12-22 11:52:09.694root 11241100x80000000000000003866464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73605a8ae547b9822021-12-22 11:52:09.694root 11241100x80000000000000003866465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5831663a120c7a4e2021-12-22 11:52:09.694root 11241100x80000000000000003866466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50aaa866c3c6d6cd2021-12-22 11:52:09.694root 11241100x80000000000000003866467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04898313c39b0bf32021-12-22 11:52:09.694root 11241100x80000000000000003866468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91e57f4a90785b32021-12-22 11:52:09.695root 11241100x80000000000000003866469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e54123cab8061592021-12-22 11:52:09.695root 11241100x80000000000000003866470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92222704000daf02021-12-22 11:52:09.695root 11241100x80000000000000003866471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a94880de1c63ae12021-12-22 11:52:09.695root 11241100x80000000000000003866472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0686124596cb1d802021-12-22 11:52:09.695root 11241100x80000000000000003866473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4dd5eb0515ea5e72021-12-22 11:52:09.695root 11241100x80000000000000003866474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3865544f22db8dce2021-12-22 11:52:09.695root 11241100x80000000000000003866475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8622c11518925d2021-12-22 11:52:09.695root 11241100x80000000000000003866476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49082c25aa8ad7d92021-12-22 11:52:09.696root 11241100x80000000000000003866477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd221b27ba960822021-12-22 11:52:09.696root 11241100x80000000000000003866478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0b32a4a1c30e892021-12-22 11:52:09.696root 11241100x80000000000000003866479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11d111196d307302021-12-22 11:52:09.696root 11241100x80000000000000003866480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ea6b5e8c3e88072021-12-22 11:52:09.696root 11241100x80000000000000003866481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1ec2389dd94d0a2021-12-22 11:52:09.696root 11241100x80000000000000003866482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7453f264abe62c52021-12-22 11:52:09.697root 11241100x80000000000000003866483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8c52fb146349f62021-12-22 11:52:09.697root 11241100x80000000000000003866484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760d98f2234735b02021-12-22 11:52:09.697root 11241100x80000000000000003866485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c927cbc99c94052021-12-22 11:52:09.697root 11241100x80000000000000003866486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dbb7e1af471e9e42021-12-22 11:52:09.697root 11241100x80000000000000003866487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd66e095dd2a46c2021-12-22 11:52:09.697root 11241100x80000000000000003866488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcd2330054367892021-12-22 11:52:09.698root 11241100x80000000000000003866489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a05f9f0fcd040502021-12-22 11:52:09.698root 11241100x80000000000000003866490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02862cc20cbf629f2021-12-22 11:52:09.698root 11241100x80000000000000003866491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a14e9509310a1b2021-12-22 11:52:09.698root 11241100x80000000000000003866492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738151f0652fefe22021-12-22 11:52:09.698root 11241100x80000000000000003866493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84aa7001b9de507c2021-12-22 11:52:09.698root 11241100x80000000000000003866494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d190115e417669f2021-12-22 11:52:09.698root 11241100x80000000000000003866495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6e70ee54f5f4772021-12-22 11:52:09.698root 11241100x80000000000000003866496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:09.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b6c6b2345276bc2021-12-22 11:52:09.699root 11241100x80000000000000003866497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a18e03a600fa002021-12-22 11:52:10.193root 11241100x80000000000000003866498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b913dac584c963042021-12-22 11:52:10.194root 11241100x80000000000000003866499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91a5e7a76c5dd842021-12-22 11:52:10.194root 11241100x80000000000000003866500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1aa7d96d2ab2e52021-12-22 11:52:10.194root 11241100x80000000000000003866501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58470baf705e29b2021-12-22 11:52:10.194root 11241100x80000000000000003866502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ff98e9330924dc2021-12-22 11:52:10.194root 11241100x80000000000000003866503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3578386f6ca450872021-12-22 11:52:10.194root 11241100x80000000000000003866504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f832d9635e31edda2021-12-22 11:52:10.194root 11241100x80000000000000003866505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba73690e4c647cc2021-12-22 11:52:10.194root 11241100x80000000000000003866506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe51ddc3bf21fdd2021-12-22 11:52:10.194root 11241100x80000000000000003866507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f850a9ca57438212021-12-22 11:52:10.195root 11241100x80000000000000003866508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149b7432487a04dd2021-12-22 11:52:10.195root 11241100x80000000000000003866509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a6731ba14a953d2021-12-22 11:52:10.195root 11241100x80000000000000003866510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb4e42a4b13c5932021-12-22 11:52:10.195root 11241100x80000000000000003866511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109abb2b25b671ce2021-12-22 11:52:10.195root 11241100x80000000000000003866512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3959f5174f736dd92021-12-22 11:52:10.195root 11241100x80000000000000003866513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d26e814c14104412021-12-22 11:52:10.195root 11241100x80000000000000003866514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda6a3b03f46b7c92021-12-22 11:52:10.195root 11241100x80000000000000003866515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa02f1956845fc12021-12-22 11:52:10.195root 11241100x80000000000000003866516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7e4063eed79b1e2021-12-22 11:52:10.195root 11241100x80000000000000003866517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d15abb514fe5a22021-12-22 11:52:10.196root 11241100x80000000000000003866518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884a93b061d890a72021-12-22 11:52:10.196root 11241100x80000000000000003866519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7de075f8d87d88d2021-12-22 11:52:10.196root 11241100x80000000000000003866520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19683f5ad14ecb282021-12-22 11:52:10.196root 11241100x80000000000000003866521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87671e553e0b6ccf2021-12-22 11:52:10.196root 11241100x80000000000000003866522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66fdafd61cf472d72021-12-22 11:52:10.196root 11241100x80000000000000003866523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a6d4e07c1390092021-12-22 11:52:10.196root 11241100x80000000000000003866524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239f23e71372647c2021-12-22 11:52:10.196root 11241100x80000000000000003866525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f6773659bfdb6f2021-12-22 11:52:10.196root 11241100x80000000000000003866526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632ec58563efe9d52021-12-22 11:52:10.196root 11241100x80000000000000003866527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6d1bc2035fde132021-12-22 11:52:10.197root 11241100x80000000000000003866528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9e08351502816c2021-12-22 11:52:10.197root 11241100x80000000000000003866529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963806e1342db91b2021-12-22 11:52:10.197root 11241100x80000000000000003866530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585a025d5a9b51d12021-12-22 11:52:10.197root 154100x80000000000000003866531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.405{ec2b6afe-116a-61c3-f4a8-4f0000000000}19128/usr/bin/x86_64-linux-gnu-gcc-7-----gcc run_dllhook.c -o run_dllhook/home/ubuntuubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 11241100x80000000000000003866532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.406{ec2b6afe-116a-61c3-f4a8-4f0000000000}19128/usr/bin/x86_64-linux-gnu-gcc-7/tmp/ccypacY2.s2021-12-22 11:52:10.406ubuntu 154100x80000000000000003866533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.406{ec2b6afe-116a-61c3-7ca6-a50100000000}19129/usr/lib/gcc/x86_64-linux-gnu/7/cc1-----/usr/lib/gcc/x86_64-linux-gnu/7/cc1 -quiet -imultiarch x86_64-linux-gnu run_dllhook.c -quiet -dumpbase run_dllhook.c -mtune=generic -march=x86-64 -auxbase run_dllhook -fstack-protector-strong -Wformat -Wformat-security -o /tmp/ccypacY2.s/home/ubuntuubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-116a-61c3-f4a8-4f0000000000}19128/usr/bin/x86_64-linux-gnu-gcc-7gccubuntu 534500x80000000000000003866534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.440{ec2b6afe-116a-61c3-7ca6-a50100000000}19129/usr/lib/gcc/x86_64-linux-gnu/7/cc1ubuntu 11241100x80000000000000003866535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.440{ec2b6afe-116a-61c3-f4a8-4f0000000000}19128/usr/bin/x86_64-linux-gnu-gcc-7/tmp/cci1Q3Cr.o2021-12-22 11:52:10.440ubuntu 154100x80000000000000003866536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.440{ec2b6afe-116a-61c3-286b-d9ed82550000}19130/usr/bin/x86_64-linux-gnu-as-----as --64 -o /tmp/cci1Q3Cr.o /tmp/ccypacY2.s/home/ubuntuubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-116a-61c3-f4a8-4f0000000000}19128/usr/bin/x86_64-linux-gnu-gcc-7gccubuntu 534500x80000000000000003866537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.449{ec2b6afe-116a-61c3-286b-d9ed82550000}19130/usr/bin/x86_64-linux-gnu-asubuntu 11241100x80000000000000003866538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.449{ec2b6afe-116a-61c3-f4a8-4f0000000000}19128/usr/bin/x86_64-linux-gnu-gcc-7/tmp/cceBfvjQ.res2021-12-22 11:52:10.449ubuntu 11241100x80000000000000003866539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c122c26038d6492021-12-22 11:52:10.449root 154100x80000000000000003866540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.449{ec2b6afe-116a-61c3-5ca1-480000000000}19131/usr/lib/gcc/x86_64-linux-gnu/7/collect2-----/usr/lib/gcc/x86_64-linux-gnu/7/collect2 -plugin /usr/lib/gcc/x86_64-linux-gnu/7/liblto_plugin.so -plugin-opt=/usr/lib/gcc/x86_64-linux-gnu/7/lto-wrapper -plugin-opt=-fresolution=/tmp/cceBfvjQ.res -plugin-opt=-pass-through=-lgcc -plugin-opt=-pass-through=-lgcc_s -plugin-opt=-pass-through=-lc -plugin-opt=-pass-through=-lgcc -plugin-opt=-pass-through=-lgcc_s --build-id --eh-frame-hdr -m elf_x86_64 --hash-style=gnu --as-needed -dynamic-linker /lib64/ld-linux-x86-64.so.2 -pie -z now -z relro -o run_dllhook /usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/Scrt1.o /usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/crti.o /usr/lib/gcc/x86_64-linux-gnu/7/crtbeginS.o -L/usr/lib/gcc/x86_64-linux-gnu/7 -L/usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu -L/usr/lib/gcc/x86_64-linux-gnu/7/../../../../lib -L/lib/x86_64-linux-gnu -L/lib/../lib -L/usr/lib/x86_64-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/x86_64-linux-gnu/7/../../.. /tmp/cci1Q3Cr.o -lgcc --push-state --as-needed -lgcc_s --pop-state -lc -lgcc --push-state --as-needed -lgcc_s --pop-state /usr/lib/gcc/x86_64-linux-gnu/7/crtendS.o /usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/crtn.o/home/ubuntuubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-116a-61c3-f4a8-4f0000000000}19128/usr/bin/x86_64-linux-gnu-gcc-7gccubuntu 11241100x80000000000000003866541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b734f67f80c1852021-12-22 11:52:10.450root 11241100x80000000000000003866542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d92af748a2affa2021-12-22 11:52:10.450root 11241100x80000000000000003866543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3820f65912b3e76c2021-12-22 11:52:10.450root 11241100x80000000000000003866544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba604091e6cd3b1d2021-12-22 11:52:10.450root 11241100x80000000000000003866545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.451{ec2b6afe-116a-61c3-5ca1-480000000000}19131/usr/lib/gcc/x86_64-linux-gnu/7/collect2/tmp/ccXywKW3.c2021-12-22 11:52:10.451ubuntu 11241100x80000000000000003866546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.451{ec2b6afe-116a-61c3-5ca1-480000000000}19131/usr/lib/gcc/x86_64-linux-gnu/7/collect2/tmp/ccMZwtDs.o2021-12-22 11:52:10.451ubuntu 11241100x80000000000000003866547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.451{ec2b6afe-116a-61c3-5ca1-480000000000}19131/usr/lib/gcc/x86_64-linux-gnu/7/collect2/tmp/ccjeEckR.ld2021-12-22 11:52:10.451ubuntu 11241100x80000000000000003866548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.451{ec2b6afe-116a-61c3-5ca1-480000000000}19131/usr/lib/gcc/x86_64-linux-gnu/7/collect2/tmp/ccAk5V0f.le2021-12-22 11:52:10.451ubuntu 11241100x80000000000000003866549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.451{ec2b6afe-116a-61c3-5ca1-480000000000}19131/usr/lib/gcc/x86_64-linux-gnu/7/collect2/tmp/ccjeEckR.ld2021-12-22 11:52:10.451ubuntu 11241100x80000000000000003866550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.451{ec2b6afe-116a-61c3-5ca1-480000000000}19131/usr/lib/gcc/x86_64-linux-gnu/7/collect2/tmp/ccAk5V0f.le2021-12-22 11:52:10.451ubuntu 154100x80000000000000003866551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.451{ec2b6afe-116a-61c3-10eb-3f461f560000}19132/usr/bin/x86_64-linux-gnu-ld.bfd-----/usr/bin/ld -plugin /usr/lib/gcc/x86_64-linux-gnu/7/liblto_plugin.so -plugin-opt=/usr/lib/gcc/x86_64-linux-gnu/7/lto-wrapper -plugin-opt=-fresolution=/tmp/cceBfvjQ.res -plugin-opt=-pass-through=-lgcc -plugin-opt=-pass-through=-lgcc_s -plugin-opt=-pass-through=-lc -plugin-opt=-pass-through=-lgcc -plugin-opt=-pass-through=-lgcc_s --build-id --eh-frame-hdr -m elf_x86_64 --hash-style=gnu --as-needed -dynamic-linker /lib64/ld-linux-x86-64.so.2 -pie -z now -z relro -o run_dllhook /usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/Scrt1.o /usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/crti.o /usr/lib/gcc/x86_64-linux-gnu/7/crtbeginS.o -L/usr/lib/gcc/x86_64-linux-gnu/7 -L/usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu -L/usr/lib/gcc/x86_64-linux-gnu/7/../../../../lib -L/lib/x86_64-linux-gnu -L/lib/../lib -L/usr/lib/x86_64-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/x86_64-linux-gnu/7/../../.. /tmp/cci1Q3Cr.o -lgcc --push-state --as-needed -lgcc_s --pop-state -lc -lgcc --push-state --as-needed -lgcc_s --pop-state /usr/lib/gcc/x86_64-linux-gnu/7/crtendS.o /usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/crtn.o/home/ubuntuubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-116a-61c3-5ca1-480000000000}19131/usr/lib/gcc/x86_64-linux-gnu/7/collect2/usr/lib/gcc/x86_64-linux-gnu/7/collect2ubuntu 11241100x80000000000000003866552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749c2ad028b08dd32021-12-22 11:52:10.451root 11241100x80000000000000003866553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31c68a3b812dd332021-12-22 11:52:10.452root 11241100x80000000000000003866554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c7db70ea84bd122021-12-22 11:52:10.452root 11241100x80000000000000003866555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517c827ab5bb584b2021-12-22 11:52:10.452root 11241100x80000000000000003866556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa78b2034e5cd7062021-12-22 11:52:10.452root 11241100x80000000000000003866557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5aef25fa50df1a2021-12-22 11:52:10.452root 11241100x80000000000000003866558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ae5137344349d22021-12-22 11:52:10.452root 11241100x80000000000000003866559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1d59d0fb84b1cd2021-12-22 11:52:10.452root 11241100x80000000000000003866560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75227cdb71d568b02021-12-22 11:52:10.452root 11241100x80000000000000003866561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164032a09ac07f942021-12-22 11:52:10.453root 11241100x80000000000000003866562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388980fe432d63562021-12-22 11:52:10.453root 11241100x80000000000000003866563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b01e07dc6706dac2021-12-22 11:52:10.453root 11241100x80000000000000003866564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec274c6e0feb2a52021-12-22 11:52:10.453root 11241100x80000000000000003866565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67633cdec0359922021-12-22 11:52:10.453root 11241100x80000000000000003866566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e28635c52ae70b2021-12-22 11:52:10.453root 11241100x80000000000000003866567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da4bfa07bf6434f2021-12-22 11:52:10.453root 11241100x80000000000000003866568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791cef4995c9ffdd2021-12-22 11:52:10.453root 11241100x80000000000000003866569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26dca2169e2d13db2021-12-22 11:52:10.453root 11241100x80000000000000003866570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0292969a4298f1f2021-12-22 11:52:10.453root 11241100x80000000000000003866571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fec46c0f0887052021-12-22 11:52:10.453root 11241100x80000000000000003866572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0603d5e68c67c7b62021-12-22 11:52:10.453root 11241100x80000000000000003866573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14ab91422f4d7d52021-12-22 11:52:10.453root 11241100x80000000000000003866574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f547f876b69457d42021-12-22 11:52:10.453root 11241100x80000000000000003866575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adaecf1fb12a2d572021-12-22 11:52:10.454root 11241100x80000000000000003866576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627ca809b5f3bb252021-12-22 11:52:10.454root 11241100x80000000000000003866577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0befc1f1ee94bbe32021-12-22 11:52:10.454root 11241100x80000000000000003866578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73fcdfe675f15852021-12-22 11:52:10.454root 11241100x80000000000000003866579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9ebae5040e50e52021-12-22 11:52:10.454root 11241100x80000000000000003866580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f189473f97f51692021-12-22 11:52:10.454root 11241100x80000000000000003866581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc6b489815b84712021-12-22 11:52:10.454root 11241100x80000000000000003866582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.454{ec2b6afe-116a-61c3-10eb-3f461f560000}19132/usr/bin/x86_64-linux-gnu-ld.bfd/home/ubuntu/run_dllhook2021-12-22 11:52:10.454ubuntu 11241100x80000000000000003866583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155400610e4a94e92021-12-22 11:52:10.454root 11241100x80000000000000003866584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf4ed9ff6f19aa52021-12-22 11:52:10.454root 11241100x80000000000000003866585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a124a85dd9c4309e2021-12-22 11:52:10.454root 11241100x80000000000000003866586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad090e016229cb12021-12-22 11:52:10.454root 11241100x80000000000000003866587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b133fde9b5febb42021-12-22 11:52:10.454root 11241100x80000000000000003866588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7068bbcc6c21ac12021-12-22 11:52:10.454root 11241100x80000000000000003866589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30586be270a6f6852021-12-22 11:52:10.454root 11241100x80000000000000003866590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a69a20ecaa7c172021-12-22 11:52:10.454root 11241100x80000000000000003866591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f00ed59146bc172021-12-22 11:52:10.454root 11241100x80000000000000003866592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050317f2ac258b1a2021-12-22 11:52:10.455root 11241100x80000000000000003866593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5cc29c7e076be02021-12-22 11:52:10.455root 11241100x80000000000000003866594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2c5a5b764bb1552021-12-22 11:52:10.455root 11241100x80000000000000003866595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f41daeea3bcd712021-12-22 11:52:10.455root 11241100x80000000000000003866596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a48b339f82dc882021-12-22 11:52:10.455root 11241100x80000000000000003866597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac11f2b27f9942f42021-12-22 11:52:10.455root 11241100x80000000000000003866598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306c2508e124df2d2021-12-22 11:52:10.455root 11241100x80000000000000003866599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ace53ce0bc2d062021-12-22 11:52:10.455root 11241100x80000000000000003866600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2384eb8809e965b2021-12-22 11:52:10.455root 11241100x80000000000000003866601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4cf5cccd6d9a7692021-12-22 11:52:10.455root 11241100x80000000000000003866602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a90bfbeef0f7642021-12-22 11:52:10.455root 11241100x80000000000000003866603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d320e9bee54fdd92021-12-22 11:52:10.455root 11241100x80000000000000003866604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904e1d17da9043632021-12-22 11:52:10.455root 11241100x80000000000000003866605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d91e5bfd0fd25a82021-12-22 11:52:10.455root 11241100x80000000000000003866606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da98abf2eb75ab0b2021-12-22 11:52:10.456root 11241100x80000000000000003866607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97347975dac5453c2021-12-22 11:52:10.456root 11241100x80000000000000003866608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c2abdcff658de22021-12-22 11:52:10.456root 11241100x80000000000000003866609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4dac9fe9e9f59e2021-12-22 11:52:10.456root 11241100x80000000000000003866610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63424d2442c68c062021-12-22 11:52:10.456root 11241100x80000000000000003866611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5bfd4c8ebeab672021-12-22 11:52:10.456root 11241100x80000000000000003866612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d24fe92c4644ff2021-12-22 11:52:10.456root 11241100x80000000000000003866613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c5ca3bc809758f2021-12-22 11:52:10.456root 11241100x80000000000000003866614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b6e35a76a8929a2021-12-22 11:52:10.456root 11241100x80000000000000003866615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b477a3a076b9ad2021-12-22 11:52:10.456root 11241100x80000000000000003866616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ad8b02f69c1c902021-12-22 11:52:10.456root 11241100x80000000000000003866617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5324d167d57e727d2021-12-22 11:52:10.456root 11241100x80000000000000003866618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd22c9aae84a6f12021-12-22 11:52:10.456root 11241100x80000000000000003866619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195bef4eec3c9b052021-12-22 11:52:10.457root 11241100x80000000000000003866620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5543f42cea7671e2021-12-22 11:52:10.457root 11241100x80000000000000003866621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6f8a78ed3675e22021-12-22 11:52:10.457root 11241100x80000000000000003866622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e738764e7ee838542021-12-22 11:52:10.457root 11241100x80000000000000003866623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05de616bf05b9e3e2021-12-22 11:52:10.457root 11241100x80000000000000003866624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af3ea273ca218122021-12-22 11:52:10.457root 11241100x80000000000000003866625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1faee678db4137e12021-12-22 11:52:10.457root 11241100x80000000000000003866626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52cfe7289bfb1d542021-12-22 11:52:10.457root 11241100x80000000000000003866627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0474e70dc5ea5a302021-12-22 11:52:10.457root 11241100x80000000000000003866628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d26343411737092021-12-22 11:52:10.457root 11241100x80000000000000003866629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b0b68f5acc20752021-12-22 11:52:10.457root 11241100x80000000000000003866630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7954d7de78c4b2d02021-12-22 11:52:10.457root 11241100x80000000000000003866631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5734981d1c53ea492021-12-22 11:52:10.457root 11241100x80000000000000003866632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5e29ba203931ea2021-12-22 11:52:10.457root 11241100x80000000000000003866633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3967028d467de8e22021-12-22 11:52:10.457root 11241100x80000000000000003866634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3b81a66d4e210a2021-12-22 11:52:10.458root 11241100x80000000000000003866635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf2d5126843c2ce2021-12-22 11:52:10.458root 11241100x80000000000000003866636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9be12f77c4b1aad2021-12-22 11:52:10.458root 11241100x80000000000000003866637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ae5738421503f12021-12-22 11:52:10.458root 11241100x80000000000000003866638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e08fb2bdae21392021-12-22 11:52:10.458root 11241100x80000000000000003866639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70afbe975360b8822021-12-22 11:52:10.459root 11241100x80000000000000003866640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c89b64d2695bf982021-12-22 11:52:10.459root 11241100x80000000000000003866641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429a0faeb218c5ab2021-12-22 11:52:10.459root 11241100x80000000000000003866642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927cb4e9d9f6038b2021-12-22 11:52:10.459root 11241100x80000000000000003866643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b341def220f47efa2021-12-22 11:52:10.459root 11241100x80000000000000003866644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2cff69c1eff0c72021-12-22 11:52:10.460root 11241100x80000000000000003866645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e316afaf0b47512021-12-22 11:52:10.460root 11241100x80000000000000003866646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520d16903c30d4fa2021-12-22 11:52:10.460root 11241100x80000000000000003866647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d17a1834ad07a82021-12-22 11:52:10.460root 11241100x80000000000000003866648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f473b5d9a973ee2021-12-22 11:52:10.460root 11241100x80000000000000003866649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1f3a85e76a18f52021-12-22 11:52:10.460root 11241100x80000000000000003866650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd417d97fe2a8d82021-12-22 11:52:10.460root 11241100x80000000000000003866651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380bccfe8649c53f2021-12-22 11:52:10.461root 11241100x80000000000000003866652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20b67924ef461c12021-12-22 11:52:10.461root 11241100x80000000000000003866653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391bcf26927f615b2021-12-22 11:52:10.461root 11241100x80000000000000003866654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce62bcd045e58a782021-12-22 11:52:10.461root 11241100x80000000000000003866655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64c7fb61df63f012021-12-22 11:52:10.461root 11241100x80000000000000003866656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0386bc97b4c17a2021-12-22 11:52:10.461root 11241100x80000000000000003866657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5efe0771505f4b2021-12-22 11:52:10.461root 11241100x80000000000000003866658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b1413d703a42f52021-12-22 11:52:10.461root 11241100x80000000000000003866659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815a193bc32583cf2021-12-22 11:52:10.461root 11241100x80000000000000003866660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7225f9e8f4c3c10b2021-12-22 11:52:10.462root 11241100x80000000000000003866661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07da2e5441544ca62021-12-22 11:52:10.462root 11241100x80000000000000003866662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5ed4c443ee2c522021-12-22 11:52:10.462root 11241100x80000000000000003866663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aedd9e68f9cb46f2021-12-22 11:52:10.462root 11241100x80000000000000003866664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee07dcb8d13361ae2021-12-22 11:52:10.462root 11241100x80000000000000003866665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274bedf4ad2b05242021-12-22 11:52:10.462root 11241100x80000000000000003866666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094fbe1be29a39f22021-12-22 11:52:10.462root 11241100x80000000000000003866667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37086285e2d36e212021-12-22 11:52:10.462root 11241100x80000000000000003866668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1bbb0df86fb74e42021-12-22 11:52:10.462root 11241100x80000000000000003866669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef8f52e90f50c3c2021-12-22 11:52:10.462root 11241100x80000000000000003866670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31834b52a5800ec82021-12-22 11:52:10.463root 11241100x80000000000000003866671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a0e4669df939a92021-12-22 11:52:10.463root 11241100x80000000000000003866672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f008edaa3946602021-12-22 11:52:10.463root 11241100x80000000000000003866673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0465f7b89ca279f2021-12-22 11:52:10.463root 11241100x80000000000000003866674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d60e51ddcca1722021-12-22 11:52:10.463root 11241100x80000000000000003866675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3fedac70ee9d892021-12-22 11:52:10.463root 11241100x80000000000000003866676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d69267a914a134b2021-12-22 11:52:10.463root 534500x80000000000000003866677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.487{ec2b6afe-116a-61c3-10eb-3f461f560000}19132/usr/bin/x86_64-linux-gnu-ld.bfdubuntu 23542300x80000000000000003866678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.488{ec2b6afe-116a-61c3-5ca1-480000000000}19131ubuntu/usr/lib/gcc/x86_64-linux-gnu/7/collect2/tmp/ccjeEckR.ld--- 23542300x80000000000000003866679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.488{ec2b6afe-116a-61c3-5ca1-480000000000}19131ubuntu/usr/lib/gcc/x86_64-linux-gnu/7/collect2/tmp/ccAk5V0f.le--- 23542300x80000000000000003866680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.488{ec2b6afe-116a-61c3-5ca1-480000000000}19131ubuntu/usr/lib/gcc/x86_64-linux-gnu/7/collect2/tmp/ccXywKW3.c--- 23542300x80000000000000003866681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.488{ec2b6afe-116a-61c3-5ca1-480000000000}19131ubuntu/usr/lib/gcc/x86_64-linux-gnu/7/collect2/tmp/ccMZwtDs.o--- 534500x80000000000000003866682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.488{ec2b6afe-116a-61c3-5ca1-480000000000}19131/usr/lib/gcc/x86_64-linux-gnu/7/collect2ubuntu 23542300x80000000000000003866683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.488{ec2b6afe-116a-61c3-f4a8-4f0000000000}19128ubuntu/usr/bin/x86_64-linux-gnu-gcc-7/tmp/cceBfvjQ.res--- 23542300x80000000000000003866684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.488{ec2b6afe-116a-61c3-f4a8-4f0000000000}19128ubuntu/usr/bin/x86_64-linux-gnu-gcc-7/tmp/cci1Q3Cr.o--- 23542300x80000000000000003866685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.488{ec2b6afe-116a-61c3-f4a8-4f0000000000}19128ubuntu/usr/bin/x86_64-linux-gnu-gcc-7/tmp/ccypacY2.s--- 534500x80000000000000003866686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.488{ec2b6afe-116a-61c3-f4a8-4f0000000000}19128/usr/bin/x86_64-linux-gnu-gcc-7ubuntu 11241100x80000000000000003866687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b8e8952a74d8ec2021-12-22 11:52:10.943root 11241100x80000000000000003866688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548f7bb5c7aaa9af2021-12-22 11:52:10.943root 11241100x80000000000000003866689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43bd880e5984e552021-12-22 11:52:10.943root 11241100x80000000000000003866690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ee82d08f5e2fda2021-12-22 11:52:10.944root 11241100x80000000000000003866691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e619c87c0b6c2dd2021-12-22 11:52:10.944root 11241100x80000000000000003866692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc536f9eaa88b91c2021-12-22 11:52:10.944root 11241100x80000000000000003866693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b28b2e2e0aaa662021-12-22 11:52:10.944root 11241100x80000000000000003866694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cce162e77ab0b4a2021-12-22 11:52:10.944root 11241100x80000000000000003866695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828a30e363bb16572021-12-22 11:52:10.944root 11241100x80000000000000003866696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f075b08a44d6772021-12-22 11:52:10.944root 11241100x80000000000000003866697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bac15cf6ff866e02021-12-22 11:52:10.944root 11241100x80000000000000003866698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d876dc3dd5a4fe0b2021-12-22 11:52:10.945root 11241100x80000000000000003866699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f641c813807d261e2021-12-22 11:52:10.945root 11241100x80000000000000003866700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7c327ab816ef7a2021-12-22 11:52:10.945root 11241100x80000000000000003866701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad116e3aebf75a742021-12-22 11:52:10.945root 11241100x80000000000000003866702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf70ffce89456912021-12-22 11:52:10.945root 11241100x80000000000000003866703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980fc3d8b62be17c2021-12-22 11:52:10.946root 11241100x80000000000000003866704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e22bf30c2f47c302021-12-22 11:52:10.946root 11241100x80000000000000003866705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfdd7b72c4064f232021-12-22 11:52:10.946root 11241100x80000000000000003866706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ec9aeeb6872aab2021-12-22 11:52:10.946root 11241100x80000000000000003866707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1776692d294842c82021-12-22 11:52:10.947root 11241100x80000000000000003866708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bfbe7b79a6227c82021-12-22 11:52:10.947root 11241100x80000000000000003866709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a46782967e161d62021-12-22 11:52:10.947root 11241100x80000000000000003866710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9422739aec757b142021-12-22 11:52:10.947root 11241100x80000000000000003866711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16bed844a96295c92021-12-22 11:52:10.947root 11241100x80000000000000003866712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b418b1e4d993e22021-12-22 11:52:10.948root 11241100x80000000000000003866713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff5f18cc6923fcd2021-12-22 11:52:10.948root 11241100x80000000000000003866714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967b1f8f6f66130a2021-12-22 11:52:10.948root 11241100x80000000000000003866715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f789bd5b54f88dae2021-12-22 11:52:10.948root 11241100x80000000000000003866716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a0ef06d135964d2021-12-22 11:52:10.948root 11241100x80000000000000003866717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd55e1c476d96802021-12-22 11:52:10.949root 11241100x80000000000000003866718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038b4e53f3865a9d2021-12-22 11:52:10.949root 11241100x80000000000000003866719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f80ebfb1d6e05f2021-12-22 11:52:10.949root 11241100x80000000000000003866720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118554aae8027a942021-12-22 11:52:10.949root 11241100x80000000000000003866721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57cee9859a43130f2021-12-22 11:52:10.949root 11241100x80000000000000003866722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032c2193c431b3c92021-12-22 11:52:10.949root 11241100x80000000000000003866723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74ffabdedb05d1a2021-12-22 11:52:10.949root 11241100x80000000000000003866724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cc599f6416e55c2021-12-22 11:52:10.949root 11241100x80000000000000003866725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b40fe27d6d501802021-12-22 11:52:10.950root 11241100x80000000000000003866726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95656593fd3ffc592021-12-22 11:52:10.950root 11241100x80000000000000003866727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52170cfed0a493a12021-12-22 11:52:10.950root 11241100x80000000000000003866728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55706877e61a6eb02021-12-22 11:52:10.950root 11241100x80000000000000003866729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d86ae69619e02212021-12-22 11:52:10.950root 11241100x80000000000000003866730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c909e84bf69b722021-12-22 11:52:10.950root 11241100x80000000000000003866731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3759c12fd12fc04a2021-12-22 11:52:10.950root 11241100x80000000000000003866732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f313ab3324aa2862021-12-22 11:52:10.950root 11241100x80000000000000003866733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627ec84d7717385b2021-12-22 11:52:10.951root 11241100x80000000000000003866734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920b7e18c5c07b982021-12-22 11:52:10.951root 11241100x80000000000000003866735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c44b18aa2bcb602021-12-22 11:52:10.951root 11241100x80000000000000003866736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb491575b8ebb5f2021-12-22 11:52:10.951root 11241100x80000000000000003866737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3889cdfffd75b0d72021-12-22 11:52:10.951root 11241100x80000000000000003866738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38fd34f0674464e12021-12-22 11:52:10.951root 11241100x80000000000000003866739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23179957f5ce0f692021-12-22 11:52:10.951root 11241100x80000000000000003866740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fceae4e8cb90ca1b2021-12-22 11:52:10.951root 11241100x80000000000000003866741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88807aea9cc6db152021-12-22 11:52:10.951root 11241100x80000000000000003866742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be63d6d946376d552021-12-22 11:52:10.952root 11241100x80000000000000003866743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63380236206fbb82021-12-22 11:52:10.952root 11241100x80000000000000003866744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe394ee32e106672021-12-22 11:52:10.952root 11241100x80000000000000003866745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f25d64ad7c2c112021-12-22 11:52:10.952root 11241100x80000000000000003866746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bdfacdc70b7ca002021-12-22 11:52:10.952root 11241100x80000000000000003866747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9b9521ea3b269e2021-12-22 11:52:10.952root 11241100x80000000000000003866748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.babc54643641bbb62021-12-22 11:52:10.952root 11241100x80000000000000003866749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19ee7a81267fbb32021-12-22 11:52:10.952root 11241100x80000000000000003866750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b542b83093ce4d2021-12-22 11:52:10.952root 11241100x80000000000000003866751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb07c8c383ed56ad2021-12-22 11:52:10.952root 11241100x80000000000000003866752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9881a09de0cdfde2021-12-22 11:52:10.952root 11241100x80000000000000003866753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0a8839549502942021-12-22 11:52:10.953root 11241100x80000000000000003866754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded45ffe3624334a2021-12-22 11:52:10.953root 11241100x80000000000000003866755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c38d6f1303ad2d12021-12-22 11:52:10.953root 11241100x80000000000000003866756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1d8934a5acf4492021-12-22 11:52:10.953root 11241100x80000000000000003866757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef6784fb161611e2021-12-22 11:52:10.953root 11241100x80000000000000003866758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea44714b4d52bf192021-12-22 11:52:10.953root 11241100x80000000000000003866759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b7ccb697f34bc12021-12-22 11:52:10.953root 11241100x80000000000000003866760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0a06e8c8d5b7ef2021-12-22 11:52:10.953root 11241100x80000000000000003866761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50caef52a5273c122021-12-22 11:52:10.953root 11241100x80000000000000003866762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e064e3dc9a23e1e2021-12-22 11:52:10.954root 11241100x80000000000000003866763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5554eb87fa6cbdbd2021-12-22 11:52:10.954root 11241100x80000000000000003866764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb4be99750e29682021-12-22 11:52:10.954root 11241100x80000000000000003866765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6fe28e0c9828252021-12-22 11:52:10.954root 11241100x80000000000000003866766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94050f95bac5d1e92021-12-22 11:52:10.954root 11241100x80000000000000003866767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25621e8ebcf5eb652021-12-22 11:52:10.954root 11241100x80000000000000003866768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d88da92d29a7ad2021-12-22 11:52:10.954root 11241100x80000000000000003866769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b175c7f4cabdbbf2021-12-22 11:52:10.954root 11241100x80000000000000003866770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92529b8edf1f07512021-12-22 11:52:10.954root 11241100x80000000000000003866771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9a04be1f2a49f02021-12-22 11:52:10.955root 11241100x80000000000000003866772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b08dcd41c79b352021-12-22 11:52:10.955root 11241100x80000000000000003866773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a04440fd374c3082021-12-22 11:52:10.955root 11241100x80000000000000003866774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377d3eb3598c84ed2021-12-22 11:52:10.955root 11241100x80000000000000003866775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16d35bd14ffa23a2021-12-22 11:52:10.955root 11241100x80000000000000003866776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d296e5bc35a067de2021-12-22 11:52:10.955root 11241100x80000000000000003866777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db67d3dba2f1a2472021-12-22 11:52:10.955root 11241100x80000000000000003866778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746202d772c973732021-12-22 11:52:10.955root 11241100x80000000000000003866779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33600eabbcc8542d2021-12-22 11:52:10.955root 11241100x80000000000000003866780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e575cced809678c2021-12-22 11:52:10.955root 11241100x80000000000000003866781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90df72cf208e2ba2021-12-22 11:52:10.956root 11241100x80000000000000003866782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0caa30d8321a782c2021-12-22 11:52:10.956root 11241100x80000000000000003866783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b07901a2342e8a2021-12-22 11:52:10.956root 11241100x80000000000000003866784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2936c03ceb1a81bd2021-12-22 11:52:10.956root 11241100x80000000000000003866785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19935343714c1f1c2021-12-22 11:52:10.956root 11241100x80000000000000003866786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9e4de9f25081be2021-12-22 11:52:10.956root 11241100x80000000000000003866787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad98eb848de2138c2021-12-22 11:52:10.956root 11241100x80000000000000003866788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65aecedfc283ac62021-12-22 11:52:10.956root 11241100x80000000000000003866789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def7e7c4034cdd0f2021-12-22 11:52:10.956root 11241100x80000000000000003866790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee46ab8349038f7b2021-12-22 11:52:10.956root 11241100x80000000000000003866791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08cb6f491cf294e2021-12-22 11:52:10.956root 11241100x80000000000000003866792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b886f2a75e875cbe2021-12-22 11:52:10.956root 11241100x80000000000000003866793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db590d0965fcc802021-12-22 11:52:10.957root 11241100x80000000000000003866794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4130cdaf996d3e722021-12-22 11:52:10.957root 11241100x80000000000000003866795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3135a2ddeed633aa2021-12-22 11:52:10.957root 11241100x80000000000000003866796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492bd7cbfcc482b32021-12-22 11:52:10.957root 11241100x80000000000000003866797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317150abec62869b2021-12-22 11:52:10.957root 11241100x80000000000000003866798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d64e9e09673491d2021-12-22 11:52:10.957root 11241100x80000000000000003866799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac57624239731b752021-12-22 11:52:10.957root 11241100x80000000000000003866800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4877f8c4aa5a1d92021-12-22 11:52:10.957root 11241100x80000000000000003866801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d375efe187769d2f2021-12-22 11:52:10.957root 11241100x80000000000000003866802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a227ea740c81e792021-12-22 11:52:10.957root 11241100x80000000000000003866803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aebc72cbac921ba2021-12-22 11:52:10.957root 11241100x80000000000000003866804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4c4eb2c59d8a952021-12-22 11:52:10.957root 11241100x80000000000000003866805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a024110b0eaa45a52021-12-22 11:52:10.958root 11241100x80000000000000003866806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99f0b0eedec1e322021-12-22 11:52:10.958root 11241100x80000000000000003866807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366ae12822a4021f2021-12-22 11:52:10.958root 11241100x80000000000000003866808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c296d0e0779a5462021-12-22 11:52:10.958root 11241100x80000000000000003866809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c958623f7ce7d832021-12-22 11:52:10.958root 11241100x80000000000000003866810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8110f49437aa542021-12-22 11:52:10.958root 11241100x80000000000000003866811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2e0281e15bc1bf2021-12-22 11:52:10.958root 11241100x80000000000000003866812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393abbb30af383972021-12-22 11:52:10.958root 11241100x80000000000000003866813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f03cf416da3334e2021-12-22 11:52:10.958root 11241100x80000000000000003866814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3381405ddd7e6952021-12-22 11:52:10.958root 11241100x80000000000000003866815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a088d9ba716c93e92021-12-22 11:52:10.958root 11241100x80000000000000003866816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e1556d79467fa32021-12-22 11:52:10.958root 11241100x80000000000000003866817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503d6105f71212872021-12-22 11:52:10.958root 11241100x80000000000000003866818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854720e56564f61e2021-12-22 11:52:10.958root 11241100x80000000000000003866819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3433be4367816bf42021-12-22 11:52:10.959root 11241100x80000000000000003866820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b4af950d70920f2021-12-22 11:52:10.959root 11241100x80000000000000003866821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1455a794f27b12af2021-12-22 11:52:10.959root 11241100x80000000000000003866822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526c3b17823c4a862021-12-22 11:52:10.959root 11241100x80000000000000003866823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935ecf992d8ce4132021-12-22 11:52:10.959root 11241100x80000000000000003866824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc4c0ce78c1c6812021-12-22 11:52:10.959root 11241100x80000000000000003866825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c636e9702aafe7642021-12-22 11:52:10.959root 11241100x80000000000000003866826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cab6aa6d7480722021-12-22 11:52:10.959root 11241100x80000000000000003866827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ece90e6a31ace92021-12-22 11:52:10.959root 11241100x80000000000000003866828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9199ffb5f52ebfa2021-12-22 11:52:10.959root 11241100x80000000000000003866829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699cb48a996579bb2021-12-22 11:52:10.959root 11241100x80000000000000003866830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e4942b2a6e2eef2021-12-22 11:52:10.959root 11241100x80000000000000003866831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d36e815a9e7ba42021-12-22 11:52:10.959root 11241100x80000000000000003866832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc23d7f366dd8efb2021-12-22 11:52:10.959root 11241100x80000000000000003866833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70044bad9673cbec2021-12-22 11:52:10.960root 11241100x80000000000000003866834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28dd703a129693cf2021-12-22 11:52:10.960root 11241100x80000000000000003866835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed9f52b355ceac92021-12-22 11:52:10.960root 11241100x80000000000000003866836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2cbcca4691e5e0c2021-12-22 11:52:10.960root 11241100x80000000000000003866837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511ec95e55a00ded2021-12-22 11:52:10.960root 11241100x80000000000000003866838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03709617a8b371e22021-12-22 11:52:10.960root 11241100x80000000000000003866839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35dac6a82544f3ec2021-12-22 11:52:10.960root 11241100x80000000000000003866840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948b3e905311321a2021-12-22 11:52:10.960root 11241100x80000000000000003866841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1fed61c790f83182021-12-22 11:52:10.960root 11241100x80000000000000003866842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1872056b5706e0b92021-12-22 11:52:10.960root 11241100x80000000000000003866843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e949de59831a4b12021-12-22 11:52:10.960root 11241100x80000000000000003866844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac8fddaa38be3cd2021-12-22 11:52:10.960root 11241100x80000000000000003866845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3135d1156190c2d2021-12-22 11:52:10.960root 11241100x80000000000000003866846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b877c0bb1179f12f2021-12-22 11:52:10.960root 11241100x80000000000000003866847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd1d0da6ae4fbb62021-12-22 11:52:10.960root 11241100x80000000000000003866848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27745499d67599332021-12-22 11:52:10.960root 11241100x80000000000000003866849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ec4c141d9b09ea2021-12-22 11:52:10.961root 11241100x80000000000000003866850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24bb98449a5e34822021-12-22 11:52:10.961root 11241100x80000000000000003866851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba42732550ade37d2021-12-22 11:52:10.961root 11241100x80000000000000003866852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e088f5d1c20e702021-12-22 11:52:10.961root 11241100x80000000000000003866853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dae24e4ee81d7802021-12-22 11:52:10.961root 11241100x80000000000000003866854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd7fbd3071fb2732021-12-22 11:52:10.961root 11241100x80000000000000003866855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7b092a3b6f85c42021-12-22 11:52:10.961root 11241100x80000000000000003866856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b62857186c4973c2021-12-22 11:52:10.962root 11241100x80000000000000003866857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc89de4f325fa3972021-12-22 11:52:10.962root 11241100x80000000000000003866858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8c10906ee58cc92021-12-22 11:52:10.962root 11241100x80000000000000003866859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a4cf68742dbd342021-12-22 11:52:10.962root 11241100x80000000000000003866860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12be99c7f8cf3e172021-12-22 11:52:10.962root 11241100x80000000000000003866861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323c25483bd396242021-12-22 11:52:10.962root 11241100x80000000000000003866862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05d8395cff4bdc32021-12-22 11:52:10.962root 11241100x80000000000000003866863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:10.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1695caad172bf9e2021-12-22 11:52:10.962root 354300x80000000000000003866864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.239{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55570-false10.0.1.12-8000- 11241100x80000000000000003866865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0f90d464060b942021-12-22 11:52:11.240root 11241100x80000000000000003866866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41909bc99c742672021-12-22 11:52:11.240root 11241100x80000000000000003866867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a11cdc3afcb2c62021-12-22 11:52:11.240root 11241100x80000000000000003866868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deffe83fa5a31d792021-12-22 11:52:11.240root 11241100x80000000000000003866869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da803d999ce8f8d2021-12-22 11:52:11.240root 11241100x80000000000000003866870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d338d9cf981cd62021-12-22 11:52:11.241root 11241100x80000000000000003866871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee26166f920cf422021-12-22 11:52:11.241root 11241100x80000000000000003866872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb571dae76e76dd2021-12-22 11:52:11.241root 11241100x80000000000000003866873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611a6ae1cb6442cc2021-12-22 11:52:11.241root 11241100x80000000000000003866874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0dcd887bf0f5a02021-12-22 11:52:11.241root 11241100x80000000000000003866875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630e53107bc815892021-12-22 11:52:11.241root 11241100x80000000000000003866876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434593a3678099b12021-12-22 11:52:11.242root 11241100x80000000000000003866877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d2b262a2e57dfa2021-12-22 11:52:11.242root 11241100x80000000000000003866878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a7a4995fb8c6cf2021-12-22 11:52:11.242root 11241100x80000000000000003866879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2fa19d3f64ae8a32021-12-22 11:52:11.242root 11241100x80000000000000003866880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f7d41604ba62372021-12-22 11:52:11.242root 11241100x80000000000000003866881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb07d3486d2289a32021-12-22 11:52:11.242root 11241100x80000000000000003866882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50f5283bbb445a42021-12-22 11:52:11.243root 11241100x80000000000000003866883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458acfb91ffe557a2021-12-22 11:52:11.243root 11241100x80000000000000003866884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f4af34fc572bc42021-12-22 11:52:11.243root 11241100x80000000000000003866885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d923a1ebae6e57e32021-12-22 11:52:11.244root 11241100x80000000000000003866886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211faff7021caac32021-12-22 11:52:11.244root 11241100x80000000000000003866887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c28aeffae296c622021-12-22 11:52:11.244root 11241100x80000000000000003866888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a14d69b9b189be2021-12-22 11:52:11.244root 11241100x80000000000000003866889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39835d13a1ccadf32021-12-22 11:52:11.244root 11241100x80000000000000003866890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62d08a00354ae4e2021-12-22 11:52:11.244root 11241100x80000000000000003866891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f2d09bb7b4ec802021-12-22 11:52:11.244root 11241100x80000000000000003866892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f08eba828e95b82021-12-22 11:52:11.244root 11241100x80000000000000003866893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca9399f13df68182021-12-22 11:52:11.244root 11241100x80000000000000003866894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615079d53ade41ca2021-12-22 11:52:11.244root 11241100x80000000000000003866895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cdce9adfdef91582021-12-22 11:52:11.244root 11241100x80000000000000003866896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a19a4af8166dc622021-12-22 11:52:11.244root 11241100x80000000000000003866897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbeed5db20ba3b22021-12-22 11:52:11.244root 11241100x80000000000000003866898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99bb164f5a555d962021-12-22 11:52:11.244root 11241100x80000000000000003866899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abfaa8de851aaef2021-12-22 11:52:11.245root 11241100x80000000000000003866900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0c22b4573c0fcb2021-12-22 11:52:11.245root 11241100x80000000000000003866901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086f3eadc3a490842021-12-22 11:52:11.245root 11241100x80000000000000003866902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f2e18def182bd82021-12-22 11:52:11.245root 11241100x80000000000000003866903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f642f2e9e450e82021-12-22 11:52:11.245root 11241100x80000000000000003866904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94cb4ab609861892021-12-22 11:52:11.245root 11241100x80000000000000003866905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea3409e5cfea2602021-12-22 11:52:11.245root 11241100x80000000000000003866906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b798a4269bd24bc22021-12-22 11:52:11.245root 11241100x80000000000000003866907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd296c2b62f308222021-12-22 11:52:11.245root 11241100x80000000000000003866908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4fc2a61b7771142021-12-22 11:52:11.245root 11241100x80000000000000003866909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a3d67e0a7a9c062021-12-22 11:52:11.245root 11241100x80000000000000003866910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5a0cc9cfe30ac42021-12-22 11:52:11.245root 11241100x80000000000000003866911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ac43a1a89e430f2021-12-22 11:52:11.245root 11241100x80000000000000003866912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8995edbd4954e32021-12-22 11:52:11.246root 11241100x80000000000000003866913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0affb1578689a4e2021-12-22 11:52:11.246root 11241100x80000000000000003866914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337cbcf062a6a0472021-12-22 11:52:11.246root 11241100x80000000000000003866915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b0e188048e6c1c2021-12-22 11:52:11.246root 11241100x80000000000000003866916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c18cb8909a92e9e2021-12-22 11:52:11.246root 11241100x80000000000000003866917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7b1643518e8f142021-12-22 11:52:11.246root 11241100x80000000000000003866918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc633c602266cedf2021-12-22 11:52:11.246root 11241100x80000000000000003866919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e774859c64c97ba2021-12-22 11:52:11.246root 11241100x80000000000000003866920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5ed0948dd9d0562021-12-22 11:52:11.246root 11241100x80000000000000003866921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc6f6c61236abab2021-12-22 11:52:11.246root 11241100x80000000000000003866922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba5c9f68e3e8b9a2021-12-22 11:52:11.246root 11241100x80000000000000003866923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b7cc201142bf632021-12-22 11:52:11.246root 11241100x80000000000000003866924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069020a2083d4a242021-12-22 11:52:11.246root 11241100x80000000000000003866925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1f400a92b4b0d22021-12-22 11:52:11.246root 11241100x80000000000000003866926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21a9e0220e9509e2021-12-22 11:52:11.247root 11241100x80000000000000003866927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d35c936f495806f2021-12-22 11:52:11.247root 11241100x80000000000000003866928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688ad49ab8121f3b2021-12-22 11:52:11.247root 11241100x80000000000000003866929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aade12883c0cd8e2021-12-22 11:52:11.247root 11241100x80000000000000003866930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723d9a94423f3aa32021-12-22 11:52:11.247root 11241100x80000000000000003866931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa110a4a162e8062021-12-22 11:52:11.247root 11241100x80000000000000003866932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088139569f36192b2021-12-22 11:52:11.247root 11241100x80000000000000003866933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3456f4885e84de652021-12-22 11:52:11.247root 11241100x80000000000000003866934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20526511112751a22021-12-22 11:52:11.247root 11241100x80000000000000003866935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83464174aac557c22021-12-22 11:52:11.247root 11241100x80000000000000003866936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ceb4034dac803e52021-12-22 11:52:11.247root 11241100x80000000000000003866937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05974e9a4fc83772021-12-22 11:52:11.247root 11241100x80000000000000003866938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2d4609be1b02e12021-12-22 11:52:11.247root 11241100x80000000000000003866939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4642cf1aad2a14292021-12-22 11:52:11.247root 11241100x80000000000000003866940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e559f1100a4921a12021-12-22 11:52:11.248root 11241100x80000000000000003866941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1bf696c50333c32021-12-22 11:52:11.248root 11241100x80000000000000003866942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb11f5c8f1dcb0eb2021-12-22 11:52:11.248root 11241100x80000000000000003866943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629fcad9d3d683a42021-12-22 11:52:11.248root 11241100x80000000000000003866944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f531fff77e769772021-12-22 11:52:11.248root 11241100x80000000000000003866945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca49dfc449b18e52021-12-22 11:52:11.248root 11241100x80000000000000003866946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027854554170cd402021-12-22 11:52:11.248root 11241100x80000000000000003866947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ea490a370752fe2021-12-22 11:52:11.248root 11241100x80000000000000003866948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a362b7200b4c1b192021-12-22 11:52:11.248root 11241100x80000000000000003866949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2486a1df0b648dd52021-12-22 11:52:11.248root 11241100x80000000000000003866950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ed76edf1cc4ce62021-12-22 11:52:11.249root 11241100x80000000000000003866951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af34de0e596317d82021-12-22 11:52:11.249root 11241100x80000000000000003866952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20fd557cb4497ed2021-12-22 11:52:11.249root 11241100x80000000000000003866953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca61900acc8779ef2021-12-22 11:52:11.249root 11241100x80000000000000003866954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5caaff902d275cda2021-12-22 11:52:11.249root 11241100x80000000000000003866955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0792abfe6ae4432021-12-22 11:52:11.249root 11241100x80000000000000003866956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7875d761deff1732021-12-22 11:52:11.249root 11241100x80000000000000003866957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b45fd3ec6a6975c2021-12-22 11:52:11.249root 11241100x80000000000000003866958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3fc432beddce222021-12-22 11:52:11.249root 11241100x80000000000000003866959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6df489f56d94e0f2021-12-22 11:52:11.249root 11241100x80000000000000003866960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa07c2ee091979212021-12-22 11:52:11.249root 11241100x80000000000000003866961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59069a415f5694d82021-12-22 11:52:11.249root 11241100x80000000000000003866962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff7988ca4fc510b2021-12-22 11:52:11.250root 11241100x80000000000000003866963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40904a2b460708672021-12-22 11:52:11.250root 11241100x80000000000000003866964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89fed6aaceb24c6b2021-12-22 11:52:11.250root 11241100x80000000000000003866965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f562379ef0b38e2021-12-22 11:52:11.250root 11241100x80000000000000003866966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b3650c324daffe2021-12-22 11:52:11.250root 11241100x80000000000000003866967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb38913f7acc43c2021-12-22 11:52:11.250root 11241100x80000000000000003866968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bc684d2d63c5702021-12-22 11:52:11.250root 11241100x80000000000000003866969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626ae05a340970232021-12-22 11:52:11.250root 11241100x80000000000000003866970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08dfc197cbd6b3bf2021-12-22 11:52:11.250root 11241100x80000000000000003866971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1f3b83268021c32021-12-22 11:52:11.251root 11241100x80000000000000003866972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8831327e29cfa82021-12-22 11:52:11.251root 11241100x80000000000000003866973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14bbd1484e8194b2021-12-22 11:52:11.251root 11241100x80000000000000003866974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8837c0cd8b8c8b2021-12-22 11:52:11.251root 11241100x80000000000000003866975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad8d2a2d4af77e02021-12-22 11:52:11.251root 11241100x80000000000000003866976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a5a0883a1a35792021-12-22 11:52:11.251root 11241100x80000000000000003866977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa4f714920a9a0d2021-12-22 11:52:11.251root 11241100x80000000000000003866978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1c92ace1e13b502021-12-22 11:52:11.251root 11241100x80000000000000003866979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f29cc065ef29712021-12-22 11:52:11.252root 11241100x80000000000000003866980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44557714e52632292021-12-22 11:52:11.252root 11241100x80000000000000003866981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb4358122cf26792021-12-22 11:52:11.252root 11241100x80000000000000003866982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e4206c4630a6c72021-12-22 11:52:11.252root 11241100x80000000000000003866983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87260f0a98b22dfb2021-12-22 11:52:11.252root 11241100x80000000000000003866984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d8269c585084722021-12-22 11:52:11.252root 11241100x80000000000000003866985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7446600b58b3c56b2021-12-22 11:52:11.252root 11241100x80000000000000003866986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a729201d0d21332021-12-22 11:52:11.253root 11241100x80000000000000003866987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3bb26e08a2907f22021-12-22 11:52:11.253root 11241100x80000000000000003866988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303ad422ea3d6c4b2021-12-22 11:52:11.253root 11241100x80000000000000003866989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3e4d93689f7b012021-12-22 11:52:11.253root 11241100x80000000000000003866990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18109ce89a83978f2021-12-22 11:52:11.253root 11241100x80000000000000003866991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0962c043ad076c2021-12-22 11:52:11.253root 11241100x80000000000000003866992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4782dafd616ac7ac2021-12-22 11:52:11.253root 11241100x80000000000000003866993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594147b1251de0e32021-12-22 11:52:11.253root 11241100x80000000000000003866994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d68fea747b6b0ff2021-12-22 11:52:11.254root 11241100x80000000000000003866995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7a2141ff51aa942021-12-22 11:52:11.254root 11241100x80000000000000003866996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9dcdf8127c975c22021-12-22 11:52:11.254root 11241100x80000000000000003866997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6c1e3e417ce9d52021-12-22 11:52:11.254root 11241100x80000000000000003866998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b414512f5e6640692021-12-22 11:52:11.254root 11241100x80000000000000003866999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e829d1ec9ea061fb2021-12-22 11:52:11.254root 11241100x80000000000000003867000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb8a37b70b17a622021-12-22 11:52:11.254root 11241100x80000000000000003867001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74bbe7ea22fb17542021-12-22 11:52:11.254root 11241100x80000000000000003867002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20cddbbf71628e6b2021-12-22 11:52:11.255root 11241100x80000000000000003867003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc31e63d966379782021-12-22 11:52:11.255root 11241100x80000000000000003867004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb2edc84a6279c52021-12-22 11:52:11.255root 11241100x80000000000000003867005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536d53fff186cadb2021-12-22 11:52:11.255root 11241100x80000000000000003867006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f5d270859409072021-12-22 11:52:11.693root 11241100x80000000000000003867007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc1bd1af492ca512021-12-22 11:52:11.693root 11241100x80000000000000003867008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154315bdd55260042021-12-22 11:52:11.693root 11241100x80000000000000003867009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4231e75bbaf65282021-12-22 11:52:11.693root 11241100x80000000000000003867010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1c8c2fe16dded92021-12-22 11:52:11.693root 11241100x80000000000000003867011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e25e7dc013ab3c2021-12-22 11:52:11.693root 11241100x80000000000000003867012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a13f214b391f86e2021-12-22 11:52:11.694root 11241100x80000000000000003867013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be6d6e116ff35ac2021-12-22 11:52:11.694root 11241100x80000000000000003867014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9b673087c4d5db2021-12-22 11:52:11.694root 11241100x80000000000000003867015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a27aa948fe22b12021-12-22 11:52:11.694root 11241100x80000000000000003867016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e86141c76d5e8c2021-12-22 11:52:11.694root 11241100x80000000000000003867017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611f06122844c20a2021-12-22 11:52:11.694root 11241100x80000000000000003867018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32eeebc42d69241e2021-12-22 11:52:11.695root 11241100x80000000000000003867019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d8ee5958c03cdb2021-12-22 11:52:11.695root 11241100x80000000000000003867020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0076497cf9c466e2021-12-22 11:52:11.695root 11241100x80000000000000003867021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6603aca4fcc2177b2021-12-22 11:52:11.695root 11241100x80000000000000003867022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff7b7257ace28a72021-12-22 11:52:11.695root 11241100x80000000000000003867023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db355eb03bc7c7d2021-12-22 11:52:11.695root 11241100x80000000000000003867024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283c9a07a54316b92021-12-22 11:52:11.696root 11241100x80000000000000003867025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c1298cbff82de42021-12-22 11:52:11.696root 11241100x80000000000000003867026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8649697bae5c512021-12-22 11:52:11.696root 11241100x80000000000000003867027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94665195bc117e62021-12-22 11:52:11.696root 11241100x80000000000000003867028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdad6cfdfee0509d2021-12-22 11:52:11.696root 11241100x80000000000000003867029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b5fd827778e5eb2021-12-22 11:52:11.696root 11241100x80000000000000003867030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9024c9e23c7e7aac2021-12-22 11:52:11.696root 11241100x80000000000000003867031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fd8aa9bb120e5e2021-12-22 11:52:11.696root 11241100x80000000000000003867032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430ff386d766f1d32021-12-22 11:52:11.696root 11241100x80000000000000003867033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f41db0b31443e8f2021-12-22 11:52:11.697root 11241100x80000000000000003867034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2284dc7beb72719f2021-12-22 11:52:11.697root 11241100x80000000000000003867035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfba44a9e1211512021-12-22 11:52:11.697root 11241100x80000000000000003867036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e579ddcfdc2ebd22021-12-22 11:52:11.697root 11241100x80000000000000003867037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4182a97cbacfdf02021-12-22 11:52:11.697root 11241100x80000000000000003867038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b279b0fae0c15d5c2021-12-22 11:52:11.697root 11241100x80000000000000003867039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479369d87112d44b2021-12-22 11:52:11.697root 11241100x80000000000000003867040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcd74f4ba8285e52021-12-22 11:52:11.697root 11241100x80000000000000003867041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001d566cc1a218322021-12-22 11:52:11.697root 11241100x80000000000000003867042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77dde0202530ffa52021-12-22 11:52:11.698root 11241100x80000000000000003867043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2266cb43318d02002021-12-22 11:52:11.698root 11241100x80000000000000003867044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d989c98d05c21a02021-12-22 11:52:11.698root 11241100x80000000000000003867045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ab5829b82a09632021-12-22 11:52:11.698root 11241100x80000000000000003867046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a818dc6ee99610412021-12-22 11:52:11.698root 11241100x80000000000000003867047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbc18919615b8d92021-12-22 11:52:11.699root 11241100x80000000000000003867048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c52e65f7c00dd62021-12-22 11:52:11.699root 11241100x80000000000000003867049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949b929d826dd7542021-12-22 11:52:11.699root 11241100x80000000000000003867050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f533080a2d4d9b3c2021-12-22 11:52:11.699root 11241100x80000000000000003867051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618f9345e789495b2021-12-22 11:52:11.699root 11241100x80000000000000003867052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777edcdd0cc540862021-12-22 11:52:11.699root 11241100x80000000000000003867053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9ddb14e4d37c982021-12-22 11:52:11.700root 11241100x80000000000000003867054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5c9b2041c7d04f2021-12-22 11:52:11.700root 11241100x80000000000000003867055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0dd4a32dfc6a0222021-12-22 11:52:11.700root 11241100x80000000000000003867056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c0737a18b0cd632021-12-22 11:52:11.700root 11241100x80000000000000003867057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1125d4e45c64772021-12-22 11:52:11.700root 11241100x80000000000000003867058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49ce53b5b504bee2021-12-22 11:52:11.700root 11241100x80000000000000003867059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f763eb4f3249cd612021-12-22 11:52:11.701root 11241100x80000000000000003867060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81123684c5f08cfa2021-12-22 11:52:11.701root 11241100x80000000000000003867061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f5239a98e930502021-12-22 11:52:11.701root 11241100x80000000000000003867062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33df2734d8fd45662021-12-22 11:52:11.702root 11241100x80000000000000003867063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866316baedd0c3c62021-12-22 11:52:11.702root 11241100x80000000000000003867064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e80da8c52b583bf2021-12-22 11:52:11.702root 11241100x80000000000000003867065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e74a727fdd81232021-12-22 11:52:11.702root 11241100x80000000000000003867066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.860a55495ea4d9152021-12-22 11:52:11.702root 11241100x80000000000000003867067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c26bd44446cad12021-12-22 11:52:11.703root 11241100x80000000000000003867068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6127b5663d1522a42021-12-22 11:52:11.703root 11241100x80000000000000003867069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033e129d345db20a2021-12-22 11:52:11.703root 11241100x80000000000000003867070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56361f7f4d9925d2021-12-22 11:52:11.703root 11241100x80000000000000003867071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22aaf1fc7f105a5e2021-12-22 11:52:11.703root 11241100x80000000000000003867072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b31054fba1f0dea2021-12-22 11:52:11.703root 11241100x80000000000000003867073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa102d533346728a2021-12-22 11:52:11.703root 11241100x80000000000000003867074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9060f9f98f45132021-12-22 11:52:11.703root 11241100x80000000000000003867075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318003332dfd9de22021-12-22 11:52:11.704root 11241100x80000000000000003867076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9d19cd263fa42c2021-12-22 11:52:11.704root 11241100x80000000000000003867077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a7c3bee7781def2021-12-22 11:52:11.704root 11241100x80000000000000003867078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f2e21c566700292021-12-22 11:52:11.704root 11241100x80000000000000003867079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a053a9c00e9833432021-12-22 11:52:11.704root 11241100x80000000000000003867080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4219436a65c03e1b2021-12-22 11:52:11.704root 11241100x80000000000000003867081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a61fcdb286a2e22021-12-22 11:52:11.704root 11241100x80000000000000003867082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd92e46d6607ca0d2021-12-22 11:52:11.704root 11241100x80000000000000003867083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a5297dcd32b4712021-12-22 11:52:11.704root 11241100x80000000000000003867084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735864a4aede6e072021-12-22 11:52:11.705root 11241100x80000000000000003867085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1d0be0f1980a6a2021-12-22 11:52:11.705root 11241100x80000000000000003867086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499ce5873954de0a2021-12-22 11:52:11.705root 11241100x80000000000000003867087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b0ea38011421102021-12-22 11:52:11.705root 11241100x80000000000000003867088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0966607ebb214642021-12-22 11:52:11.705root 11241100x80000000000000003867089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28014fb71b60c4022021-12-22 11:52:11.705root 11241100x80000000000000003867090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91080c5f768eeb222021-12-22 11:52:11.705root 11241100x80000000000000003867091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ce83f5c8ebc1ec2021-12-22 11:52:11.705root 11241100x80000000000000003867092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6056d9b14d9f47ff2021-12-22 11:52:11.706root 11241100x80000000000000003867093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ca1182d1c45f8f2021-12-22 11:52:11.706root 11241100x80000000000000003867094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39fff27577760bca2021-12-22 11:52:11.706root 11241100x80000000000000003867095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7faa4a1c392fe5e2021-12-22 11:52:11.706root 11241100x80000000000000003867096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007a98fe9c8cbe892021-12-22 11:52:11.706root 11241100x80000000000000003867097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a590aac896e54a352021-12-22 11:52:11.706root 11241100x80000000000000003867098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c72127859d160182021-12-22 11:52:11.706root 11241100x80000000000000003867099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10adc41693e69b192021-12-22 11:52:11.706root 11241100x80000000000000003867100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416c31b17c692bc62021-12-22 11:52:11.706root 11241100x80000000000000003867101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae67ef576d3da8c2021-12-22 11:52:11.706root 11241100x80000000000000003867102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba31a5d854a4edd2021-12-22 11:52:11.706root 11241100x80000000000000003867103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd5fd4869daf6502021-12-22 11:52:11.706root 11241100x80000000000000003867104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2fb6d34a3f74b92021-12-22 11:52:11.707root 11241100x80000000000000003867105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06ffb597c30ed992021-12-22 11:52:11.707root 11241100x80000000000000003867106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad03dc9648e8aee2021-12-22 11:52:11.707root 11241100x80000000000000003867107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec0340f95822c442021-12-22 11:52:11.707root 11241100x80000000000000003867108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5295a289bc6c5a12021-12-22 11:52:11.707root 11241100x80000000000000003867109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77008fac93dfa6312021-12-22 11:52:11.707root 11241100x80000000000000003867110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326e6c70bcd1c7622021-12-22 11:52:11.707root 11241100x80000000000000003867111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b28af472407240d2021-12-22 11:52:11.707root 11241100x80000000000000003867112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0d9f26d386e7972021-12-22 11:52:11.707root 11241100x80000000000000003867113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a8820b7ed7a24e2021-12-22 11:52:11.708root 11241100x80000000000000003867114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58971e3f23a4da72021-12-22 11:52:11.708root 11241100x80000000000000003867115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301efed241eaa8342021-12-22 11:52:11.708root 11241100x80000000000000003867116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbaaaa0c7b6668182021-12-22 11:52:11.708root 11241100x80000000000000003867117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363f42cf32eaa7db2021-12-22 11:52:11.708root 11241100x80000000000000003867118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195f3c5ddda17df12021-12-22 11:52:11.708root 11241100x80000000000000003867119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853ab11af007a20c2021-12-22 11:52:11.708root 11241100x80000000000000003867120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4a051cdbd196892021-12-22 11:52:11.708root 11241100x80000000000000003867121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b94e3dbab574452021-12-22 11:52:11.708root 11241100x80000000000000003867122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3332e0c52ebb962021-12-22 11:52:11.708root 11241100x80000000000000003867123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a52cdf853083d72021-12-22 11:52:11.709root 11241100x80000000000000003867124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9b87b98acbcfc82021-12-22 11:52:11.709root 11241100x80000000000000003867125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e9929095d7e1702021-12-22 11:52:11.709root 11241100x80000000000000003867126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f1050b78defc5382021-12-22 11:52:11.709root 11241100x80000000000000003867127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b347fed7088bead2021-12-22 11:52:11.709root 11241100x80000000000000003867128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b443bf95e7b641ff2021-12-22 11:52:11.709root 11241100x80000000000000003867129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153e5ea4c5534e932021-12-22 11:52:11.709root 11241100x80000000000000003867130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace44db4322ff1992021-12-22 11:52:11.709root 11241100x80000000000000003867131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe95657bea5e1dd2021-12-22 11:52:11.709root 11241100x80000000000000003867132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde62c8d4a434d252021-12-22 11:52:11.709root 11241100x80000000000000003867133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407b5d5fe015f7bf2021-12-22 11:52:11.710root 11241100x80000000000000003867134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1995fd5696c3ec2021-12-22 11:52:11.710root 11241100x80000000000000003867135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a835e8c65967632021-12-22 11:52:11.710root 11241100x80000000000000003867136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df0323c6ae7dfd82021-12-22 11:52:11.710root 11241100x80000000000000003867137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6915f8c994bf98162021-12-22 11:52:11.710root 11241100x80000000000000003867138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e66cd70983fff472021-12-22 11:52:11.710root 11241100x80000000000000003867139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d278182b71adaf52021-12-22 11:52:11.710root 11241100x80000000000000003867140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a66a40da4ed43d2021-12-22 11:52:11.710root 11241100x80000000000000003867141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851ebfa176fec7232021-12-22 11:52:11.710root 11241100x80000000000000003867142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ddae8747ae2d1e92021-12-22 11:52:11.710root 11241100x80000000000000003867143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899a82bda8b61d512021-12-22 11:52:11.711root 11241100x80000000000000003867144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bede38d2cbfb55862021-12-22 11:52:11.711root 11241100x80000000000000003867145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bfbfd74f997f5f72021-12-22 11:52:11.711root 11241100x80000000000000003867146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924d0cac43c5de9b2021-12-22 11:52:11.711root 11241100x80000000000000003867147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd6c75ce9b20ab82021-12-22 11:52:11.711root 11241100x80000000000000003867148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddde39678199b29e2021-12-22 11:52:11.711root 11241100x80000000000000003867149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a655b47e954132b12021-12-22 11:52:11.711root 11241100x80000000000000003867150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ddbf3e01f15d32d2021-12-22 11:52:11.711root 11241100x80000000000000003867151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4dd3687ee843a62021-12-22 11:52:11.712root 11241100x80000000000000003867152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5873b91e19b0042021-12-22 11:52:11.712root 11241100x80000000000000003867153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb4aaab894802992021-12-22 11:52:11.712root 11241100x80000000000000003867154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad2b83a24af85162021-12-22 11:52:11.712root 11241100x80000000000000003867155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41338c9342cf6b8a2021-12-22 11:52:11.712root 11241100x80000000000000003867156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673df299dc855c872021-12-22 11:52:11.712root 11241100x80000000000000003867157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8295e15ea6ff2bb62021-12-22 11:52:11.713root 11241100x80000000000000003867158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a681debc076592b52021-12-22 11:52:11.713root 11241100x80000000000000003867159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055f767187aa2b9e2021-12-22 11:52:11.713root 11241100x80000000000000003867160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337c598a030dbff52021-12-22 11:52:11.713root 11241100x80000000000000003867161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88816ff57d15cad52021-12-22 11:52:11.713root 11241100x80000000000000003867162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a409e03cac24126b2021-12-22 11:52:11.713root 11241100x80000000000000003867163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5878519e9762f62021-12-22 11:52:11.714root 11241100x80000000000000003867164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d071d24321b515f2021-12-22 11:52:11.714root 11241100x80000000000000003867165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6479435d0cfc7ceb2021-12-22 11:52:11.714root 11241100x80000000000000003867166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d038211e857f562021-12-22 11:52:11.714root 11241100x80000000000000003867167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489c59c1b075c5e92021-12-22 11:52:11.714root 11241100x80000000000000003867168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe59e7168940b902021-12-22 11:52:11.714root 11241100x80000000000000003867169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619b9ff7a69fbcb92021-12-22 11:52:11.714root 11241100x80000000000000003867170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a332ba042ca65072021-12-22 11:52:11.714root 11241100x80000000000000003867171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6b54abf790c2882021-12-22 11:52:11.714root 11241100x80000000000000003867172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b3956418d3c6f02021-12-22 11:52:11.715root 11241100x80000000000000003867173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7004f434457d142021-12-22 11:52:11.715root 11241100x80000000000000003867174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f85b0cd59e858d2021-12-22 11:52:11.715root 11241100x80000000000000003867175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94e9dfa2ec42db32021-12-22 11:52:11.715root 11241100x80000000000000003867176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28ab280db43867a2021-12-22 11:52:11.715root 11241100x80000000000000003867177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7fffc7ca0863c642021-12-22 11:52:11.715root 11241100x80000000000000003867178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e795a7803c0cb6c62021-12-22 11:52:11.715root 11241100x80000000000000003867179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e6ec4d462979132021-12-22 11:52:11.715root 11241100x80000000000000003867180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d49bd84db3847f2021-12-22 11:52:11.716root 11241100x80000000000000003867181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b660f6461e061492021-12-22 11:52:11.716root 11241100x80000000000000003867182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4c3372010d45f42021-12-22 11:52:11.716root 11241100x80000000000000003867183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82c723b5ad783552021-12-22 11:52:11.716root 11241100x80000000000000003867184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd37292af38f01e12021-12-22 11:52:11.716root 11241100x80000000000000003867185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d70b3fb873541d72021-12-22 11:52:11.716root 11241100x80000000000000003867186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f0777f5ca974ba2021-12-22 11:52:11.716root 11241100x80000000000000003867187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7897ae43b86887912021-12-22 11:52:11.717root 11241100x80000000000000003867188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ab767a4b7f02f72021-12-22 11:52:11.717root 11241100x80000000000000003867189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0685a0144edd4b562021-12-22 11:52:11.717root 11241100x80000000000000003867190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1ec0064ffabbd12021-12-22 11:52:11.717root 11241100x80000000000000003867191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e853ca7b0d71dde2021-12-22 11:52:11.717root 11241100x80000000000000003867192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b55ba772240a142021-12-22 11:52:11.717root 11241100x80000000000000003867193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4121009cdef379ca2021-12-22 11:52:11.717root 11241100x80000000000000003867194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8a10e816b3788d2021-12-22 11:52:11.717root 11241100x80000000000000003867195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac4f7bb3ed37d522021-12-22 11:52:11.717root 11241100x80000000000000003867196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb6ac5f21cf162f2021-12-22 11:52:11.717root 11241100x80000000000000003867197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbe28f26f8020bc2021-12-22 11:52:11.718root 11241100x80000000000000003867198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6295972e1556342021-12-22 11:52:11.718root 11241100x80000000000000003867199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546e1393575ec2ab2021-12-22 11:52:11.718root 11241100x80000000000000003867200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45248b2be8c39f552021-12-22 11:52:11.718root 11241100x80000000000000003867201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50043ce81c2d19b2021-12-22 11:52:11.718root 11241100x80000000000000003867202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8da4e0dd66beed2021-12-22 11:52:11.718root 11241100x80000000000000003867203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963f3811165c634b2021-12-22 11:52:11.718root 11241100x80000000000000003867204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44088e513e876b6c2021-12-22 11:52:11.718root 11241100x80000000000000003867205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974c59f1fc17321f2021-12-22 11:52:11.718root 11241100x80000000000000003867206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea42d7126660aa7e2021-12-22 11:52:11.719root 11241100x80000000000000003867207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1038248c6137832021-12-22 11:52:11.719root 11241100x80000000000000003867208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3288fc45dd0e2e2021-12-22 11:52:11.719root 11241100x80000000000000003867209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11bcd5bf576c0edd2021-12-22 11:52:11.719root 11241100x80000000000000003867210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65efab1697981cc2021-12-22 11:52:11.719root 11241100x80000000000000003867211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2edd2ac3aafe6be2021-12-22 11:52:11.719root 11241100x80000000000000003867212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f32e588443926912021-12-22 11:52:11.719root 11241100x80000000000000003867213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48485b09c5bbbcc52021-12-22 11:52:11.719root 11241100x80000000000000003867214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919cc9e11446a3062021-12-22 11:52:11.720root 11241100x80000000000000003867215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8ce74d314ed6602021-12-22 11:52:11.720root 11241100x80000000000000003867216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178edac06e5cb26a2021-12-22 11:52:11.720root 11241100x80000000000000003867217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cdcd0220ccdf2802021-12-22 11:52:11.720root 11241100x80000000000000003867218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4674b87173b05eca2021-12-22 11:52:11.720root 11241100x80000000000000003867219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220eb35d40ac47512021-12-22 11:52:11.720root 11241100x80000000000000003867220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3fb3bac15e83ed2021-12-22 11:52:11.720root 11241100x80000000000000003867221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c321e1d4ae0a5d122021-12-22 11:52:11.720root 11241100x80000000000000003867222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50eef0f577b5dbee2021-12-22 11:52:11.720root 11241100x80000000000000003867223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19382656662bc7f82021-12-22 11:52:11.720root 11241100x80000000000000003867224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f522a482cea0e7342021-12-22 11:52:11.721root 11241100x80000000000000003867225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba72f9993dd347ad2021-12-22 11:52:11.721root 11241100x80000000000000003867226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7db1ae6eccf26012021-12-22 11:52:11.721root 11241100x80000000000000003867227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b0b64e1c3c7e032021-12-22 11:52:11.721root 11241100x80000000000000003867228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7faf8f21e59caf2021-12-22 11:52:11.721root 11241100x80000000000000003867229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004a8909573792fa2021-12-22 11:52:11.721root 11241100x80000000000000003867230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9fd4c7cf85f6482021-12-22 11:52:11.721root 11241100x80000000000000003867231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac84babbabd5cf02021-12-22 11:52:11.721root 11241100x80000000000000003867232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a648830d586d4b2021-12-22 11:52:11.721root 11241100x80000000000000003867233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80cc6f8c92fc0962021-12-22 11:52:11.721root 11241100x80000000000000003867234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed45849dda70ab32021-12-22 11:52:11.721root 11241100x80000000000000003867235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37cb3f2147ef8602021-12-22 11:52:11.722root 11241100x80000000000000003867236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848078fd8e91a3b12021-12-22 11:52:11.722root 11241100x80000000000000003867237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bddf29f549c71a2021-12-22 11:52:11.722root 11241100x80000000000000003867238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457a84d55f1c8d252021-12-22 11:52:11.722root 11241100x80000000000000003867239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa003a9a5c55b9772021-12-22 11:52:11.722root 11241100x80000000000000003867240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2dcdafdb3023a2d2021-12-22 11:52:11.722root 11241100x80000000000000003867241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5994aedf624868212021-12-22 11:52:11.722root 11241100x80000000000000003867242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7d0d1775cfcff32021-12-22 11:52:11.722root 11241100x80000000000000003867243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a3b6e4374951a52021-12-22 11:52:11.722root 11241100x80000000000000003867244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d5dab488d7bdfa2021-12-22 11:52:11.722root 11241100x80000000000000003867245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bef91bf8bbbf49c2021-12-22 11:52:11.722root 11241100x80000000000000003867246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170339c88e6bac502021-12-22 11:52:11.722root 11241100x80000000000000003867247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf54568ea0279d722021-12-22 11:52:11.722root 11241100x80000000000000003867248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cdded97eb9fdefe2021-12-22 11:52:11.723root 11241100x80000000000000003867249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0cc5ce5b6c549d72021-12-22 11:52:11.723root 11241100x80000000000000003867250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142084ef6a52f6be2021-12-22 11:52:11.723root 11241100x80000000000000003867251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2deb0a184525ef2021-12-22 11:52:11.723root 11241100x80000000000000003867252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d3b2d06bb6c5ab2021-12-22 11:52:11.723root 11241100x80000000000000003867253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff485e01c35f4fe92021-12-22 11:52:11.723root 11241100x80000000000000003867254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1a03f267f3a3c92021-12-22 11:52:11.723root 11241100x80000000000000003867255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e8f96711aa92e82021-12-22 11:52:11.723root 11241100x80000000000000003867256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ead5c34c5c053032021-12-22 11:52:11.723root 11241100x80000000000000003867257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51bdfe1a70ddf062021-12-22 11:52:11.723root 11241100x80000000000000003867258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b7385dd8dab6892021-12-22 11:52:11.723root 11241100x80000000000000003867259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d83dedeff5c55c2021-12-22 11:52:11.723root 11241100x80000000000000003867260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637bb24387ed52cf2021-12-22 11:52:11.724root 11241100x80000000000000003867261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900fb35a7de6ac632021-12-22 11:52:11.724root 11241100x80000000000000003867262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5584916f631420182021-12-22 11:52:11.724root 11241100x80000000000000003867263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37132c9661fec7bd2021-12-22 11:52:11.724root 11241100x80000000000000003867264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c9957d130ff2872021-12-22 11:52:11.724root 11241100x80000000000000003867265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c40557498a67af32021-12-22 11:52:11.724root 11241100x80000000000000003867266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73122bc7954882592021-12-22 11:52:11.724root 11241100x80000000000000003867267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd54a5aa5945b942021-12-22 11:52:11.724root 11241100x80000000000000003867268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e53aa508a112ef22021-12-22 11:52:11.724root 11241100x80000000000000003867269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad683ad628ea432a2021-12-22 11:52:11.724root 11241100x80000000000000003867270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395de298243222582021-12-22 11:52:11.725root 11241100x80000000000000003867271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b908e7590de40032021-12-22 11:52:11.725root 11241100x80000000000000003867272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c05f6487515191c2021-12-22 11:52:11.725root 11241100x80000000000000003867273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9d61fe370e099f2021-12-22 11:52:11.725root 11241100x80000000000000003867274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19302577a59054af2021-12-22 11:52:11.725root 11241100x80000000000000003867275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722ea702d0388eaa2021-12-22 11:52:11.725root 11241100x80000000000000003867276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ba80a84ab7e37e2021-12-22 11:52:11.726root 11241100x80000000000000003867277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ccf035f15f4a3712021-12-22 11:52:11.726root 11241100x80000000000000003867278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c307bdef3adc4ae72021-12-22 11:52:11.726root 11241100x80000000000000003867279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8695e6e30b2b938b2021-12-22 11:52:11.726root 11241100x80000000000000003867280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79be4f73abe7e0c82021-12-22 11:52:11.726root 11241100x80000000000000003867281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11bb319737a2e712021-12-22 11:52:11.726root 11241100x80000000000000003867282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8ff8325da31a0a2021-12-22 11:52:11.726root 11241100x80000000000000003867283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d52c34f5f91be92021-12-22 11:52:11.726root 11241100x80000000000000003867284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fcfd5068f7a73e42021-12-22 11:52:11.726root 11241100x80000000000000003867285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f48ac1aff4d1ee62021-12-22 11:52:11.726root 11241100x80000000000000003867286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a274750619a7c13c2021-12-22 11:52:11.726root 11241100x80000000000000003867287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a926fc89f6ec01bd2021-12-22 11:52:11.727root 11241100x80000000000000003867288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495f1ba994e1a7992021-12-22 11:52:11.727root 11241100x80000000000000003867289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5cbd95b04c65dfa2021-12-22 11:52:11.727root 11241100x80000000000000003867290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d4894adebfc7f92021-12-22 11:52:11.727root 11241100x80000000000000003867291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3091d699bfefef2c2021-12-22 11:52:11.727root 11241100x80000000000000003867292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d72a91a359154f2021-12-22 11:52:11.727root 11241100x80000000000000003867293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5684884bc99d477b2021-12-22 11:52:11.727root 11241100x80000000000000003867294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905324c6a533caba2021-12-22 11:52:11.727root 11241100x80000000000000003867295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a925fb1897ef962021-12-22 11:52:11.727root 11241100x80000000000000003867296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cbefb55412cb8752021-12-22 11:52:11.727root 11241100x80000000000000003867297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850de11c0a6e2e172021-12-22 11:52:11.727root 11241100x80000000000000003867298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0b2033843263612021-12-22 11:52:11.728root 11241100x80000000000000003867299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434f422cedb540b02021-12-22 11:52:11.728root 11241100x80000000000000003867300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba34338ebb3fa8042021-12-22 11:52:11.728root 11241100x80000000000000003867301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5c6a8ac7d5d7d72021-12-22 11:52:11.728root 11241100x80000000000000003867302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243e099df28438882021-12-22 11:52:11.728root 11241100x80000000000000003867303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd08e4c2e58bb3e2021-12-22 11:52:11.728root 11241100x80000000000000003867304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7077629a98eca2fe2021-12-22 11:52:11.728root 11241100x80000000000000003867305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f506d5e1b3fc5a72021-12-22 11:52:11.728root 11241100x80000000000000003867306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c3d8bc018bdd502021-12-22 11:52:11.728root 11241100x80000000000000003867307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871af16ff5531f252021-12-22 11:52:11.728root 11241100x80000000000000003867308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1974a105811bf0fd2021-12-22 11:52:11.728root 11241100x80000000000000003867309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.729{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f27713324162692021-12-22 11:52:11.729root 11241100x80000000000000003867310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.729{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9d2a2ebad868b12021-12-22 11:52:11.729root 11241100x80000000000000003867311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.729{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188aef67f830f50b2021-12-22 11:52:11.729root 11241100x80000000000000003867312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.729{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce79aa67ee40e772021-12-22 11:52:11.729root 11241100x80000000000000003867313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.729{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c7375c31bac99bf2021-12-22 11:52:11.729root 11241100x80000000000000003867314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.729{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32f91325877c12a2021-12-22 11:52:11.729root 11241100x80000000000000003867315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.729{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ef9668cd56a8592021-12-22 11:52:11.729root 11241100x80000000000000003867316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.729{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b014a2dfb2a2993e2021-12-22 11:52:11.729root 11241100x80000000000000003867317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.729{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9085fd23678492a22021-12-22 11:52:11.729root 11241100x80000000000000003867318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.729{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a596962f61f85a182021-12-22 11:52:11.729root 11241100x80000000000000003867319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.729{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e4d88c1da3d4262021-12-22 11:52:11.729root 11241100x80000000000000003867320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.730{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8a55ca3e7dcc602021-12-22 11:52:11.730root 11241100x80000000000000003867321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.730{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db03e9f92e926a62021-12-22 11:52:11.730root 11241100x80000000000000003867322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.730{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95698b833bc7ebc92021-12-22 11:52:11.730root 11241100x80000000000000003867323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.730{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d72e32dc3465a312021-12-22 11:52:11.730root 11241100x80000000000000003867324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.730{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2aae3c6908e7ff2021-12-22 11:52:11.730root 11241100x80000000000000003867325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.730{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dcea82a2c8bd1b12021-12-22 11:52:11.730root 11241100x80000000000000003867326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.730{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64180f19d012c732021-12-22 11:52:11.730root 11241100x80000000000000003867327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.730{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01db5acdd01c9fad2021-12-22 11:52:11.730root 11241100x80000000000000003867328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.730{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c15cbac56cbbc502021-12-22 11:52:11.730root 11241100x80000000000000003867329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.730{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f88cf1bc2d23292021-12-22 11:52:11.730root 11241100x80000000000000003867330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.731{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91132c81c2c6453c2021-12-22 11:52:11.731root 11241100x80000000000000003867331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.731{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e3f861727c36302021-12-22 11:52:11.731root 11241100x80000000000000003867332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.731{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c34c72bb5ad0102021-12-22 11:52:11.731root 11241100x80000000000000003867333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.731{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7d2a82fa2a65432021-12-22 11:52:11.731root 11241100x80000000000000003867334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.731{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8ec346ad6e2d542021-12-22 11:52:11.731root 11241100x80000000000000003867335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.731{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d63deca583a99e92021-12-22 11:52:11.731root 11241100x80000000000000003867336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.731{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed070c5e2251eb652021-12-22 11:52:11.731root 11241100x80000000000000003867337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32f30ecaa30f8072021-12-22 11:52:11.732root 11241100x80000000000000003867338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8eb8fdd435d0b352021-12-22 11:52:11.732root 11241100x80000000000000003867339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694100066a167ff92021-12-22 11:52:11.732root 11241100x80000000000000003867340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e763db4d0c70cb3e2021-12-22 11:52:11.732root 11241100x80000000000000003867341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065b1440d375667d2021-12-22 11:52:11.732root 11241100x80000000000000003867342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07e510120854de02021-12-22 11:52:11.732root 11241100x80000000000000003867343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5ff4e06cb97ab02021-12-22 11:52:11.732root 11241100x80000000000000003867344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7a89bab76c2b6a2021-12-22 11:52:11.732root 11241100x80000000000000003867345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbfa558f8f2eb65b2021-12-22 11:52:11.732root 11241100x80000000000000003867346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55cb994870c33b772021-12-22 11:52:11.733root 11241100x80000000000000003867347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc64f909d17cae752021-12-22 11:52:11.733root 11241100x80000000000000003867348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0da8e89c8c2797b2021-12-22 11:52:11.733root 11241100x80000000000000003867349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ccb9ba4bb3a54602021-12-22 11:52:11.733root 11241100x80000000000000003867350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d232a34abff980912021-12-22 11:52:11.733root 11241100x80000000000000003867351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623c54c0d6d811ed2021-12-22 11:52:11.733root 11241100x80000000000000003867352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ef84fa56a34c692021-12-22 11:52:11.733root 11241100x80000000000000003867353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:11.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a414decac68bfd582021-12-22 11:52:11.733root 354300x80000000000000003867436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:22.202{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55574-false10.0.1.12-8000- 11241100x80000000000000003867437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:22.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1295ae59d9a8b34b2021-12-22 11:52:22.692root 11241100x80000000000000003867438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:23.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccb8dd6e387d3c62021-12-22 11:52:23.192root 11241100x80000000000000003867439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:23.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6143b11c6e03d6bf2021-12-22 11:52:23.692root 11241100x80000000000000003867440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:24.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a180ef362fd21d5a2021-12-22 11:52:24.192root 11241100x80000000000000003867441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:24.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ef0bd40b4011cc2021-12-22 11:52:24.692root 11241100x80000000000000003867442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:25.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c137133cac3a2872021-12-22 11:52:25.192root 11241100x80000000000000003867443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:25.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133eaaf6f5b91fff2021-12-22 11:52:25.692root 11241100x80000000000000003867444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:26.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d8148c0bc834a92021-12-22 11:52:26.192root 11241100x80000000000000003867445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eeee78fd09231782021-12-22 11:52:26.693root 354300x80000000000000003867446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:26.970{ec2b6afe-f70d-61c1-64f1-2a1399550000}10582/snap/snapd/14295/usr/lib/snapd/snapdrootudptruefalse127.0.0.1-35037-false127.0.0.53-53- 354300x80000000000000003867447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:26.970{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-42971-false10.0.0.2-53- 354300x80000000000000003867448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:26.970{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-58659-false10.0.0.2-53- 354300x80000000000000003867449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:26.971{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-35037- 11241100x80000000000000003867450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:26.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84cde24975cd748e2021-12-22 11:52:26.971root 11241100x80000000000000003867451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:26.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d9f7e7c1f3db7b2021-12-22 11:52:26.971root 11241100x80000000000000003867452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:26.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353c560cd32e1dac2021-12-22 11:52:26.971root 11241100x80000000000000003867453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:26.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e1b44eaed69d4e2021-12-22 11:52:26.971root 11241100x80000000000000003867454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:26.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f57ff34d8c9d422021-12-22 11:52:26.973root 11241100x80000000000000003867455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:26.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b4b1cbed81cf792021-12-22 11:52:26.973root 11241100x80000000000000003867456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:26.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934293e1da3cff552021-12-22 11:52:26.974root 11241100x80000000000000003867457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:26.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a21a1edbcef05bd2021-12-22 11:52:26.974root 11241100x80000000000000003867458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:26.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6686a2a1fc9a3bf82021-12-22 11:52:26.974root 354300x80000000000000003867459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:26.987{ec2b6afe-f70d-61c1-64f1-2a1399550000}10582/snap/snapd/14295/usr/lib/snapd/snapdroottcptruefalse10.0.1.25-38658-false91.189.92.40-443- 11241100x80000000000000003867460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:27.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca42582312c70822021-12-22 11:52:27.222root 11241100x80000000000000003867461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:27.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096b2ea780c333712021-12-22 11:52:27.222root 11241100x80000000000000003867462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:27.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7fbd4a02c88f8602021-12-22 11:52:27.222root 11241100x80000000000000003867463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:27.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d712fa6efa8d372021-12-22 11:52:27.222root 11241100x80000000000000003867464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:27.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edde366c91894b672021-12-22 11:52:27.223root 11241100x80000000000000003867465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:27.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa145cad02240d32021-12-22 11:52:27.223root 11241100x80000000000000003867466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:27.224{ec2b6afe-f70d-61c1-64f1-2a1399550000}10582/snap/snapd/14295/usr/lib/snapd/snapd/var/lib/snapd/state.json.QqNfPgC3myxm~2021-12-22 11:52:27.224root 11241100x80000000000000003867467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46226f34da854cc82021-12-22 11:52:27.693root 11241100x80000000000000003867468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f040d6c4673389972021-12-22 11:52:27.693root 11241100x80000000000000003867469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2ae53be039e11f2021-12-22 11:52:27.693root 11241100x80000000000000003867470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86951fe3a13277852021-12-22 11:52:27.693root 11241100x80000000000000003867471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645d7db2f2492f842021-12-22 11:52:27.693root 11241100x80000000000000003867472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6fabe208fca52a2021-12-22 11:52:27.693root 11241100x80000000000000003867473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1724ed70a52ca82c2021-12-22 11:52:27.693root 354300x80000000000000003867474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:28.122{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55578-false10.0.1.12-8000- 11241100x80000000000000003867475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:28.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cccd2c2fe8b6b5552021-12-22 11:52:28.122root 11241100x80000000000000003867476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:28.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c9d982054db3c62021-12-22 11:52:28.122root 11241100x80000000000000003867477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:28.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa184df14a7e9c12021-12-22 11:52:28.123root 11241100x80000000000000003867478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:28.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eabd29c0e6b302912021-12-22 11:52:28.123root 11241100x80000000000000003867479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:28.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8fc1d509edd76e2021-12-22 11:52:28.123root 11241100x80000000000000003867480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:28.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d2754c6f0fcc3e2021-12-22 11:52:28.123root 11241100x80000000000000003867481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:28.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5537a077449001e2021-12-22 11:52:28.123root 11241100x80000000000000003867482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:28.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8273058a2b6805f82021-12-22 11:52:28.123root 11241100x80000000000000003867483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d1fce7f062d2bd2021-12-22 11:52:28.443root 11241100x80000000000000003867484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebea61581c2c15d32021-12-22 11:52:28.443root 11241100x80000000000000003867485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0909e10d586486e2021-12-22 11:52:28.443root 11241100x80000000000000003867486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb6411b4acd92822021-12-22 11:52:28.443root 11241100x80000000000000003867487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5d87aa7b740bf12021-12-22 11:52:28.444root 11241100x80000000000000003867488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2dfdf902519ec02021-12-22 11:52:28.444root 11241100x80000000000000003867489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ede0e878dadb082021-12-22 11:52:28.444root 11241100x80000000000000003867490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e917e653f3d73c42021-12-22 11:52:28.444root 11241100x80000000000000003867491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769f3003a963b3532021-12-22 11:52:28.943root 11241100x80000000000000003867492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a37365de8df98022021-12-22 11:52:28.943root 11241100x80000000000000003867493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27011992a4bb1e6f2021-12-22 11:52:28.943root 11241100x80000000000000003867494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f237f2afd1cc2032021-12-22 11:52:28.943root 11241100x80000000000000003867495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ac3aadb5e3a0d82021-12-22 11:52:28.943root 11241100x80000000000000003867496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f184850f5dc00b2021-12-22 11:52:28.943root 11241100x80000000000000003867497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7b33e271af81fa2021-12-22 11:52:28.944root 11241100x80000000000000003867498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e347e1cfd4f509f22021-12-22 11:52:28.944root 11241100x80000000000000003867499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b450b285a00e97812021-12-22 11:52:29.443root 11241100x80000000000000003867500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b2921b9e037d8e2021-12-22 11:52:29.443root 11241100x80000000000000003867501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370f6451e98544942021-12-22 11:52:29.443root 11241100x80000000000000003867502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d842ab16ce429bd2021-12-22 11:52:29.443root 11241100x80000000000000003867503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19bfead2aef44ddf2021-12-22 11:52:29.443root 11241100x80000000000000003867504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9183ea4206b3d93f2021-12-22 11:52:29.443root 11241100x80000000000000003867505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c841dd08da16c1fd2021-12-22 11:52:29.443root 11241100x80000000000000003867506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59290d33e0118d62021-12-22 11:52:29.444root 11241100x80000000000000003867507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653e89e40dc602762021-12-22 11:52:29.943root 11241100x80000000000000003867508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db14c9b12e41e2912021-12-22 11:52:29.943root 11241100x80000000000000003867509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614feeab0b5ad9272021-12-22 11:52:29.943root 11241100x80000000000000003867510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa1fe56ec255f352021-12-22 11:52:29.943root 11241100x80000000000000003867511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dab91f2843ef8772021-12-22 11:52:29.943root 11241100x80000000000000003867512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c326789964120bcd2021-12-22 11:52:29.944root 11241100x80000000000000003867513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89c146036e931512021-12-22 11:52:29.944root 11241100x80000000000000003867514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52fa70dfd14bd6452021-12-22 11:52:29.944root 11241100x80000000000000003867515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b98e6ed26cafb42021-12-22 11:52:30.443root 11241100x80000000000000003867516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ad542b498da02b2021-12-22 11:52:30.443root 11241100x80000000000000003867517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ce7a7a246867302021-12-22 11:52:30.443root 11241100x80000000000000003867518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98b60dfa5da8b9f2021-12-22 11:52:30.443root 11241100x80000000000000003867519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802de73075094eb52021-12-22 11:52:30.443root 11241100x80000000000000003867520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8ca73038ed78a52021-12-22 11:52:30.443root 11241100x80000000000000003867521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d2909c359d93312021-12-22 11:52:30.443root 11241100x80000000000000003867522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee0e49fc5f090a32021-12-22 11:52:30.443root 11241100x80000000000000003867523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f058c27d0dc544d2021-12-22 11:52:30.943root 11241100x80000000000000003867524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf9055b78e284462021-12-22 11:52:30.943root 11241100x80000000000000003867525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053b1bec3fdc328b2021-12-22 11:52:30.943root 11241100x80000000000000003867526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e429a9582d2ad7742021-12-22 11:52:30.943root 11241100x80000000000000003867527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9dee50b362bedf2021-12-22 11:52:30.943root 11241100x80000000000000003867528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326fa9ed35cc60e52021-12-22 11:52:30.943root 11241100x80000000000000003867529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4774919ee8ceac02021-12-22 11:52:30.943root 11241100x80000000000000003867530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c782a7782d6096ad2021-12-22 11:52:30.944root 11241100x80000000000000003867531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425c27e2602018d82021-12-22 11:52:31.443root 11241100x80000000000000003867532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc8b3fe03d578462021-12-22 11:52:31.443root 11241100x80000000000000003867533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbba7429671139ff2021-12-22 11:52:31.443root 11241100x80000000000000003867534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bf59cfeb49b0302021-12-22 11:52:31.443root 11241100x80000000000000003867535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150814fba8a588a92021-12-22 11:52:31.443root 11241100x80000000000000003867536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a019805791bab042021-12-22 11:52:31.443root 11241100x80000000000000003867537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835c93587c3c8bd52021-12-22 11:52:31.443root 11241100x80000000000000003867538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9115d06cd42e2b32021-12-22 11:52:31.443root 11241100x80000000000000003867539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac9f11f9d8dcdfb2021-12-22 11:52:31.943root 11241100x80000000000000003867540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40f89bc9806e3df2021-12-22 11:52:31.943root 11241100x80000000000000003867541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ae81cc364ba9722021-12-22 11:52:31.943root 11241100x80000000000000003867542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b641ee479200cd012021-12-22 11:52:31.943root 11241100x80000000000000003867543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d8d439a79081a62021-12-22 11:52:31.943root 11241100x80000000000000003867544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a750fd71b6f108f92021-12-22 11:52:31.943root 11241100x80000000000000003867545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d307af4dcc1a7842021-12-22 11:52:31.943root 11241100x80000000000000003867546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9460b67df64b53212021-12-22 11:52:31.943root 11241100x80000000000000003867547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507c14c38298ebd72021-12-22 11:52:32.443root 11241100x80000000000000003867548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc803724edb539492021-12-22 11:52:32.443root 11241100x80000000000000003867549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf70d400c54685882021-12-22 11:52:32.443root 11241100x80000000000000003867550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e61b23cbf46f712021-12-22 11:52:32.443root 11241100x80000000000000003867551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ec89d434030d5a2021-12-22 11:52:32.443root 11241100x80000000000000003867552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6518d50f5f3fc69f2021-12-22 11:52:32.443root 11241100x80000000000000003867553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c58ed68225d0e702021-12-22 11:52:32.443root 11241100x80000000000000003867554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f9c04f38b310e72021-12-22 11:52:32.443root 11241100x80000000000000003867555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9056a406291947c22021-12-22 11:52:32.943root 11241100x80000000000000003867556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a2e54b4561a3532021-12-22 11:52:32.943root 11241100x80000000000000003867557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56fe639d904c01c2021-12-22 11:52:32.943root 11241100x80000000000000003867558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2647a4c688d383792021-12-22 11:52:32.943root 11241100x80000000000000003867559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3085801acf7e8da2021-12-22 11:52:32.943root 11241100x80000000000000003867560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5b66006523c61c2021-12-22 11:52:32.943root 11241100x80000000000000003867561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b62a4b5035b58ca2021-12-22 11:52:32.943root 11241100x80000000000000003867562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97aa87e16cae0872021-12-22 11:52:32.944root 11241100x80000000000000003867563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:33.141{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-22 11:52:33.141root 354300x80000000000000003867564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:33.220{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55580-false10.0.1.12-8000- 11241100x80000000000000003867565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:33.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25bc43b6cfff9002021-12-22 11:52:33.221root 11241100x80000000000000003867566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:33.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54020084a919aed52021-12-22 11:52:33.222root 11241100x80000000000000003867567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:33.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f16e1a920230ff2021-12-22 11:52:33.222root 11241100x80000000000000003867568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:33.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed107c5ae7a6ef9f2021-12-22 11:52:33.222root 11241100x80000000000000003867569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:33.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5caed63df080ebd72021-12-22 11:52:33.222root 11241100x80000000000000003867570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:33.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4bb4b530da860ad2021-12-22 11:52:33.222root 11241100x80000000000000003867571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:33.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e811301013f7f4672021-12-22 11:52:33.222root 11241100x80000000000000003867572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:33.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34451cd76e4e2b82021-12-22 11:52:33.222root 11241100x80000000000000003867573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:33.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f544c1928957db52021-12-22 11:52:33.222root 11241100x80000000000000003867574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:33.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba19a205f7233552021-12-22 11:52:33.223root 11241100x80000000000000003867575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384214f094b68ad52021-12-22 11:52:33.693root 11241100x80000000000000003867576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a5b90e719f208a2021-12-22 11:52:33.693root 11241100x80000000000000003867577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2dae8cf475e55782021-12-22 11:52:33.693root 11241100x80000000000000003867578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3905adea2fb3122021-12-22 11:52:33.693root 11241100x80000000000000003867579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e98530ae6bfd62b2021-12-22 11:52:33.693root 11241100x80000000000000003867580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c134055b3147b9132021-12-22 11:52:33.693root 11241100x80000000000000003867581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9eec35cbb07d4072021-12-22 11:52:33.694root 11241100x80000000000000003867582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4969d5d565986a2021-12-22 11:52:33.694root 11241100x80000000000000003867583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930f403be09a5d472021-12-22 11:52:33.694root 11241100x80000000000000003867584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec3b620d10ad9792021-12-22 11:52:33.694root 354300x80000000000000003867585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:33.995{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-42646-false10.0.1.12-8089- 11241100x80000000000000003867586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:33.995{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e0348f863b90f22021-12-22 11:52:33.995root 11241100x80000000000000003867587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:33.996{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f3da3777a51e9c2021-12-22 11:52:33.996root 11241100x80000000000000003867588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:33.996{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9173fdddcb80ecf62021-12-22 11:52:33.996root 11241100x80000000000000003867589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:33.996{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d611b70707ea6772021-12-22 11:52:33.996root 11241100x80000000000000003867590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:33.996{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7378f821f7eae02021-12-22 11:52:33.996root 11241100x80000000000000003867591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:33.997{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2611438841eaf9dd2021-12-22 11:52:33.997root 11241100x80000000000000003867592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:33.997{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b5c604b624a9112021-12-22 11:52:33.997root 11241100x80000000000000003867593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:33.997{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e0fefc3f94233f2021-12-22 11:52:33.997root 11241100x80000000000000003867594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:33.997{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9967b7ed2f0dc712021-12-22 11:52:33.997root 11241100x80000000000000003867595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:33.998{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5420e732975ca42021-12-22 11:52:33.998root 11241100x80000000000000003867596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:33.998{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d4e5b7f746ba4d2021-12-22 11:52:33.998root 11241100x80000000000000003867597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70efed4d5362582f2021-12-22 11:52:34.443root 11241100x80000000000000003867598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b8d30d24f4f1592021-12-22 11:52:34.444root 11241100x80000000000000003867599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ffdeff57ec453e12021-12-22 11:52:34.444root 11241100x80000000000000003867600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2b5787e63c23ad2021-12-22 11:52:34.444root 11241100x80000000000000003867601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2042062ef5113b892021-12-22 11:52:34.444root 11241100x80000000000000003867602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c79e245e78d9f62021-12-22 11:52:34.444root 11241100x80000000000000003867603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65584c41d6383efa2021-12-22 11:52:34.444root 11241100x80000000000000003867604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00572a363fa71452021-12-22 11:52:34.444root 11241100x80000000000000003867605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfe13f4fe1da36a2021-12-22 11:52:34.444root 11241100x80000000000000003867606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b2f9cc0895353c2021-12-22 11:52:34.445root 11241100x80000000000000003867607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876229da5e42e3292021-12-22 11:52:34.445root 11241100x80000000000000003867608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2736d538a91535652021-12-22 11:52:34.943root 11241100x80000000000000003867609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9aa007be93c31f2021-12-22 11:52:34.943root 11241100x80000000000000003867610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093ec87ec95f943d2021-12-22 11:52:34.943root 11241100x80000000000000003867611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4c8c9e47e9118b2021-12-22 11:52:34.944root 11241100x80000000000000003867612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af18ed38a6dcdafb2021-12-22 11:52:34.944root 11241100x80000000000000003867613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef14d439b99233be2021-12-22 11:52:34.944root 11241100x80000000000000003867614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302ad829336a13942021-12-22 11:52:34.944root 11241100x80000000000000003867615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee542848367e0cda2021-12-22 11:52:34.944root 11241100x80000000000000003867616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9689891b189c5b2021-12-22 11:52:34.944root 11241100x80000000000000003867617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e194fe478dfd9c792021-12-22 11:52:34.944root 11241100x80000000000000003867618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07dbb0627e869952021-12-22 11:52:34.944root 11241100x80000000000000003867619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5f0e4a8c499fcb2021-12-22 11:52:35.443root 11241100x80000000000000003867620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a6a85d6634bd1e2021-12-22 11:52:35.443root 11241100x80000000000000003867621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ba871f350f83142021-12-22 11:52:35.443root 11241100x80000000000000003867622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888bb487fa388b132021-12-22 11:52:35.443root 11241100x80000000000000003867623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.915c83372c89d4c22021-12-22 11:52:35.443root 11241100x80000000000000003867624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e90a4df97c9a5f92021-12-22 11:52:35.443root 11241100x80000000000000003867625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab3cc38306e99cb2021-12-22 11:52:35.443root 11241100x80000000000000003867626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613173c4587aa1cd2021-12-22 11:52:35.444root 11241100x80000000000000003867627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1c523cf905cdd42021-12-22 11:52:35.444root 11241100x80000000000000003867628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84ee4fde070505e2021-12-22 11:52:35.444root 11241100x80000000000000003867629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6f16004357503e2021-12-22 11:52:35.444root 11241100x80000000000000003867630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7ff28e203e9b8c2021-12-22 11:52:35.943root 11241100x80000000000000003867631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c340b041b5bc3e2021-12-22 11:52:35.943root 11241100x80000000000000003867632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da5fb33f4f7d4a62021-12-22 11:52:35.943root 11241100x80000000000000003867633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8504a130775316e12021-12-22 11:52:35.943root 11241100x80000000000000003867634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89531ba5b997f2892021-12-22 11:52:35.944root 11241100x80000000000000003867635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c818d773c998e93d2021-12-22 11:52:35.944root 11241100x80000000000000003867636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebda857730cce91e2021-12-22 11:52:35.944root 11241100x80000000000000003867637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a22bcdb0b03c7af2021-12-22 11:52:35.944root 11241100x80000000000000003867638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4af3a89504708572021-12-22 11:52:35.944root 11241100x80000000000000003867639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e70826d4ef79c02021-12-22 11:52:35.945root 11241100x80000000000000003867640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a421c215858a952021-12-22 11:52:35.945root 23542300x80000000000000003867641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:36.142{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000003867642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b94c35acbe6f55d2021-12-22 11:52:36.443root 11241100x80000000000000003867643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a836241b1a3e612b2021-12-22 11:52:36.443root 11241100x80000000000000003867644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289de347a323688e2021-12-22 11:52:36.443root 11241100x80000000000000003867645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3362fde44a15212021-12-22 11:52:36.443root 11241100x80000000000000003867646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a14ac46354b52c2021-12-22 11:52:36.443root 11241100x80000000000000003867647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bc56c35395fe6e2021-12-22 11:52:36.444root 11241100x80000000000000003867648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56f94c04216fc0b2021-12-22 11:52:36.444root 11241100x80000000000000003867649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e929b804d280ea2021-12-22 11:52:36.444root 11241100x80000000000000003867650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b057be828e2615892021-12-22 11:52:36.444root 11241100x80000000000000003867651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfc12e7f052f7de2021-12-22 11:52:36.444root 11241100x80000000000000003867652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b6f8af9e94433a2021-12-22 11:52:36.444root 11241100x80000000000000003867653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae22086d9ce673c72021-12-22 11:52:36.444root 154100x80000000000000003867654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:36.685{ec2b6afe-1184-61c3-68d4-101d65550000}19141/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x80000000000000003867655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:36.696{ec2b6afe-1184-61c3-68d4-101d65550000}19141/bin/psroot 11241100x80000000000000003867656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a8a65237522dfd2021-12-22 11:52:36.698root 11241100x80000000000000003867657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3d096dbc9beae62021-12-22 11:52:36.698root 11241100x80000000000000003867658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8035ac17b472f32021-12-22 11:52:36.698root 11241100x80000000000000003867659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6800985ee049d61f2021-12-22 11:52:36.699root 11241100x80000000000000003867660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63bbade7e176bb72021-12-22 11:52:36.699root 11241100x80000000000000003867661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b497f07183fc18e2021-12-22 11:52:36.699root 11241100x80000000000000003867662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11782c4757fb35a52021-12-22 11:52:36.699root 11241100x80000000000000003867663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3589b311a8faca1f2021-12-22 11:52:36.699root 11241100x80000000000000003867664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4abb03897435c372021-12-22 11:52:36.699root 11241100x80000000000000003867665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5cca4815ea53e6c2021-12-22 11:52:36.699root 11241100x80000000000000003867666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:36.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4e6424eac0bcff2021-12-22 11:52:36.700root 11241100x80000000000000003867667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:36.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e28b0926fb2915c2021-12-22 11:52:36.700root 11241100x80000000000000003867668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:36.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba355be28c6640ca2021-12-22 11:52:36.700root 11241100x80000000000000003867669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:36.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b807910d768b0e12021-12-22 11:52:36.701root 11241100x80000000000000003867670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9cd28ac7f38ea872021-12-22 11:52:37.193root 11241100x80000000000000003867671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2238067b726187c02021-12-22 11:52:37.193root 11241100x80000000000000003867672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a11c1b8bef0e5d32021-12-22 11:52:37.193root 11241100x80000000000000003867673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a3795be69297732021-12-22 11:52:37.193root 11241100x80000000000000003867674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6756c6020f979a9e2021-12-22 11:52:37.194root 11241100x80000000000000003867675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0352de8450dbad22021-12-22 11:52:37.194root 11241100x80000000000000003867676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c40b5f619b51f22021-12-22 11:52:37.194root 11241100x80000000000000003867677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0fb48152a5907e2021-12-22 11:52:37.194root 11241100x80000000000000003867678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe3f74bc8f0d8c72021-12-22 11:52:37.194root 11241100x80000000000000003867679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdaaab14a32266a42021-12-22 11:52:37.194root 11241100x80000000000000003867680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ad1bb635a7e0442021-12-22 11:52:37.194root 11241100x80000000000000003867681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae65f2c2e088779f2021-12-22 11:52:37.194root 11241100x80000000000000003867682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6019f7f153671432021-12-22 11:52:37.194root 11241100x80000000000000003867683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3cc72a7674ecfa72021-12-22 11:52:37.194root 11241100x80000000000000003867684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa8d4146ce9d3082021-12-22 11:52:37.693root 11241100x80000000000000003867685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b5f56045ada35f2021-12-22 11:52:37.693root 11241100x80000000000000003867686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9d68febe1e00ae2021-12-22 11:52:37.693root 11241100x80000000000000003867687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45a5e8e6a85ea432021-12-22 11:52:37.693root 11241100x80000000000000003867688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a129a71b25723d142021-12-22 11:52:37.693root 11241100x80000000000000003867689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069295c43f0751c72021-12-22 11:52:37.693root 11241100x80000000000000003867690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038e87ab8b2060b82021-12-22 11:52:37.693root 11241100x80000000000000003867691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7594592c5ce682f2021-12-22 11:52:37.693root 11241100x80000000000000003867692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ad8dde511ecbf82021-12-22 11:52:37.694root 11241100x80000000000000003867693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c623112a648f99332021-12-22 11:52:37.694root 11241100x80000000000000003867694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e631224ee7d3d5482021-12-22 11:52:37.694root 11241100x80000000000000003867695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120792f536d4095e2021-12-22 11:52:37.694root 11241100x80000000000000003867696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167ac45a7585acd22021-12-22 11:52:37.694root 11241100x80000000000000003867697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9ce22f2fd235772021-12-22 11:52:37.694root 11241100x80000000000000003867698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec3897d6dc893992021-12-22 11:52:38.193root 11241100x80000000000000003867699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ce141641ad31fa2021-12-22 11:52:38.193root 11241100x80000000000000003867700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23f12375cb8aee82021-12-22 11:52:38.193root 11241100x80000000000000003867701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4147e38e3a435422021-12-22 11:52:38.193root 11241100x80000000000000003867702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffbb9d7caa67fde62021-12-22 11:52:38.193root 11241100x80000000000000003867703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2e87cb8ac2d09e2021-12-22 11:52:38.193root 11241100x80000000000000003867704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6b884f86ca89782021-12-22 11:52:38.193root 11241100x80000000000000003867705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e10362dcbbfcb82021-12-22 11:52:38.194root 11241100x80000000000000003867706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7cd09e926a74be2021-12-22 11:52:38.194root 11241100x80000000000000003867707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac36035cc350190b2021-12-22 11:52:38.194root 11241100x80000000000000003867708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6277daa42e945692021-12-22 11:52:38.194root 11241100x80000000000000003867709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357d8b99b50ce87f2021-12-22 11:52:38.194root 11241100x80000000000000003867710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a662d067ecc60f2021-12-22 11:52:38.194root 11241100x80000000000000003867711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7dfe3239721c522021-12-22 11:52:38.195root 11241100x80000000000000003867712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ffb0410effbb6c72021-12-22 11:52:38.693root 11241100x80000000000000003867713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7040a42bf4d4e0a52021-12-22 11:52:38.693root 11241100x80000000000000003867714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3690eb759c7e8c182021-12-22 11:52:38.694root 11241100x80000000000000003867715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf29d00e73e591ad2021-12-22 11:52:38.694root 11241100x80000000000000003867716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901627c7284964b92021-12-22 11:52:38.694root 11241100x80000000000000003867717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b910b20b9af9d572021-12-22 11:52:38.694root 11241100x80000000000000003867718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625db8018122dc0e2021-12-22 11:52:38.694root 11241100x80000000000000003867719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8881420fbc66f6612021-12-22 11:52:38.694root 11241100x80000000000000003867720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1301046af83c902021-12-22 11:52:38.694root 11241100x80000000000000003867721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bec761be59a13392021-12-22 11:52:38.694root 11241100x80000000000000003867722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf793f49f157d4132021-12-22 11:52:38.694root 11241100x80000000000000003867723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0d1dcea9d422572021-12-22 11:52:38.695root 11241100x80000000000000003867724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be831d39131d9db2021-12-22 11:52:38.695root 11241100x80000000000000003867725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7020ae541e57efa92021-12-22 11:52:38.695root 11241100x80000000000000003867726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5a8604d50767df2021-12-22 11:52:39.193root 11241100x80000000000000003867727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf9fe49e29070802021-12-22 11:52:39.193root 11241100x80000000000000003867728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fcccbfacbf5ac92021-12-22 11:52:39.193root 11241100x80000000000000003867729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7a2596dda149bb2021-12-22 11:52:39.193root 11241100x80000000000000003867730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eabdd4f1c6bf441e2021-12-22 11:52:39.193root 11241100x80000000000000003867731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8f29aa603ad4be2021-12-22 11:52:39.193root 11241100x80000000000000003867732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616270b6b9b0c8d92021-12-22 11:52:39.193root 11241100x80000000000000003867733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab91046ee5ec1412021-12-22 11:52:39.193root 11241100x80000000000000003867734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cdce218e13c18772021-12-22 11:52:39.194root 11241100x80000000000000003867735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f5cff61482cacf2021-12-22 11:52:39.194root 11241100x80000000000000003867736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f202d0013a4af1952021-12-22 11:52:39.194root 11241100x80000000000000003867737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf623051b00b13ec2021-12-22 11:52:39.194root 11241100x80000000000000003867738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3698c1bf68ac8b52021-12-22 11:52:39.194root 11241100x80000000000000003867739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ba34591c5e07e32021-12-22 11:52:39.194root 354300x80000000000000003867740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:39.195{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55584-false10.0.1.12-8000- 11241100x80000000000000003867741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deca700a19c949c02021-12-22 11:52:39.693root 11241100x80000000000000003867742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b79ca98d827b4b2021-12-22 11:52:39.693root 11241100x80000000000000003867743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07808c514fa0163c2021-12-22 11:52:39.693root 11241100x80000000000000003867744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3008de25e0569db72021-12-22 11:52:39.693root 11241100x80000000000000003867745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f949e119f74fa2b2021-12-22 11:52:39.693root 11241100x80000000000000003867746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642019e27d92bb232021-12-22 11:52:39.693root 11241100x80000000000000003867747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538d13c80b64ede12021-12-22 11:52:39.693root 11241100x80000000000000003867748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef533991454080b2021-12-22 11:52:39.693root 11241100x80000000000000003867749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ec928187ad0a5a2021-12-22 11:52:39.694root 11241100x80000000000000003867750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81bab37800152ccc2021-12-22 11:52:39.694root 11241100x80000000000000003867751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7b89d362a6b5392021-12-22 11:52:39.694root 11241100x80000000000000003867752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49afcf8cd2107612021-12-22 11:52:39.694root 11241100x80000000000000003867753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca94ae4aabadf5a2021-12-22 11:52:39.694root 11241100x80000000000000003867754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7788f596bd0551352021-12-22 11:52:39.694root 11241100x80000000000000003867755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93261687a9363e8d2021-12-22 11:52:39.694root 11241100x80000000000000003867756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd2a8e203e8ae092021-12-22 11:52:40.193root 11241100x80000000000000003867757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2540cb5190b4472021-12-22 11:52:40.193root 11241100x80000000000000003867758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7956552fd6e1ba12021-12-22 11:52:40.193root 11241100x80000000000000003867759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71310e55eb4ed22b2021-12-22 11:52:40.193root 11241100x80000000000000003867760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555a460ef1c5a33c2021-12-22 11:52:40.193root 11241100x80000000000000003867761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f428af4a879591e2021-12-22 11:52:40.193root 11241100x80000000000000003867762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5092be98d1de5c882021-12-22 11:52:40.193root 11241100x80000000000000003867763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5f9b85c884fd5f2021-12-22 11:52:40.193root 11241100x80000000000000003867764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b0b7b93a9235242021-12-22 11:52:40.194root 11241100x80000000000000003867765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc49a22aa24d541b2021-12-22 11:52:40.194root 11241100x80000000000000003867766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68e5de05659788d2021-12-22 11:52:40.194root 11241100x80000000000000003867767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5c715c28f81ac72021-12-22 11:52:40.194root 11241100x80000000000000003867768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c38a6c721428c72021-12-22 11:52:40.194root 11241100x80000000000000003867769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a446d2935ad5216b2021-12-22 11:52:40.194root 11241100x80000000000000003867770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f79244878a021d92021-12-22 11:52:40.194root 11241100x80000000000000003867771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904d1d22e1dfddd22021-12-22 11:52:40.693root 11241100x80000000000000003867772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a1f5cd0690a1112021-12-22 11:52:40.693root 11241100x80000000000000003867773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8848c60482d17e2021-12-22 11:52:40.693root 11241100x80000000000000003867774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33dba632f91a0ac32021-12-22 11:52:40.693root 11241100x80000000000000003867775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a1f2366bdc05652021-12-22 11:52:40.693root 11241100x80000000000000003867776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d16f18fa6b4caa82021-12-22 11:52:40.693root 11241100x80000000000000003867777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43af322350e08b4a2021-12-22 11:52:40.693root 11241100x80000000000000003867778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede2bd10a19085252021-12-22 11:52:40.694root 11241100x80000000000000003867779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1edf19657c2910d82021-12-22 11:52:40.694root 11241100x80000000000000003867780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4ecd5657e936662021-12-22 11:52:40.694root 11241100x80000000000000003867781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58cffe9893026c952021-12-22 11:52:40.694root 11241100x80000000000000003867782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f456ea58473728aa2021-12-22 11:52:40.694root 11241100x80000000000000003867783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4601820f681f172021-12-22 11:52:40.694root 11241100x80000000000000003867784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492ec16d0c9c90d62021-12-22 11:52:40.695root 11241100x80000000000000003867785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54746e912c77f0a92021-12-22 11:52:40.695root 11241100x80000000000000003867786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff284ba426c9f88f2021-12-22 11:52:41.193root 11241100x80000000000000003867787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8ebac9d18a41462021-12-22 11:52:41.193root 11241100x80000000000000003867788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f287c1304c30e3472021-12-22 11:52:41.193root 11241100x80000000000000003867789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dba286ffbfb1eb52021-12-22 11:52:41.193root 11241100x80000000000000003867790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff9a8a3dce4f6092021-12-22 11:52:41.193root 11241100x80000000000000003867791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8af8e9ed7b22332021-12-22 11:52:41.193root 11241100x80000000000000003867792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a556b68d49504c32021-12-22 11:52:41.194root 11241100x80000000000000003867793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb465285d6e984d42021-12-22 11:52:41.194root 11241100x80000000000000003867794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7196b91446812852021-12-22 11:52:41.194root 11241100x80000000000000003867795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca840c0cfbac52d2021-12-22 11:52:41.194root 11241100x80000000000000003867796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54f8b1118b1c81e2021-12-22 11:52:41.194root 11241100x80000000000000003867797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363fbc94356d9e512021-12-22 11:52:41.194root 11241100x80000000000000003867798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f06243496880aa42021-12-22 11:52:41.195root 11241100x80000000000000003867799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0056e814ba9a2872021-12-22 11:52:41.195root 11241100x80000000000000003867800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c14880b6ff8d042021-12-22 11:52:41.195root 11241100x80000000000000003867801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2ca0bef295ae852021-12-22 11:52:41.693root 11241100x80000000000000003867802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210907b5b01f7c7b2021-12-22 11:52:41.693root 11241100x80000000000000003867803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639acca3ae4079462021-12-22 11:52:41.693root 11241100x80000000000000003867804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9112b08a77abebaa2021-12-22 11:52:41.693root 11241100x80000000000000003867805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1530bb94f7610152021-12-22 11:52:41.693root 11241100x80000000000000003867806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9822f439822ee52021-12-22 11:52:41.693root 11241100x80000000000000003867807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c921adbf7b38b7f2021-12-22 11:52:41.693root 11241100x80000000000000003867808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba0a839c7332bd42021-12-22 11:52:41.693root 11241100x80000000000000003867809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6e8230cc754eab2021-12-22 11:52:41.694root 11241100x80000000000000003867810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b6ef07b50584ba2021-12-22 11:52:41.694root 11241100x80000000000000003867811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e07389eb563f482021-12-22 11:52:41.694root 11241100x80000000000000003867812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8de5c4b763013f2021-12-22 11:52:41.694root 11241100x80000000000000003867813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f9039a5e1547542021-12-22 11:52:41.694root 11241100x80000000000000003867814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82d5439fc1cc2942021-12-22 11:52:41.694root 11241100x80000000000000003867815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76adfce4cdc8ff682021-12-22 11:52:41.694root 11241100x80000000000000003867816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4cbef5fc77056d52021-12-22 11:52:42.193root 11241100x80000000000000003867817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776284aaf041ccf32021-12-22 11:52:42.193root 11241100x80000000000000003867818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c9e372e69295fb2021-12-22 11:52:42.193root 11241100x80000000000000003867819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042297935e2bf5642021-12-22 11:52:42.193root 11241100x80000000000000003867820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34da1ba0a5de34e2021-12-22 11:52:42.193root 11241100x80000000000000003867821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a723410e81d7227f2021-12-22 11:52:42.194root 11241100x80000000000000003867822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028473fc2001b3c02021-12-22 11:52:42.194root 11241100x80000000000000003867823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00efc259fe8b2f62021-12-22 11:52:42.194root 11241100x80000000000000003867824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ff8b504f8115332021-12-22 11:52:42.194root 11241100x80000000000000003867825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1d88f030e8e35f2021-12-22 11:52:42.194root 11241100x80000000000000003867826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd79078962726e512021-12-22 11:52:42.194root 11241100x80000000000000003867827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce13b3538ec0638c2021-12-22 11:52:42.194root 11241100x80000000000000003867828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e782498b0d7f422021-12-22 11:52:42.195root 11241100x80000000000000003867829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead387b17bd5ff772021-12-22 11:52:42.195root 11241100x80000000000000003867830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee5ad3dd860cc302021-12-22 11:52:42.195root 11241100x80000000000000003867831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3002d830b9b8e8062021-12-22 11:52:42.693root 11241100x80000000000000003867832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da42f714c7bc37812021-12-22 11:52:42.693root 11241100x80000000000000003867833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290ff8a338a0f0242021-12-22 11:52:42.693root 11241100x80000000000000003867834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9139a7a4b94dcf2021-12-22 11:52:42.693root 11241100x80000000000000003867835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70540531bf2250c82021-12-22 11:52:42.693root 11241100x80000000000000003867836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2db24fcbaad2e82021-12-22 11:52:42.694root 11241100x80000000000000003867837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ee3b0fe430d7b02021-12-22 11:52:42.694root 11241100x80000000000000003867838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96806f9e37aef012021-12-22 11:52:42.695root 11241100x80000000000000003867839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b26f690888a47d32021-12-22 11:52:42.695root 11241100x80000000000000003867840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2eb0de9287386e2021-12-22 11:52:42.695root 11241100x80000000000000003867841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6dabc5a373f7372021-12-22 11:52:42.695root 11241100x80000000000000003867842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e6294d79330e0a2021-12-22 11:52:42.696root 11241100x80000000000000003867843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2077ea52dcec3a2021-12-22 11:52:42.696root 11241100x80000000000000003867844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50a11cff47c3f262021-12-22 11:52:42.696root 11241100x80000000000000003867845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d5e5c04b3161a22021-12-22 11:52:42.696root 11241100x80000000000000003867846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b80367f088a21c2021-12-22 11:52:43.193root 11241100x80000000000000003867847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d245b722f119aa12021-12-22 11:52:43.193root 11241100x80000000000000003867848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946be95b07b2f8752021-12-22 11:52:43.194root 11241100x80000000000000003867849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155f48600112245c2021-12-22 11:52:43.194root 11241100x80000000000000003867850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a323332e474b6c8a2021-12-22 11:52:43.194root 11241100x80000000000000003867851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b0b42c8b0a4f772021-12-22 11:52:43.195root 11241100x80000000000000003867852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983aaed2664f315c2021-12-22 11:52:43.195root 11241100x80000000000000003867853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb929090184e14cb2021-12-22 11:52:43.195root 11241100x80000000000000003867854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19588b2b650d99982021-12-22 11:52:43.195root 11241100x80000000000000003867855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5471009d19ba3b2021-12-22 11:52:43.195root 11241100x80000000000000003867856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f00467461b90e12021-12-22 11:52:43.196root 11241100x80000000000000003867857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f726c36fa6411d2021-12-22 11:52:43.196root 11241100x80000000000000003867858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c4b300012a86be2021-12-22 11:52:43.196root 11241100x80000000000000003867859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9148f3a3d123d9f2021-12-22 11:52:43.196root 11241100x80000000000000003867860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839264cc2fd0d38d2021-12-22 11:52:43.196root 11241100x80000000000000003867861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71416bef99a0c7e2021-12-22 11:52:43.693root 11241100x80000000000000003867862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4abcaf8cc027002021-12-22 11:52:43.693root 11241100x80000000000000003867863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd0365c567ab1ed2021-12-22 11:52:43.693root 11241100x80000000000000003867864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6635b66dbcc1932021-12-22 11:52:43.693root 11241100x80000000000000003867865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48c8f2cbdeea8d22021-12-22 11:52:43.693root 11241100x80000000000000003867866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e3009f750c49ab2021-12-22 11:52:43.693root 11241100x80000000000000003867867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c936f34bdc61342021-12-22 11:52:43.694root 11241100x80000000000000003867868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6490a6817305404e2021-12-22 11:52:43.694root 11241100x80000000000000003867869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98cf31bdad8cc1f2021-12-22 11:52:43.694root 11241100x80000000000000003867870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44acdc5c667033c32021-12-22 11:52:43.695root 11241100x80000000000000003867871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca530a7d1a068c52021-12-22 11:52:43.695root 11241100x80000000000000003867872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15672b15547b39aa2021-12-22 11:52:43.695root 11241100x80000000000000003867873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46c3ca7a2e2c6132021-12-22 11:52:43.695root 11241100x80000000000000003867874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581444fea095511b2021-12-22 11:52:43.696root 11241100x80000000000000003867875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5290631638a38a2021-12-22 11:52:43.696root 11241100x80000000000000003867876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8983c4cf048d6e212021-12-22 11:52:44.193root 11241100x80000000000000003867877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222d56d009d605552021-12-22 11:52:44.193root 11241100x80000000000000003867878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ccdf63cab5c6482021-12-22 11:52:44.193root 11241100x80000000000000003867879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e034418d6d6996b2021-12-22 11:52:44.193root 11241100x80000000000000003867880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0a90d69806b5972021-12-22 11:52:44.193root 11241100x80000000000000003867881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a3aa323255443d2021-12-22 11:52:44.193root 11241100x80000000000000003867882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65cbaf1effdcbc52021-12-22 11:52:44.193root 11241100x80000000000000003867883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a716c831e6026152021-12-22 11:52:44.193root 11241100x80000000000000003867884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f37c25c3f5c1b22021-12-22 11:52:44.194root 11241100x80000000000000003867885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27452833b5638872021-12-22 11:52:44.194root 11241100x80000000000000003867886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec69de8bc7752962021-12-22 11:52:44.194root 11241100x80000000000000003867887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9ff6988519c4ef2021-12-22 11:52:44.194root 11241100x80000000000000003867888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f54c484d8bc621c2021-12-22 11:52:44.194root 11241100x80000000000000003867889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281df170568662632021-12-22 11:52:44.194root 11241100x80000000000000003867890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595a5ac0439b6d6c2021-12-22 11:52:44.194root 11241100x80000000000000003867891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa6a75630062d9d2021-12-22 11:52:44.693root 11241100x80000000000000003867892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a991a02c55ef68972021-12-22 11:52:44.693root 11241100x80000000000000003867893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3be6df37ccaff602021-12-22 11:52:44.693root 11241100x80000000000000003867894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe8f411c9c9c6522021-12-22 11:52:44.694root 11241100x80000000000000003867895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd3252be824e1562021-12-22 11:52:44.694root 11241100x80000000000000003867896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fec4d11f77584762021-12-22 11:52:44.694root 11241100x80000000000000003867897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6ee1a538e5b35f2021-12-22 11:52:44.694root 11241100x80000000000000003867898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efecd21c8a7914002021-12-22 11:52:44.694root 11241100x80000000000000003867899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08204e90a39f18f02021-12-22 11:52:44.694root 11241100x80000000000000003867900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd61e16307e491212021-12-22 11:52:44.695root 11241100x80000000000000003867901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e7406deac6e4c52021-12-22 11:52:44.695root 11241100x80000000000000003867902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebbddac0cce7ad7e2021-12-22 11:52:44.695root 11241100x80000000000000003867903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142857cc7f47436d2021-12-22 11:52:44.695root 11241100x80000000000000003867904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb47458791682bd2021-12-22 11:52:44.695root 11241100x80000000000000003867905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f629a26f2a6b907f2021-12-22 11:52:44.695root 354300x80000000000000003867906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.059{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55586-false10.0.1.12-8000- 11241100x80000000000000003867907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.060{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55af6db083867b262021-12-22 11:52:45.060root 11241100x80000000000000003867908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.060{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0b50a646f85db52021-12-22 11:52:45.060root 11241100x80000000000000003867909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.060{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7bcc0d77a5b4722021-12-22 11:52:45.060root 11241100x80000000000000003867910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.060{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70011abc1aba05272021-12-22 11:52:45.060root 11241100x80000000000000003867911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.060{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc51a830f18af7c2021-12-22 11:52:45.060root 11241100x80000000000000003867912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.060{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbdbbf7db7fb9562021-12-22 11:52:45.060root 11241100x80000000000000003867913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.060{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e889eec9d132652021-12-22 11:52:45.060root 11241100x80000000000000003867914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.061{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68785d584537a6df2021-12-22 11:52:45.061root 11241100x80000000000000003867915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.061{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9f66555fea91aa2021-12-22 11:52:45.061root 11241100x80000000000000003867916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.061{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3045be8fb14c62f2021-12-22 11:52:45.061root 11241100x80000000000000003867917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.061{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafb5bc3d352db7a2021-12-22 11:52:45.061root 11241100x80000000000000003867918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.061{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03913b61ebdc9772021-12-22 11:52:45.061root 11241100x80000000000000003867919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.061{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5268fe5a7943f592021-12-22 11:52:45.061root 11241100x80000000000000003867920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.061{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624b1df6b5c6ae852021-12-22 11:52:45.061root 11241100x80000000000000003867921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.061{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994f4cfd5a2e9cbb2021-12-22 11:52:45.061root 11241100x80000000000000003867922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.061{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647c94ea60ebacc82021-12-22 11:52:45.061root 154100x80000000000000003867923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.346{ec2b6afe-118d-61c3-085e-32ac88550000}19142/usr/bin/sudo-----sudo ./run_dllhook/home/ubuntuubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 11241100x80000000000000003867924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3b8ec945ac8a2c2021-12-22 11:52:45.348root 11241100x80000000000000003867925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37226a28980448012021-12-22 11:52:45.348root 11241100x80000000000000003867926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612e248216b80aaa2021-12-22 11:52:45.348root 11241100x80000000000000003867927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a94eed7566eb7d2021-12-22 11:52:45.348root 11241100x80000000000000003867928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635a19e5bac213352021-12-22 11:52:45.348root 11241100x80000000000000003867929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25cb1cf99a882c2c2021-12-22 11:52:45.348root 11241100x80000000000000003867930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265c356944f1baf22021-12-22 11:52:45.348root 11241100x80000000000000003867931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c438f10d048537e2021-12-22 11:52:45.349root 11241100x80000000000000003867932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7ac137d8c83e0c2021-12-22 11:52:45.349root 11241100x80000000000000003867933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1206c5a5640b0e442021-12-22 11:52:45.349root 11241100x80000000000000003867934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f08d900255618b2021-12-22 11:52:45.349root 11241100x80000000000000003867935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf39e3edecbc6df2021-12-22 11:52:45.349root 11241100x80000000000000003867936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16a3a687b231bf32021-12-22 11:52:45.349root 11241100x80000000000000003867937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fdb1e7c728095022021-12-22 11:52:45.349root 11241100x80000000000000003867938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad02977848b02192021-12-22 11:52:45.349root 11241100x80000000000000003867939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e046f4f7c12ae92021-12-22 11:52:45.349root 354300x80000000000000003867940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.352{ec2b6afe-118d-61c3-085e-32ac88550000}19142/usr/bin/sudoubuntuudptruefalse127.0.0.1-44338-false127.0.0.53-53- 354300x80000000000000003867941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.353{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-37246-false10.0.0.2-53- 354300x80000000000000003867942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.353{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-60713-false10.0.0.2-53- 354300x80000000000000003867943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.353{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-44338- 354300x80000000000000003867944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.354{ec2b6afe-118d-61c3-085e-32ac88550000}19142/usr/bin/sudoubuntuudptruefalse127.0.0.1-33294-false127.0.0.53-53- 354300x80000000000000003867945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.354{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-33294- 154100x80000000000000003867946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.359{ec2b6afe-118d-61c3-b8b8-503a93550000}19143/home/ubuntu/run_dllhook-----./run_dllhook/home/ubunturoot{ec2b6afe-0000-0000-0000-000000000000}033no level-{ec2b6afe-118d-61c3-085e-32ac88550000}19142/usr/bin/sudosudoubuntu 534500x80000000000000003867947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.359{ec2b6afe-118d-61c3-b8b8-503a93550000}19143/home/ubuntu/run_dllhookroot 154100x80000000000000003867948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.359{ec2b6afe-118d-61c3-68f2-36b782550000}19145/bin/dash-----sh -c #/bin/bash LD_PRELOAD=./myfopen.so ./prog/home/ubunturoot{ec2b6afe-0000-0000-0000-000000000000}033no level-{00000000-0000-0000-0000-000000000000}19144--- 534500x80000000000000003867949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.360{ec2b6afe-118d-61c3-085e-32ac88550000}19142/usr/bin/sudoroot 154100x80000000000000003867950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.360{ec2b6afe-118d-61c3-1049-0150c7550000}19146/home/ubuntu/prog-----./prog/home/ubunturoot{ec2b6afe-0000-0000-0000-000000000000}033no level-{ec2b6afe-118d-61c3-68f2-36b782550000}19145/bin/dashshroot 534500x80000000000000003867951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.361{ec2b6afe-118d-61c3-1049-0150c7550000}19146/home/ubuntu/progroot 534500x80000000000000003867952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.361{ec2b6afe-118d-61c3-68f2-36b782550000}19145/bin/dashroot 534500x80000000000000003867953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.361{ec2b6afe-118d-61c3-0000-000000000000}19144-root 11241100x80000000000000003867954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e049b9820a45b542021-12-22 11:52:45.693root 11241100x80000000000000003867955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482254be7f23590f2021-12-22 11:52:45.693root 11241100x80000000000000003867956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e61aa081eaad98c2021-12-22 11:52:45.693root 11241100x80000000000000003867957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf3469205f0abb02021-12-22 11:52:45.693root 11241100x80000000000000003867958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9420a2fb8a39dd2021-12-22 11:52:45.693root 11241100x80000000000000003867959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9085595af735083c2021-12-22 11:52:45.693root 11241100x80000000000000003867960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a129a580b336141e2021-12-22 11:52:45.693root 11241100x80000000000000003867961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2ac34410463cd92021-12-22 11:52:45.694root 11241100x80000000000000003867962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31701d140630e452021-12-22 11:52:45.694root 11241100x80000000000000003867963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f6e11b6df0e5ba2021-12-22 11:52:45.694root 11241100x80000000000000003867964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155a68dbc704b7a92021-12-22 11:52:45.694root 11241100x80000000000000003867965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1db7ba8bd59f3382021-12-22 11:52:45.694root 11241100x80000000000000003867966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e9e9b54c7858d12021-12-22 11:52:45.694root 11241100x80000000000000003867967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7578c41c907eba2021-12-22 11:52:45.694root 11241100x80000000000000003867968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ea1beaef5c15172021-12-22 11:52:45.694root 11241100x80000000000000003867969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc9c978c3f6acd82021-12-22 11:52:45.694root 11241100x80000000000000003867970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2594b6e2cf6d28f2021-12-22 11:52:45.694root 11241100x80000000000000003867971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c986b8e537545a2021-12-22 11:52:45.695root 11241100x80000000000000003867972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237210880dad29f42021-12-22 11:52:45.695root 11241100x80000000000000003867973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472fefa91b30fc4c2021-12-22 11:52:45.695root 11241100x80000000000000003867974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8513c9b4acd214702021-12-22 11:52:45.695root 11241100x80000000000000003867975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625d42aad38d03162021-12-22 11:52:45.695root 11241100x80000000000000003867976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86154ea813ffb8072021-12-22 11:52:45.696root 11241100x80000000000000003867977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90374c03e246d4832021-12-22 11:52:45.696root 11241100x80000000000000003867978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f689620082c93d712021-12-22 11:52:45.696root 11241100x80000000000000003867979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521a478a97e81d862021-12-22 11:52:45.696root 11241100x80000000000000003867980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80778462e96f35362021-12-22 11:52:45.697root 11241100x80000000000000003867981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01a28c6ca5d6ecf2021-12-22 11:52:45.697root 11241100x80000000000000003867982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58737fe8f648a78f2021-12-22 11:52:45.697root 11241100x80000000000000003867983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ba224bbdd206c12021-12-22 11:52:45.698root 11241100x80000000000000003867984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:45.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6cb63f4365cef82021-12-22 11:52:45.698root 11241100x80000000000000003867985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d64a15821b873f2021-12-22 11:52:46.193root 11241100x80000000000000003867986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b65fc9d80bdc7682021-12-22 11:52:46.194root 11241100x80000000000000003867987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861a0f7974211a1d2021-12-22 11:52:46.194root 11241100x80000000000000003867988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec019830769d606c2021-12-22 11:52:46.195root 11241100x80000000000000003867989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd02b22a8d0639c92021-12-22 11:52:46.195root 11241100x80000000000000003867990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c6f88a209083472021-12-22 11:52:46.196root 11241100x80000000000000003867991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2e26d92e7287122021-12-22 11:52:46.196root 11241100x80000000000000003867992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a97c3376b4e4ac2021-12-22 11:52:46.196root 11241100x80000000000000003867993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca650e06b4f070af2021-12-22 11:52:46.197root 11241100x80000000000000003867994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef272c50b0f782512021-12-22 11:52:46.197root 11241100x80000000000000003867995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe94da0d22132a762021-12-22 11:52:46.198root 11241100x80000000000000003867996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f175e39450e5fc322021-12-22 11:52:46.198root 11241100x80000000000000003867997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df3549827d7f7552021-12-22 11:52:46.198root 11241100x80000000000000003867998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34604311c672e0c32021-12-22 11:52:46.199root 11241100x80000000000000003867999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8294b7b6a36b5222021-12-22 11:52:46.199root 11241100x80000000000000003868000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a0cbc67b520ede2021-12-22 11:52:46.199root 11241100x80000000000000003868001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3d64d4fba1456f2021-12-22 11:52:46.200root 11241100x80000000000000003868002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca43390c79d018722021-12-22 11:52:46.200root 11241100x80000000000000003868003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db13dd3b0f23a6512021-12-22 11:52:46.200root 11241100x80000000000000003868004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f2a1350291a4512021-12-22 11:52:46.200root 11241100x80000000000000003868005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac0a8673162ff2e52021-12-22 11:52:46.200root 11241100x80000000000000003868006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b0665bd4e6d6f22021-12-22 11:52:46.200root 11241100x80000000000000003868007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ff6364faecaaa22021-12-22 11:52:46.200root 11241100x80000000000000003868008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab22b517a0644872021-12-22 11:52:46.200root 11241100x80000000000000003868009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783e0579cc81a2a52021-12-22 11:52:46.201root 11241100x80000000000000003868010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1c4c4a6a0d0b552021-12-22 11:52:46.201root 11241100x80000000000000003868011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44edf9f226cbcce22021-12-22 11:52:46.201root 11241100x80000000000000003868012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcf3351a986c5f32021-12-22 11:52:46.201root 11241100x80000000000000003868013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dcd45d5aba67fd72021-12-22 11:52:46.201root 11241100x80000000000000003868014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728906279d6d77452021-12-22 11:52:46.201root 11241100x80000000000000003868015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b822c70531aef2ba2021-12-22 11:52:46.201root 11241100x80000000000000003868016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d35e2e99662ee22021-12-22 11:52:46.201root 11241100x80000000000000003868017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92ee06d4c7a22a62021-12-22 11:52:46.693root 11241100x80000000000000003868018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815a518eb180c3d72021-12-22 11:52:46.693root 11241100x80000000000000003868019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c1ba8995a618ea2021-12-22 11:52:46.694root 11241100x80000000000000003868020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9615f5a78d07d9042021-12-22 11:52:46.694root 11241100x80000000000000003868021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65046645c58ee772021-12-22 11:52:46.695root 11241100x80000000000000003868022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378ed87a3e3700842021-12-22 11:52:46.695root 11241100x80000000000000003868023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23eb4450235119e2021-12-22 11:52:46.695root 11241100x80000000000000003868024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f9063691fd53c72021-12-22 11:52:46.695root 11241100x80000000000000003868025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eed2e1ad84d3bfc2021-12-22 11:52:46.695root 11241100x80000000000000003868026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a01d0eeaf203832021-12-22 11:52:46.695root 11241100x80000000000000003868027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5007cba2195976402021-12-22 11:52:46.695root 11241100x80000000000000003868028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1700c2a27b87932a2021-12-22 11:52:46.695root 11241100x80000000000000003868029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea008e086bf4d09c2021-12-22 11:52:46.695root 11241100x80000000000000003868030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f89ea0b41d869c32021-12-22 11:52:46.695root 11241100x80000000000000003868031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b3a6636ecd4fd22021-12-22 11:52:46.695root 11241100x80000000000000003868032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225cb7e0a43f55382021-12-22 11:52:46.695root 11241100x80000000000000003868033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ebfbe5b35cc311f2021-12-22 11:52:46.695root 11241100x80000000000000003868034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0926ae9828a792ab2021-12-22 11:52:46.695root 11241100x80000000000000003868035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6667d0ff8b9de5a72021-12-22 11:52:46.696root 11241100x80000000000000003868036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8decb5da25e3c1782021-12-22 11:52:46.696root 11241100x80000000000000003868037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27ed0177c8e7e8e2021-12-22 11:52:46.696root 11241100x80000000000000003868038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e387d75e343c61c2021-12-22 11:52:46.696root 11241100x80000000000000003868039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f463ac8c60a1a23a2021-12-22 11:52:46.696root 11241100x80000000000000003868040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc65bd7effd06cc22021-12-22 11:52:46.696root 11241100x80000000000000003868041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564bc85295f508842021-12-22 11:52:46.696root 11241100x80000000000000003868042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6975614f2091f4ff2021-12-22 11:52:46.696root 11241100x80000000000000003868043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66c869996d9695c2021-12-22 11:52:46.696root 11241100x80000000000000003868044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02400387a28d6a522021-12-22 11:52:46.696root 11241100x80000000000000003868045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40b42d6d0a2d81e2021-12-22 11:52:46.696root 11241100x80000000000000003868046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99cb771714eb42572021-12-22 11:52:46.696root 11241100x80000000000000003868047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ac4ec8a31da50d2021-12-22 11:52:46.696root 11241100x80000000000000003868048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6731b7f11ff5faa42021-12-22 11:52:46.697root 11241100x80000000000000003868049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:46.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343b60867599d7402021-12-22 11:52:46.697root 11241100x80000000000000003868050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c42a07f930171942021-12-22 11:52:47.193root 11241100x80000000000000003868051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523c159b80fe6c9c2021-12-22 11:52:47.193root 11241100x80000000000000003868052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ed0435bccf35072021-12-22 11:52:47.193root 11241100x80000000000000003868053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f273b50d82d3602021-12-22 11:52:47.194root 11241100x80000000000000003868054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38dc5577d7b9a6752021-12-22 11:52:47.194root 11241100x80000000000000003868055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb16be75644a05c62021-12-22 11:52:47.194root 11241100x80000000000000003868056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf4889f0578c5992021-12-22 11:52:47.194root 11241100x80000000000000003868057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259e99ee30075f392021-12-22 11:52:47.194root 11241100x80000000000000003868058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68373c429a464d332021-12-22 11:52:47.194root 11241100x80000000000000003868059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d862438edda1c92021-12-22 11:52:47.194root 11241100x80000000000000003868060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a303fec12741f42021-12-22 11:52:47.194root 11241100x80000000000000003868061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ab571bcb97cfb32021-12-22 11:52:47.194root 11241100x80000000000000003868062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13d650489303d2c2021-12-22 11:52:47.194root 11241100x80000000000000003868063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c460521c23232142021-12-22 11:52:47.195root 11241100x80000000000000003868064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc9325f112a4e8b2021-12-22 11:52:47.195root 11241100x80000000000000003868065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091146e6e4733c682021-12-22 11:52:47.195root 11241100x80000000000000003868066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19430a8609c44e222021-12-22 11:52:47.195root 11241100x80000000000000003868067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9281bc37d9d8ec2021-12-22 11:52:47.195root 11241100x80000000000000003868068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce016afd2da0c10a2021-12-22 11:52:47.195root 11241100x80000000000000003868069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790deff7755d65002021-12-22 11:52:47.195root 11241100x80000000000000003868070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae1f7437d4dd2c62021-12-22 11:52:47.195root 11241100x80000000000000003868071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7422ee86a6451a502021-12-22 11:52:47.196root 11241100x80000000000000003868072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ecaafb3463213d2021-12-22 11:52:47.196root 11241100x80000000000000003868073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd2e123a8ebc18e2021-12-22 11:52:47.196root 11241100x80000000000000003868074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645f6c6aa13553f92021-12-22 11:52:47.196root 11241100x80000000000000003868075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d4a411d56087f72021-12-22 11:52:47.196root 11241100x80000000000000003868076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efffeb5a9995f6092021-12-22 11:52:47.196root 11241100x80000000000000003868077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d947e12c957220f72021-12-22 11:52:47.196root 11241100x80000000000000003868078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc857ba674482692021-12-22 11:52:47.196root 11241100x80000000000000003868079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894e6476a763aea12021-12-22 11:52:47.197root 11241100x80000000000000003868080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.befa27ba50bd3e0f2021-12-22 11:52:47.197root 11241100x80000000000000003868081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d77b7ec92649392021-12-22 11:52:47.693root 11241100x80000000000000003868082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f65271f5623af562021-12-22 11:52:47.694root 11241100x80000000000000003868083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2adcff8778e0edb62021-12-22 11:52:47.694root 11241100x80000000000000003868084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163feb3013439f832021-12-22 11:52:47.694root 11241100x80000000000000003868085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81657b69a1a158f2021-12-22 11:52:47.694root 11241100x80000000000000003868086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b38bc1ad5af86de92021-12-22 11:52:47.694root 11241100x80000000000000003868087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2159adc3dc4a5cae2021-12-22 11:52:47.694root 11241100x80000000000000003868088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29651eea686fa5132021-12-22 11:52:47.694root 11241100x80000000000000003868089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c16b21f27eef3332021-12-22 11:52:47.694root 11241100x80000000000000003868090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fb30541637c60c2021-12-22 11:52:47.694root 11241100x80000000000000003868091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8937d7f0803301d32021-12-22 11:52:47.694root 11241100x80000000000000003868092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83913a4e3e3f0aef2021-12-22 11:52:47.695root 11241100x80000000000000003868093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae6c30664f6b3132021-12-22 11:52:47.695root 11241100x80000000000000003868094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ae7c68096f2f642021-12-22 11:52:47.695root 11241100x80000000000000003868095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5526be4b7878f72021-12-22 11:52:47.695root 11241100x80000000000000003868096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93dfe50be2b4d4352021-12-22 11:52:47.695root 11241100x80000000000000003868097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc19d02fee5f6632021-12-22 11:52:47.695root 11241100x80000000000000003868098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf9c228032a7b742021-12-22 11:52:47.695root 11241100x80000000000000003868099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4364401dc60f92b22021-12-22 11:52:47.695root 11241100x80000000000000003868100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37acc593adce3512021-12-22 11:52:47.695root 11241100x80000000000000003868101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790067aef92f829a2021-12-22 11:52:47.696root 11241100x80000000000000003868102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5883d81045d246512021-12-22 11:52:47.696root 11241100x80000000000000003868103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e8cc13f8a3e54d2021-12-22 11:52:47.696root 11241100x80000000000000003868104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921cd44db7da7d542021-12-22 11:52:47.696root 11241100x80000000000000003868105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b33724c9040532a2021-12-22 11:52:47.696root 11241100x80000000000000003868106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a279b906a66aa3dd2021-12-22 11:52:47.696root 11241100x80000000000000003868107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958ba9efb33407142021-12-22 11:52:47.696root 11241100x80000000000000003868108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7752eb14899d27052021-12-22 11:52:47.696root 11241100x80000000000000003868109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e2908f1e74d7c02021-12-22 11:52:47.697root 11241100x80000000000000003868110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8860c83b8011aaa2021-12-22 11:52:47.697root 11241100x80000000000000003868111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:47.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8932c6db98db8f212021-12-22 11:52:47.697root 11241100x80000000000000003868112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfaffc53049c4e142021-12-22 11:52:48.193root 11241100x80000000000000003868113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc52d1f7478f85372021-12-22 11:52:48.194root 11241100x80000000000000003868114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de775aadd6bd85ae2021-12-22 11:52:48.194root 11241100x80000000000000003868115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a47f1aacabd66922021-12-22 11:52:48.194root 11241100x80000000000000003868116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383f8c42a115617a2021-12-22 11:52:48.194root 11241100x80000000000000003868117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52bd8bc4adf772512021-12-22 11:52:48.194root 11241100x80000000000000003868118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0199317cfbe2f3f52021-12-22 11:52:48.194root 11241100x80000000000000003868119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc52eb6774e88162021-12-22 11:52:48.195root 11241100x80000000000000003868120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94a29e9b54589682021-12-22 11:52:48.195root 11241100x80000000000000003868121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191e90186b8262cd2021-12-22 11:52:48.195root 11241100x80000000000000003868122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb3d1521accb7ee2021-12-22 11:52:48.195root 11241100x80000000000000003868123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f386650d4f60ef12021-12-22 11:52:48.195root 11241100x80000000000000003868124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd418cb04954afa2021-12-22 11:52:48.195root 11241100x80000000000000003868125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1592fb84a76d59282021-12-22 11:52:48.195root 11241100x80000000000000003868126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a41e18a52edf772021-12-22 11:52:48.195root 11241100x80000000000000003868127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f20a9679a59ba762021-12-22 11:52:48.195root 11241100x80000000000000003868128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed5a4d43ee4ce8e2021-12-22 11:52:48.195root 11241100x80000000000000003868129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfda958cbd14e1682021-12-22 11:52:48.196root 11241100x80000000000000003868130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36071f7779a983c92021-12-22 11:52:48.196root 11241100x80000000000000003868131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54eabe76bb7088b2021-12-22 11:52:48.196root 11241100x80000000000000003868132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7498e8c60773ef02021-12-22 11:52:48.196root 11241100x80000000000000003868133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955c5526ba1032d82021-12-22 11:52:48.196root 11241100x80000000000000003868134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9a30a940fc08852021-12-22 11:52:48.196root 11241100x80000000000000003868135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510ca6b6c639b99c2021-12-22 11:52:48.196root 11241100x80000000000000003868136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d33c55fe0fd30262021-12-22 11:52:48.196root 11241100x80000000000000003868137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75645259d371a072021-12-22 11:52:48.196root 11241100x80000000000000003868138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5ead671a32d21c2021-12-22 11:52:48.196root 11241100x80000000000000003868139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc6361a8a7635612021-12-22 11:52:48.197root 11241100x80000000000000003868140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3832ca72cdbac72021-12-22 11:52:48.197root 11241100x80000000000000003868141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0e6e2c22e41d9c2021-12-22 11:52:48.197root 11241100x80000000000000003868142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e3852a05e6d2a192021-12-22 11:52:48.197root 11241100x80000000000000003868143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f20c07a86e58bf22021-12-22 11:52:48.693root 11241100x80000000000000003868144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a28b03042c181e2021-12-22 11:52:48.694root 11241100x80000000000000003868145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c64ea937d376232021-12-22 11:52:48.694root 11241100x80000000000000003868146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c1f587e85e7bc72021-12-22 11:52:48.694root 11241100x80000000000000003868147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68ccd321fea645a2021-12-22 11:52:48.694root 11241100x80000000000000003868148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a558b5c35df8b3e82021-12-22 11:52:48.694root 11241100x80000000000000003868149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e365e6507acaf6102021-12-22 11:52:48.694root 11241100x80000000000000003868150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1ff886d2f953122021-12-22 11:52:48.694root 11241100x80000000000000003868151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba74bf7f2a1f4472021-12-22 11:52:48.694root 11241100x80000000000000003868152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d636ff8f8abd8d72021-12-22 11:52:48.695root 11241100x80000000000000003868153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e3b52866769f452021-12-22 11:52:48.695root 11241100x80000000000000003868154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d4ec4ce64f5168b2021-12-22 11:52:48.695root 11241100x80000000000000003868155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6557aad4fb3588d72021-12-22 11:52:48.695root 11241100x80000000000000003868156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd3ab164ad41bf32021-12-22 11:52:48.695root 11241100x80000000000000003868157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f17ba5f9a9203282021-12-22 11:52:48.695root 11241100x80000000000000003868158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12631893cf1ac91c2021-12-22 11:52:48.695root 11241100x80000000000000003868159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e87a3cb8d00e0672021-12-22 11:52:48.695root 11241100x80000000000000003868160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75faf131a76a7f0f2021-12-22 11:52:48.695root 11241100x80000000000000003868161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2885ae8a2f93b83f2021-12-22 11:52:48.696root 11241100x80000000000000003868162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47113cf4aee56aae2021-12-22 11:52:48.696root 11241100x80000000000000003868163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d73f5a5f904f8c2021-12-22 11:52:48.696root 11241100x80000000000000003868164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22eb66e0c8f5cf1a2021-12-22 11:52:48.696root 11241100x80000000000000003868165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd59c32cee8405f2021-12-22 11:52:48.696root 11241100x80000000000000003868166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421965849229eb2b2021-12-22 11:52:48.696root 11241100x80000000000000003868167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d668b79198aad52021-12-22 11:52:48.696root 11241100x80000000000000003868168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a71757176ea4572021-12-22 11:52:48.696root 11241100x80000000000000003868169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ba9ec89f333fe72021-12-22 11:52:48.696root 11241100x80000000000000003868170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2ddfdb5c6562512021-12-22 11:52:48.696root 11241100x80000000000000003868171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8953f2c2413d30922021-12-22 11:52:48.697root 11241100x80000000000000003868172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f0b0fd91e91b3f2021-12-22 11:52:48.697root 11241100x80000000000000003868173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:48.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d45a0f3bf6710ae2021-12-22 11:52:48.697root 11241100x80000000000000003868174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b78e88240a28142021-12-22 11:52:49.192root 11241100x80000000000000003868175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde1d4e8e2f9cb3d2021-12-22 11:52:49.193root 11241100x80000000000000003868176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3ca57202f951752021-12-22 11:52:49.193root 11241100x80000000000000003868177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc3726eea3509a92021-12-22 11:52:49.193root 11241100x80000000000000003868178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045e9d70b9d5c3d02021-12-22 11:52:49.193root 11241100x80000000000000003868179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b49b1148e553e962021-12-22 11:52:49.193root 11241100x80000000000000003868180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4aa2622958c3afc2021-12-22 11:52:49.193root 11241100x80000000000000003868181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471fd700afabf9a82021-12-22 11:52:49.193root 11241100x80000000000000003868182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9ef6bc21414d722021-12-22 11:52:49.194root 11241100x80000000000000003868183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956c900059faa4822021-12-22 11:52:49.194root 11241100x80000000000000003868184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978ac9616b2bae582021-12-22 11:52:49.194root 11241100x80000000000000003868185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146a6e32f32000ed2021-12-22 11:52:49.194root 11241100x80000000000000003868186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e587b5861599982a2021-12-22 11:52:49.194root 11241100x80000000000000003868187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59659a3eb418af12021-12-22 11:52:49.194root 11241100x80000000000000003868188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50779053736ad7e22021-12-22 11:52:49.195root 11241100x80000000000000003868189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045042eb326b9c022021-12-22 11:52:49.195root 11241100x80000000000000003868190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12c90828fdee02e2021-12-22 11:52:49.195root 11241100x80000000000000003868191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5d224280763bba2021-12-22 11:52:49.195root 11241100x80000000000000003868192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945423f0533c55b12021-12-22 11:52:49.195root 11241100x80000000000000003868193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626f1724e42ee7a12021-12-22 11:52:49.195root 11241100x80000000000000003868194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0123eb5215b7e60f2021-12-22 11:52:49.196root 11241100x80000000000000003868195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260c5000dae213392021-12-22 11:52:49.196root 11241100x80000000000000003868196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3550dec328a5682021-12-22 11:52:49.196root 11241100x80000000000000003868197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d78b55866a49d0b2021-12-22 11:52:49.196root 11241100x80000000000000003868198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd21aedd743d67b32021-12-22 11:52:49.196root 11241100x80000000000000003868199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd1a3199acf47ca2021-12-22 11:52:49.197root 11241100x80000000000000003868200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9500846b736108512021-12-22 11:52:49.197root 11241100x80000000000000003868201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9f87748c04dc522021-12-22 11:52:49.197root 11241100x80000000000000003868202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e77fd77a43e7232021-12-22 11:52:49.197root 11241100x80000000000000003868203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de858ac84bcaa0732021-12-22 11:52:49.197root 11241100x80000000000000003868204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7697ee1dd2fa4062021-12-22 11:52:49.197root 11241100x80000000000000003868205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5acbe5aa8f7a7c562021-12-22 11:52:49.197root 11241100x80000000000000003868206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9def240277213c2021-12-22 11:52:49.197root 11241100x80000000000000003868207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e3fd50ba4758e12021-12-22 11:52:49.198root 11241100x80000000000000003868208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697f234babdd59bc2021-12-22 11:52:49.198root 11241100x80000000000000003868209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0882ac6d7f146d922021-12-22 11:52:49.198root 11241100x80000000000000003868210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59df562b9e31aaf52021-12-22 11:52:49.198root 11241100x80000000000000003868211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e6814f2796ddca2021-12-22 11:52:49.198root 11241100x80000000000000003868212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a19d2ea2e6de122021-12-22 11:52:49.198root 11241100x80000000000000003868213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3821747d3b7fe97f2021-12-22 11:52:49.198root 11241100x80000000000000003868214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4a967fcb59ccf92021-12-22 11:52:49.693root 11241100x80000000000000003868215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01198218206c12c2021-12-22 11:52:49.693root 11241100x80000000000000003868216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b60323bfa0fe00d2021-12-22 11:52:49.693root 11241100x80000000000000003868217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be3b6b041db508b2021-12-22 11:52:49.693root 11241100x80000000000000003868218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c992120ac2a17a2021-12-22 11:52:49.693root 11241100x80000000000000003868219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be7ca4058ae05aa2021-12-22 11:52:49.694root 11241100x80000000000000003868220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f06e616f784f762021-12-22 11:52:49.694root 11241100x80000000000000003868221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35f085dae4c06f72021-12-22 11:52:49.694root 11241100x80000000000000003868222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcce9a6f31b2af92021-12-22 11:52:49.694root 11241100x80000000000000003868223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa962436d6c8a6082021-12-22 11:52:49.694root 11241100x80000000000000003868224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654fea2ba21c4ff92021-12-22 11:52:49.694root 11241100x80000000000000003868225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a908228997a7a352021-12-22 11:52:49.695root 11241100x80000000000000003868226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56afac1a5d5c95562021-12-22 11:52:49.695root 11241100x80000000000000003868227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f03b4fb1194ce12021-12-22 11:52:49.695root 11241100x80000000000000003868228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73363fb0b13a4da22021-12-22 11:52:49.695root 11241100x80000000000000003868229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185e56761ee4906e2021-12-22 11:52:49.695root 11241100x80000000000000003868230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f479eb898265a32021-12-22 11:52:49.695root 11241100x80000000000000003868231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c7720b0e8d6db82021-12-22 11:52:49.696root 11241100x80000000000000003868232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffad839814cb48ac2021-12-22 11:52:49.696root 11241100x80000000000000003868233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb6c4d84322aeaf2021-12-22 11:52:49.696root 11241100x80000000000000003868234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2275dc392528e7e62021-12-22 11:52:49.696root 11241100x80000000000000003868235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161c927a03d977012021-12-22 11:52:49.696root 11241100x80000000000000003868236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814508df8524682d2021-12-22 11:52:49.696root 11241100x80000000000000003868237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef3cd2ea1da6cc62021-12-22 11:52:49.696root 11241100x80000000000000003868238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70999dba328329d32021-12-22 11:52:49.697root 11241100x80000000000000003868239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b73545c189229232021-12-22 11:52:49.697root 11241100x80000000000000003868240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff56fe74401b8fe72021-12-22 11:52:49.697root 11241100x80000000000000003868241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b819a7bf8a331e2021-12-22 11:52:49.697root 11241100x80000000000000003868242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3223056f01cb94b62021-12-22 11:52:49.697root 11241100x80000000000000003868243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aeaba0f5e23dd912021-12-22 11:52:49.697root 11241100x80000000000000003868244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518cf6f440af8a702021-12-22 11:52:49.697root 11241100x80000000000000003868245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb706ad0425ee5b2021-12-22 11:52:49.697root 11241100x80000000000000003868246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd980a44d6a2538a2021-12-22 11:52:49.697root 11241100x80000000000000003868247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:49.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de917ee5b442afc2021-12-22 11:52:49.697root 11241100x80000000000000003868248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca8fbfe691b96682021-12-22 11:52:50.194root 11241100x80000000000000003868249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375aff5f84a71e652021-12-22 11:52:50.194root 11241100x80000000000000003868250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc06f35166d3e242021-12-22 11:52:50.194root 11241100x80000000000000003868251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67174cfcdd3bd0c42021-12-22 11:52:50.194root 11241100x80000000000000003868252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9ec816baa346932021-12-22 11:52:50.194root 11241100x80000000000000003868253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6855e5a4ed99b02021-12-22 11:52:50.195root 11241100x80000000000000003868254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9d15e766d194a02021-12-22 11:52:50.195root 11241100x80000000000000003868255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936ec3a36775f6112021-12-22 11:52:50.195root 11241100x80000000000000003868256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a21667e40f0ae3a62021-12-22 11:52:50.195root 11241100x80000000000000003868257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099f39cbea1fed002021-12-22 11:52:50.195root 11241100x80000000000000003868258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c529df378e1ec02021-12-22 11:52:50.195root 11241100x80000000000000003868259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e91072826716b72021-12-22 11:52:50.195root 11241100x80000000000000003868260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83a0d9a1e8a5e652021-12-22 11:52:50.196root 11241100x80000000000000003868261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac1df8cec5f10822021-12-22 11:52:50.196root 11241100x80000000000000003868262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89140a4256d056ed2021-12-22 11:52:50.196root 11241100x80000000000000003868263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb744c0c6ccce692021-12-22 11:52:50.196root 11241100x80000000000000003868264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba904874ac97b662021-12-22 11:52:50.196root 11241100x80000000000000003868265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6004dca4fec00b2021-12-22 11:52:50.196root 11241100x80000000000000003868266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da4913b16c81ec312021-12-22 11:52:50.197root 11241100x80000000000000003868267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c164fc3e1983afe2021-12-22 11:52:50.197root 11241100x80000000000000003868268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476154ecf94442472021-12-22 11:52:50.197root 11241100x80000000000000003868269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d37e71ec1e7b3d62021-12-22 11:52:50.197root 11241100x80000000000000003868270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69ac0bb2556f6f72021-12-22 11:52:50.197root 11241100x80000000000000003868271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2170e3e3b7e76ddd2021-12-22 11:52:50.197root 11241100x80000000000000003868272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4b1c875c90e9282021-12-22 11:52:50.198root 11241100x80000000000000003868273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abef52f726b9005f2021-12-22 11:52:50.198root 11241100x80000000000000003868274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9049fd902f18244d2021-12-22 11:52:50.198root 11241100x80000000000000003868275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2877fb216d9323822021-12-22 11:52:50.198root 11241100x80000000000000003868276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5947dac051739542021-12-22 11:52:50.198root 11241100x80000000000000003868277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f17e196b34432832021-12-22 11:52:50.198root 11241100x80000000000000003868278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9162827627724c2021-12-22 11:52:50.199root 354300x80000000000000003868279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.231{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55588-false10.0.1.12-8000- 11241100x80000000000000003868280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8350c7c2f608a0db2021-12-22 11:52:50.692root 11241100x80000000000000003868281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa720c8eb57df762021-12-22 11:52:50.693root 11241100x80000000000000003868282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54eb38923273ea1a2021-12-22 11:52:50.693root 11241100x80000000000000003868283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c486fcdda54ceb2021-12-22 11:52:50.693root 11241100x80000000000000003868284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714b27f09e03e6632021-12-22 11:52:50.693root 11241100x80000000000000003868285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a4f86fdab76c3d2021-12-22 11:52:50.693root 11241100x80000000000000003868286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8050025dde796fba2021-12-22 11:52:50.693root 11241100x80000000000000003868287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f751edc7abf84e6f2021-12-22 11:52:50.694root 11241100x80000000000000003868288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea154b311b9479642021-12-22 11:52:50.694root 11241100x80000000000000003868289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650a634016feff322021-12-22 11:52:50.694root 11241100x80000000000000003868290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3769bb1a1db207672021-12-22 11:52:50.694root 11241100x80000000000000003868291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df758591473026e2021-12-22 11:52:50.694root 11241100x80000000000000003868292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68cce3e9f21af9a32021-12-22 11:52:50.694root 11241100x80000000000000003868293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad75e32c08247492021-12-22 11:52:50.694root 11241100x80000000000000003868294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba4abf2973f8bc02021-12-22 11:52:50.694root 11241100x80000000000000003868295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4450b46243655a2021-12-22 11:52:50.695root 11241100x80000000000000003868296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95058f5723a16782021-12-22 11:52:50.695root 11241100x80000000000000003868297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4d336dc683f4ba2021-12-22 11:52:50.695root 11241100x80000000000000003868298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9afb9e9efa8553142021-12-22 11:52:50.695root 11241100x80000000000000003868299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edb8b2a442c1d7b2021-12-22 11:52:50.695root 11241100x80000000000000003868300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bef0ce7cec9281e2021-12-22 11:52:50.695root 11241100x80000000000000003868301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1846e9f79e4f90ce2021-12-22 11:52:50.696root 11241100x80000000000000003868302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2de9fce5d448bb42021-12-22 11:52:50.696root 11241100x80000000000000003868303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7234b88ff9064932021-12-22 11:52:50.696root 11241100x80000000000000003868304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fe283ad8b25ec02021-12-22 11:52:50.696root 11241100x80000000000000003868305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9336e661361be34a2021-12-22 11:52:50.696root 11241100x80000000000000003868306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c062ac3afff2282021-12-22 11:52:50.696root 11241100x80000000000000003868307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f276abd93aacaa82021-12-22 11:52:50.697root 11241100x80000000000000003868308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6681263cce991d5f2021-12-22 11:52:50.697root 11241100x80000000000000003868309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b56fd0c67a8c4872021-12-22 11:52:50.697root 11241100x80000000000000003868310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932a33ef110705e62021-12-22 11:52:50.697root 11241100x80000000000000003868311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef7a574c31d63932021-12-22 11:52:50.697root 11241100x80000000000000003868312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5df8c04f735f3702021-12-22 11:52:50.698root 11241100x80000000000000003868313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e2aba2d33e91692021-12-22 11:52:50.698root 11241100x80000000000000003868314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57930ede7aa101b62021-12-22 11:52:50.698root 11241100x80000000000000003868315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5dbc259b827ba62021-12-22 11:52:50.698root 11241100x80000000000000003868316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:50.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021ce7387a6ce1e62021-12-22 11:52:50.698root 11241100x80000000000000003868317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5fa9fb88f6695b52021-12-22 11:52:51.193root 11241100x80000000000000003868318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b02bb27aa1e20722021-12-22 11:52:51.193root 11241100x80000000000000003868319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5140e961a6f28512021-12-22 11:52:51.193root 11241100x80000000000000003868320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1175442673b20d692021-12-22 11:52:51.194root 11241100x80000000000000003868321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37e6a4fe010c0a42021-12-22 11:52:51.194root 11241100x80000000000000003868322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc7de5bc2f37bf52021-12-22 11:52:51.194root 11241100x80000000000000003868323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b101add6b3f4df92021-12-22 11:52:51.194root 11241100x80000000000000003868324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d503b2b01fd72e432021-12-22 11:52:51.195root 11241100x80000000000000003868325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2926b008059583232021-12-22 11:52:51.195root 11241100x80000000000000003868326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e853aa35e9443a2021-12-22 11:52:51.195root 11241100x80000000000000003868327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78631fb6d594afef2021-12-22 11:52:51.195root 11241100x80000000000000003868328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284a10b992ac8d9c2021-12-22 11:52:51.196root 11241100x80000000000000003868329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c751281ab8fb5bee2021-12-22 11:52:51.196root 11241100x80000000000000003868330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550e2cf802616f852021-12-22 11:52:51.196root 11241100x80000000000000003868331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0380647a33d575af2021-12-22 11:52:51.196root 11241100x80000000000000003868332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eebad2961a3b227b2021-12-22 11:52:51.196root 11241100x80000000000000003868333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825f109e09c7ac912021-12-22 11:52:51.196root 11241100x80000000000000003868334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7754c89bd0b6622021-12-22 11:52:51.197root 11241100x80000000000000003868335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f5258e0b55c9e12021-12-22 11:52:51.197root 11241100x80000000000000003868336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2cfdf62780a7a32021-12-22 11:52:51.197root 11241100x80000000000000003868337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ffd624a5ef913a72021-12-22 11:52:51.198root 11241100x80000000000000003868338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac7d6e80a218a522021-12-22 11:52:51.198root 11241100x80000000000000003868339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ba348b53aa52722021-12-22 11:52:51.198root 11241100x80000000000000003868340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f1ad337abdaa7f2021-12-22 11:52:51.199root 11241100x80000000000000003868341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300645ee4df65cfe2021-12-22 11:52:51.199root 11241100x80000000000000003868342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165ba81a5cc56ef42021-12-22 11:52:51.199root 11241100x80000000000000003868343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc3250febf72e202021-12-22 11:52:51.199root 11241100x80000000000000003868344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d375247fb0ae702021-12-22 11:52:51.200root 11241100x80000000000000003868345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf761c58d0ed310a2021-12-22 11:52:51.200root 11241100x80000000000000003868346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87ed602ef228fa22021-12-22 11:52:51.200root 11241100x80000000000000003868347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7150ec41dc0ff7af2021-12-22 11:52:51.201root 11241100x80000000000000003868348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e80db57cfd3eb62021-12-22 11:52:51.201root 11241100x80000000000000003868349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9323e15cecf395232021-12-22 11:52:51.201root 11241100x80000000000000003868350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430754611cde72992021-12-22 11:52:51.201root 11241100x80000000000000003868351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6852301f6750a82e2021-12-22 11:52:51.202root 11241100x80000000000000003868352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde46f8860006e632021-12-22 11:52:51.202root 11241100x80000000000000003868353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c67eee2f903e232021-12-22 11:52:51.202root 11241100x80000000000000003868354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249a35ece7ea95962021-12-22 11:52:51.202root 11241100x80000000000000003868355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92c69107dbbdfe22021-12-22 11:52:51.203root 11241100x80000000000000003868356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7710f0e4a97ddb2021-12-22 11:52:51.693root 11241100x80000000000000003868357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb67bdf26ea24bd32021-12-22 11:52:51.693root 11241100x80000000000000003868358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee61658cd3920b0f2021-12-22 11:52:51.693root 11241100x80000000000000003868359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d00a26fd5cfa7f2021-12-22 11:52:51.693root 11241100x80000000000000003868360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b54f9075a6efc02021-12-22 11:52:51.693root 11241100x80000000000000003868361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83277ec99ef6b1a92021-12-22 11:52:51.694root 11241100x80000000000000003868362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d51a8fb914e82612021-12-22 11:52:51.694root 11241100x80000000000000003868363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7e28599d6105662021-12-22 11:52:51.694root 11241100x80000000000000003868364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24999c88856719e62021-12-22 11:52:51.694root 11241100x80000000000000003868365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d36ba558e57b6292021-12-22 11:52:51.694root 11241100x80000000000000003868366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90fc90dc864323d2021-12-22 11:52:51.694root 11241100x80000000000000003868367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6069b3f5b7858d3d2021-12-22 11:52:51.695root 11241100x80000000000000003868368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d367ce2a999cdc2021-12-22 11:52:51.695root 11241100x80000000000000003868369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd41edd52fc1a8b12021-12-22 11:52:51.695root 11241100x80000000000000003868370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d30d16ce0183252021-12-22 11:52:51.695root 11241100x80000000000000003868371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87299aa754695412021-12-22 11:52:51.695root 11241100x80000000000000003868372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b55ce4dfdc71ad22021-12-22 11:52:51.696root 11241100x80000000000000003868373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d64c6dc07124c92021-12-22 11:52:51.696root 11241100x80000000000000003868374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2414f923b02ead2021-12-22 11:52:51.696root 11241100x80000000000000003868375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7eb623676585bf2021-12-22 11:52:51.696root 11241100x80000000000000003868376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f0a9a4edab52842021-12-22 11:52:51.697root 11241100x80000000000000003868377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81dfda4c3ae4aa382021-12-22 11:52:51.697root 11241100x80000000000000003868378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a6fd1eadfcba4c2021-12-22 11:52:51.697root 11241100x80000000000000003868379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431e71643b57f0492021-12-22 11:52:51.697root 11241100x80000000000000003868380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783a9e24d41cb2772021-12-22 11:52:51.698root 11241100x80000000000000003868381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998b4bd90af5af662021-12-22 11:52:51.698root 11241100x80000000000000003868382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607b50f67d296c152021-12-22 11:52:51.698root 11241100x80000000000000003868383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319b3f668ace52252021-12-22 11:52:51.699root 11241100x80000000000000003868384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24170f9671718602021-12-22 11:52:51.699root 11241100x80000000000000003868385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455efc4840f729b02021-12-22 11:52:51.699root 11241100x80000000000000003868386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3579c697edd6922021-12-22 11:52:51.700root 11241100x80000000000000003868387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685089cd4df896ab2021-12-22 11:52:51.700root 11241100x80000000000000003868388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31cd26794d4dce52021-12-22 11:52:51.700root 11241100x80000000000000003868389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0794e5aa67cb982021-12-22 11:52:51.701root 11241100x80000000000000003868390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b85f74d784a48752021-12-22 11:52:51.701root 11241100x80000000000000003868391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52037c810c3b551c2021-12-22 11:52:51.701root 11241100x80000000000000003868392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e87afcc9578714e2021-12-22 11:52:51.701root 354300x80000000000000003868393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.760{ec2b6afe-923b-61c1-e0f7-1f3839560000}1173/usr/sbin/sshdroottcpfalsefalse209.141.53.74-36646-false10.0.1.25-22- 11241100x80000000000000003868394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.761{ec2b6afe-1193-61c3-0000-000000000000}19147/usr/sbin/sshd/proc/19147/oom_score_adj2021-12-22 11:52:51.761root 154100x80000000000000003868395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.760{ec2b6afe-1193-61c3-e0b7-5a677b550000}19147/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}1173--- 534500x80000000000000003868396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:51.923{ec2b6afe-1193-61c3-e0b7-5a677b550000}19147/usr/sbin/sshdroot 11241100x80000000000000003868397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c8a26056602a282021-12-22 11:52:52.193root 11241100x80000000000000003868398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f773e85bb5f6d8fa2021-12-22 11:52:52.193root 11241100x80000000000000003868399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ea6bb4487dbf262021-12-22 11:52:52.193root 11241100x80000000000000003868400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24eca823af604932021-12-22 11:52:52.194root 11241100x80000000000000003868401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac787d6c08db8e982021-12-22 11:52:52.194root 11241100x80000000000000003868402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3d37c59bed8cb32021-12-22 11:52:52.194root 11241100x80000000000000003868403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b57707ec57c741b2021-12-22 11:52:52.194root 11241100x80000000000000003868404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67fb004bb21b2f42021-12-22 11:52:52.194root 11241100x80000000000000003868405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987f5953a86963822021-12-22 11:52:52.194root 11241100x80000000000000003868406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ae7e445bd9c3c62021-12-22 11:52:52.194root 11241100x80000000000000003868407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7626ff44abc93fce2021-12-22 11:52:52.194root 11241100x80000000000000003868408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47fec3820dd151ea2021-12-22 11:52:52.195root 11241100x80000000000000003868409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db20f4d7a7e4ecce2021-12-22 11:52:52.195root 11241100x80000000000000003868410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e667c44d7ec28c22021-12-22 11:52:52.195root 11241100x80000000000000003868411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7431ce0a76c842722021-12-22 11:52:52.195root 11241100x80000000000000003868412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58bc05abda10efc82021-12-22 11:52:52.195root 11241100x80000000000000003868413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15d251e665ece072021-12-22 11:52:52.195root 11241100x80000000000000003868414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff3bbe5a07e78b42021-12-22 11:52:52.195root 11241100x80000000000000003868415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc00ca403808e0102021-12-22 11:52:52.196root 11241100x80000000000000003868416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ac0269bb0a5ae02021-12-22 11:52:52.199root 11241100x80000000000000003868417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae3bae7ed23cbfd2021-12-22 11:52:52.199root 11241100x80000000000000003868418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5969a807852d7b82021-12-22 11:52:52.199root 11241100x80000000000000003868419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd46bb0187261842021-12-22 11:52:52.201root 11241100x80000000000000003868420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a93d8e1b645c412021-12-22 11:52:52.201root 11241100x80000000000000003868421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977f5301b9b2223a2021-12-22 11:52:52.201root 11241100x80000000000000003868422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2dbf51ca20d130b2021-12-22 11:52:52.201root 11241100x80000000000000003868423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5608c15fc5c71d1c2021-12-22 11:52:52.201root 11241100x80000000000000003868424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22d22d776113b6d2021-12-22 11:52:52.201root 11241100x80000000000000003868425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1dd01528c4c1052021-12-22 11:52:52.201root 11241100x80000000000000003868426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f592e43ddf471b2021-12-22 11:52:52.201root 11241100x80000000000000003868427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a535632e0bfe87b62021-12-22 11:52:52.201root 11241100x80000000000000003868428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7f132615f69eab2021-12-22 11:52:52.201root 11241100x80000000000000003868429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5810dd8958e43c292021-12-22 11:52:52.201root 11241100x80000000000000003868430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb20641066b524ff2021-12-22 11:52:52.201root 11241100x80000000000000003868431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3aeb2be13062a4d2021-12-22 11:52:52.201root 11241100x80000000000000003868432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33ba2ad8ac157972021-12-22 11:52:52.201root 11241100x80000000000000003868433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb59f84014cb7492021-12-22 11:52:52.201root 11241100x80000000000000003868434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d9884924efb9832021-12-22 11:52:52.202root 11241100x80000000000000003868435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238b093c1a56987c2021-12-22 11:52:52.202root 11241100x80000000000000003868436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb8740b2d767cb52021-12-22 11:52:52.693root 11241100x80000000000000003868437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93be22cd7b0eeecb2021-12-22 11:52:52.693root 11241100x80000000000000003868438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd16a17c3a1d04e2021-12-22 11:52:52.693root 11241100x80000000000000003868439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22bb2cf3ed937dd02021-12-22 11:52:52.693root 11241100x80000000000000003868440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14599ed7a5d22da82021-12-22 11:52:52.694root 11241100x80000000000000003868441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297dacf930d7e1022021-12-22 11:52:52.694root 11241100x80000000000000003868442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8cef56d78efab62021-12-22 11:52:52.694root 11241100x80000000000000003868443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0e1dd4a0b7247c2021-12-22 11:52:52.694root 11241100x80000000000000003868444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45c0883330392e02021-12-22 11:52:52.694root 11241100x80000000000000003868445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c793ee76da3cd5a52021-12-22 11:52:52.694root 11241100x80000000000000003868446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559b5a053e5019942021-12-22 11:52:52.694root 11241100x80000000000000003868447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636d9cb3c5dae3a62021-12-22 11:52:52.694root 11241100x80000000000000003868448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9692b4fe5583b3b2021-12-22 11:52:52.695root 11241100x80000000000000003868449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc32ae997590a2502021-12-22 11:52:52.695root 11241100x80000000000000003868450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0938f007b1eb49992021-12-22 11:52:52.695root 11241100x80000000000000003868451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a9338abdace0b12021-12-22 11:52:52.695root 11241100x80000000000000003868452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47267ae8419170a82021-12-22 11:52:52.695root 11241100x80000000000000003868453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c6cbaf9b1a0fd52021-12-22 11:52:52.695root 11241100x80000000000000003868454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679faf137ad22e862021-12-22 11:52:52.695root 11241100x80000000000000003868455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b9b88ea6b73ca82021-12-22 11:52:52.696root 11241100x80000000000000003868456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b667f23482cde372021-12-22 11:52:52.696root 11241100x80000000000000003868457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709842dbf0cf28ce2021-12-22 11:52:52.696root 11241100x80000000000000003868458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2cb59eef68ed7f2021-12-22 11:52:52.696root 11241100x80000000000000003868459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c00e219010ec842021-12-22 11:52:52.696root 11241100x80000000000000003868460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e6534fd77526e42021-12-22 11:52:52.696root 11241100x80000000000000003868461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840084edf96e90082021-12-22 11:52:52.696root 11241100x80000000000000003868462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c57770e04f2a962021-12-22 11:52:52.696root 11241100x80000000000000003868463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0d00e73802cfa02021-12-22 11:52:52.696root 11241100x80000000000000003868464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1725ba3580b0812021-12-22 11:52:52.696root 11241100x80000000000000003868465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51b141974c6d8fb2021-12-22 11:52:52.696root 11241100x80000000000000003868466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292fce98eb958ff82021-12-22 11:52:52.696root 11241100x80000000000000003868467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f5bcb90a83de262021-12-22 11:52:52.696root 11241100x80000000000000003868468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989c7cdbddc1550c2021-12-22 11:52:52.696root 11241100x80000000000000003868469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713aad97e47a31de2021-12-22 11:52:52.696root 11241100x80000000000000003868470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb17f8358ab5fbd2021-12-22 11:52:52.696root 11241100x80000000000000003868471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90be57c8f5e6ddef2021-12-22 11:52:52.697root 11241100x80000000000000003868472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:52.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3073d8bfb02c21672021-12-22 11:52:52.697root 11241100x80000000000000003868473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a34c0dca31d5df72021-12-22 11:52:53.193root 11241100x80000000000000003868474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439b3a55607225162021-12-22 11:52:53.193root 11241100x80000000000000003868475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5982858d7530ab702021-12-22 11:52:53.194root 11241100x80000000000000003868476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7704d74b1a46a632021-12-22 11:52:53.194root 11241100x80000000000000003868477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d899878eb8c4615b2021-12-22 11:52:53.195root 11241100x80000000000000003868478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4360b87fff20ba52021-12-22 11:52:53.195root 11241100x80000000000000003868479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb8b9cb392250bd2021-12-22 11:52:53.196root 11241100x80000000000000003868480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4102e6fb334edff2021-12-22 11:52:53.196root 11241100x80000000000000003868481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2831948ddc32824a2021-12-22 11:52:53.197root 11241100x80000000000000003868482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32af7051b7c11e2b2021-12-22 11:52:53.197root 11241100x80000000000000003868483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9bb5c80d1f308722021-12-22 11:52:53.198root 11241100x80000000000000003868484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ccee353166942882021-12-22 11:52:53.198root 11241100x80000000000000003868485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8091b14a25f7eb982021-12-22 11:52:53.198root 11241100x80000000000000003868486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6125bcf515f5952021-12-22 11:52:53.199root 11241100x80000000000000003868487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052c83939414fbea2021-12-22 11:52:53.200root 11241100x80000000000000003868488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b54de0842fd77312021-12-22 11:52:53.200root 11241100x80000000000000003868489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f6763b3eb43aa32021-12-22 11:52:53.200root 11241100x80000000000000003868490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2fed7f2453d46d2021-12-22 11:52:53.201root 11241100x80000000000000003868491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a8e934a20504c62021-12-22 11:52:53.202root 11241100x80000000000000003868492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3600d62e66cf132021-12-22 11:52:53.202root 11241100x80000000000000003868493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d922afce2af125e2021-12-22 11:52:53.203root 11241100x80000000000000003868494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe8a8df46e070f32021-12-22 11:52:53.203root 11241100x80000000000000003868495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f71a7cc46426232021-12-22 11:52:53.203root 11241100x80000000000000003868496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a9b1e15a6a04af2021-12-22 11:52:53.203root 11241100x80000000000000003868497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5974f2145c0bcd42021-12-22 11:52:53.204root 11241100x80000000000000003868498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91be4ae7b628a8e02021-12-22 11:52:53.204root 11241100x80000000000000003868499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f18b80fb5296f7c2021-12-22 11:52:53.204root 11241100x80000000000000003868500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69f08e94987a87c2021-12-22 11:52:53.205root 11241100x80000000000000003868501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85270d0f406d21ea2021-12-22 11:52:53.205root 11241100x80000000000000003868502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd51ca32273ddc742021-12-22 11:52:53.206root 11241100x80000000000000003868503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7e14887dcf6fca2021-12-22 11:52:53.206root 11241100x80000000000000003868504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc01320a91708cb2021-12-22 11:52:53.206root 11241100x80000000000000003868505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d89ad60702d520e2021-12-22 11:52:53.207root 11241100x80000000000000003868506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949ff9dc9c776aed2021-12-22 11:52:53.207root 11241100x80000000000000003868507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dce6a262b3f2e3b2021-12-22 11:52:53.207root 11241100x80000000000000003868508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf46e1cabcabc7d2021-12-22 11:52:53.208root 11241100x80000000000000003868509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92ac2ceb4e668b42021-12-22 11:52:53.208root 11241100x80000000000000003868510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e2c793828c30a82021-12-22 11:52:53.208root 11241100x80000000000000003868511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95175fdb079156372021-12-22 11:52:53.693root 11241100x80000000000000003868512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ea3c9e527e8ab32021-12-22 11:52:53.694root 11241100x80000000000000003868513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1def3382035bb7612021-12-22 11:52:53.694root 11241100x80000000000000003868514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cdecbf6a7517f32021-12-22 11:52:53.694root 11241100x80000000000000003868515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6e7b04411c3d5f2021-12-22 11:52:53.694root 11241100x80000000000000003868516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce2d28d44ed78112021-12-22 11:52:53.695root 11241100x80000000000000003868517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491b4998d91ae0472021-12-22 11:52:53.695root 11241100x80000000000000003868518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1230828816326ba2021-12-22 11:52:53.695root 11241100x80000000000000003868519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d2e572c99fc2822021-12-22 11:52:53.695root 11241100x80000000000000003868520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07041613f87a41892021-12-22 11:52:53.696root 11241100x80000000000000003868521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98e489463f484ee2021-12-22 11:52:53.696root 11241100x80000000000000003868522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba0f2112cb7d6e52021-12-22 11:52:53.696root 11241100x80000000000000003868523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0fefdbb771dbb72021-12-22 11:52:53.696root 11241100x80000000000000003868524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b5c686beaf4fb02021-12-22 11:52:53.696root 11241100x80000000000000003868525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1cabf9b1155db5d2021-12-22 11:52:53.696root 11241100x80000000000000003868526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ccadca49cde9d8b2021-12-22 11:52:53.696root 11241100x80000000000000003868527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0ea6dcdfa81b192021-12-22 11:52:53.696root 11241100x80000000000000003868528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8281a8146ddac45c2021-12-22 11:52:53.696root 11241100x80000000000000003868529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b141602f50c40652021-12-22 11:52:53.696root 11241100x80000000000000003868530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e0460256775d8f2021-12-22 11:52:53.697root 11241100x80000000000000003868531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ef262f7af341772021-12-22 11:52:53.697root 11241100x80000000000000003868532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5148e8da15f5d25f2021-12-22 11:52:53.697root 11241100x80000000000000003868533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30cd83b1cb7c42222021-12-22 11:52:53.697root 11241100x80000000000000003868534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7affdd98832e18192021-12-22 11:52:53.697root 11241100x80000000000000003868535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a7d2d0e94a089f2021-12-22 11:52:53.697root 11241100x80000000000000003868536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64f32530761bc0e2021-12-22 11:52:53.697root 11241100x80000000000000003868537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a10b985fd3dbaa2021-12-22 11:52:53.697root 11241100x80000000000000003868538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c848058b6c39f2dc2021-12-22 11:52:53.697root 11241100x80000000000000003868539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9aaa1d578cc80c2021-12-22 11:52:53.697root 11241100x80000000000000003868540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e402b2b964bf382e2021-12-22 11:52:53.698root 11241100x80000000000000003868541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3f43c6c9b5c1b52021-12-22 11:52:53.698root 11241100x80000000000000003868542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8020da8976a66e8d2021-12-22 11:52:53.698root 11241100x80000000000000003868543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d859b819ce2fd8d2021-12-22 11:52:53.699root 11241100x80000000000000003868544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e9d9873c7d69f22021-12-22 11:52:53.699root 11241100x80000000000000003868545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6261269307e068042021-12-22 11:52:53.699root 11241100x80000000000000003868546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f983f65b232fef62021-12-22 11:52:53.699root 11241100x80000000000000003868547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:53.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a1ee8426f945f82021-12-22 11:52:53.700root 11241100x80000000000000003868548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8425020482f646542021-12-22 11:52:54.193root 11241100x80000000000000003868549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525b141a98adaa232021-12-22 11:52:54.193root 11241100x80000000000000003868550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1dafeecfa72aa232021-12-22 11:52:54.194root 11241100x80000000000000003868551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae91a5c3dd8a24b52021-12-22 11:52:54.194root 11241100x80000000000000003868552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9262e98526a66a2021-12-22 11:52:54.194root 11241100x80000000000000003868553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c988e38d4712fd2021-12-22 11:52:54.194root 11241100x80000000000000003868554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b886a090b5cf06ff2021-12-22 11:52:54.195root 11241100x80000000000000003868555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d9dd2b3bc76a9a2021-12-22 11:52:54.195root 11241100x80000000000000003868556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624f10aece795b772021-12-22 11:52:54.195root 11241100x80000000000000003868557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de809e236b6dfae2021-12-22 11:52:54.195root 11241100x80000000000000003868558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783205c55189a0a62021-12-22 11:52:54.196root 11241100x80000000000000003868559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347103624d2235352021-12-22 11:52:54.196root 11241100x80000000000000003868560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad23f63e2548dd2f2021-12-22 11:52:54.196root 11241100x80000000000000003868561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1f59e01f92aafc2021-12-22 11:52:54.196root 11241100x80000000000000003868562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8683caeaff54b4c32021-12-22 11:52:54.196root 11241100x80000000000000003868563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7077d7e513cab3d2021-12-22 11:52:54.197root 11241100x80000000000000003868564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2bb6557ebf562a2021-12-22 11:52:54.197root 11241100x80000000000000003868565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ce824fdc25f5d82021-12-22 11:52:54.197root 11241100x80000000000000003868566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac0919dd78d2e042021-12-22 11:52:54.197root 11241100x80000000000000003868567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d860fc791b458c32021-12-22 11:52:54.197root 11241100x80000000000000003868568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a09678e4923746d2021-12-22 11:52:54.197root 11241100x80000000000000003868569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b83d38a36d41332021-12-22 11:52:54.197root 11241100x80000000000000003868570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9caed9fca5cf675b2021-12-22 11:52:54.197root 11241100x80000000000000003868571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1867aec3918df4082021-12-22 11:52:54.197root 11241100x80000000000000003868572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23aae0845cd2ea552021-12-22 11:52:54.198root 11241100x80000000000000003868573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5e05189cd2c7e62021-12-22 11:52:54.198root 11241100x80000000000000003868574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fedfc7f8fb28513c2021-12-22 11:52:54.198root 11241100x80000000000000003868575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1619254ccf2886222021-12-22 11:52:54.198root 11241100x80000000000000003868576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ca980c89c27af12021-12-22 11:52:54.198root 11241100x80000000000000003868577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2dc45a7881d6d562021-12-22 11:52:54.198root 11241100x80000000000000003868578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6cf1e084d44a432021-12-22 11:52:54.198root 11241100x80000000000000003868579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faff06d4523deb3d2021-12-22 11:52:54.198root 11241100x80000000000000003868580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c107a6f5f3db19722021-12-22 11:52:54.198root 11241100x80000000000000003868581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d627960595f7301a2021-12-22 11:52:54.198root 11241100x80000000000000003868582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdae5c1fdd31569c2021-12-22 11:52:54.198root 11241100x80000000000000003868583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db80b86567a179372021-12-22 11:52:54.199root 11241100x80000000000000003868584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e26662a37551f12021-12-22 11:52:54.199root 11241100x80000000000000003868585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011672833947258b2021-12-22 11:52:54.199root 11241100x80000000000000003868586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da40caa4c9cc5ce02021-12-22 11:52:54.693root 11241100x80000000000000003868587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc13be12c95fe7e2021-12-22 11:52:54.693root 11241100x80000000000000003868588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056aaf7a89ed39ae2021-12-22 11:52:54.694root 11241100x80000000000000003868589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56946ba9603e0ce2021-12-22 11:52:54.694root 11241100x80000000000000003868590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f9dff724c9dc1e2021-12-22 11:52:54.694root 11241100x80000000000000003868591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a812ada0834d4f2021-12-22 11:52:54.694root 11241100x80000000000000003868592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf532aed6c2de7ca2021-12-22 11:52:54.695root 11241100x80000000000000003868593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357e1e7633de3f9f2021-12-22 11:52:54.695root 11241100x80000000000000003868594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8136a0f43d1c76832021-12-22 11:52:54.695root 11241100x80000000000000003868595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584416ae8e7c01462021-12-22 11:52:54.695root 11241100x80000000000000003868596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f52a41c8dc46c312021-12-22 11:52:54.695root 11241100x80000000000000003868597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d618ea086d69f92021-12-22 11:52:54.695root 11241100x80000000000000003868598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825faeb5696e1b4b2021-12-22 11:52:54.696root 11241100x80000000000000003868599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cae6deb2f225a8b2021-12-22 11:52:54.696root 11241100x80000000000000003868600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559c9f25860eeea72021-12-22 11:52:54.696root 11241100x80000000000000003868601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3120e3387da58e052021-12-22 11:52:54.696root 11241100x80000000000000003868602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6e0b5b98d807bf2021-12-22 11:52:54.696root 11241100x80000000000000003868603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ac74e17511153f2021-12-22 11:52:54.696root 11241100x80000000000000003868604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ab570025648c632021-12-22 11:52:54.696root 11241100x80000000000000003868605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa4b18485d153042021-12-22 11:52:54.696root 11241100x80000000000000003868606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392e6baba248853d2021-12-22 11:52:54.696root 11241100x80000000000000003868607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43571bdf05dd9f12021-12-22 11:52:54.696root 11241100x80000000000000003868608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd52c918c153d4f2021-12-22 11:52:54.697root 11241100x80000000000000003868609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2289b4a96fec89b2021-12-22 11:52:54.697root 11241100x80000000000000003868610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5532fa2a0320854a2021-12-22 11:52:54.697root 11241100x80000000000000003868611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcce5fc06d6893932021-12-22 11:52:54.697root 11241100x80000000000000003868612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9721228324bbca3d2021-12-22 11:52:54.697root 11241100x80000000000000003868613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64f94159bee62f82021-12-22 11:52:54.697root 11241100x80000000000000003868614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce7a805c62815b12021-12-22 11:52:54.697root 11241100x80000000000000003868615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af0c2f31e5998112021-12-22 11:52:54.697root 11241100x80000000000000003868616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320b4e0219dd1a512021-12-22 11:52:54.697root 11241100x80000000000000003868617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87aeda41ccad30cd2021-12-22 11:52:54.698root 11241100x80000000000000003868618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29704aec3f2b1a792021-12-22 11:52:54.698root 11241100x80000000000000003868619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e30198fdf180f872021-12-22 11:52:54.698root 11241100x80000000000000003868620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72379ea08cbdc492021-12-22 11:52:54.698root 11241100x80000000000000003868621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bb7614938e027c2021-12-22 11:52:54.698root 11241100x80000000000000003868622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ac865ceecde07f2021-12-22 11:52:54.698root 11241100x80000000000000003868623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69982a7afd30bbb22021-12-22 11:52:54.698root 11241100x80000000000000003868624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:54.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a23a12d05b8402d2021-12-22 11:52:54.699root 11241100x80000000000000003868625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fe820517631e152021-12-22 11:52:55.193root 11241100x80000000000000003868626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55504f1a30fea4ea2021-12-22 11:52:55.193root 11241100x80000000000000003868627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25b45195f3742ad2021-12-22 11:52:55.194root 11241100x80000000000000003868628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.febcee1aa8d2ae202021-12-22 11:52:55.194root 11241100x80000000000000003868629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153bfae5b1def2d82021-12-22 11:52:55.194root 11241100x80000000000000003868630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb5152b9440b4e72021-12-22 11:52:55.194root 11241100x80000000000000003868631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa845c20d81ceda32021-12-22 11:52:55.194root 11241100x80000000000000003868632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7a1589e7de726c2021-12-22 11:52:55.194root 11241100x80000000000000003868633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544b2c8a264717262021-12-22 11:52:55.195root 11241100x80000000000000003868634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b4f5ae739b5e8e2021-12-22 11:52:55.195root 11241100x80000000000000003868635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5769a0e8535c3982021-12-22 11:52:55.195root 11241100x80000000000000003868636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e71accbc816ab082021-12-22 11:52:55.195root 11241100x80000000000000003868637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00cfe4d4cab34832021-12-22 11:52:55.195root 11241100x80000000000000003868638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2aca29dbe9e3fb2021-12-22 11:52:55.195root 11241100x80000000000000003868639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82751bbead8f395a2021-12-22 11:52:55.196root 11241100x80000000000000003868640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7eece28341ab2a2021-12-22 11:52:55.196root 11241100x80000000000000003868641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85cf3b41daeddaf2021-12-22 11:52:55.196root 11241100x80000000000000003868642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5563b168def7892021-12-22 11:52:55.196root 11241100x80000000000000003868643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d1cfdb6d61b94c2021-12-22 11:52:55.196root 11241100x80000000000000003868644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350d02b0f20a30d12021-12-22 11:52:55.196root 11241100x80000000000000003868645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a8df5854f4e09f2021-12-22 11:52:55.196root 11241100x80000000000000003868646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97b70623da833a62021-12-22 11:52:55.196root 11241100x80000000000000003868647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eea6958defd4e722021-12-22 11:52:55.197root 11241100x80000000000000003868648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5d684b7a8e38132021-12-22 11:52:55.197root 11241100x80000000000000003868649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1221dfda2ab33d012021-12-22 11:52:55.198root 11241100x80000000000000003868650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ad1c2c711bf9e32021-12-22 11:52:55.198root 11241100x80000000000000003868651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e3cc115d8e75ee2021-12-22 11:52:55.198root 11241100x80000000000000003868652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d62898aa489fc512021-12-22 11:52:55.198root 11241100x80000000000000003868653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547017c26229e8082021-12-22 11:52:55.198root 11241100x80000000000000003868654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23af7b61401203d2021-12-22 11:52:55.198root 11241100x80000000000000003868655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43bc0d416211b2d52021-12-22 11:52:55.199root 11241100x80000000000000003868656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4618672882331f32021-12-22 11:52:55.199root 11241100x80000000000000003868657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9bd94615d1665522021-12-22 11:52:55.199root 11241100x80000000000000003868658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ba2b5d1885ae6f2021-12-22 11:52:55.199root 11241100x80000000000000003868659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd056bf280ecb6a62021-12-22 11:52:55.199root 11241100x80000000000000003868660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8de6db6e8af1fe2021-12-22 11:52:55.199root 11241100x80000000000000003868661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0359bb4086f3f4e72021-12-22 11:52:55.199root 11241100x80000000000000003868662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e166a1a7956648bb2021-12-22 11:52:55.693root 11241100x80000000000000003868663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b069c524ae1089fa2021-12-22 11:52:55.693root 11241100x80000000000000003868664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be68222903e89df2021-12-22 11:52:55.693root 11241100x80000000000000003868665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8007fcb76fd9b02021-12-22 11:52:55.694root 11241100x80000000000000003868666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5396927933ea193c2021-12-22 11:52:55.694root 11241100x80000000000000003868667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96eee9500c1353b72021-12-22 11:52:55.694root 11241100x80000000000000003868668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71516af1f350257d2021-12-22 11:52:55.694root 11241100x80000000000000003868669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e775dbf8450a3b652021-12-22 11:52:55.695root 11241100x80000000000000003868670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c3779ef8daf7492021-12-22 11:52:55.695root 11241100x80000000000000003868671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1ed6bc147644552021-12-22 11:52:55.695root 11241100x80000000000000003868672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1074f40b44043f152021-12-22 11:52:55.696root 11241100x80000000000000003868673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930c1c797d20ba772021-12-22 11:52:55.696root 11241100x80000000000000003868674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a812d9873c7f9fae2021-12-22 11:52:55.696root 11241100x80000000000000003868675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6712d6d9ad9c5692021-12-22 11:52:55.697root 11241100x80000000000000003868676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d908099df2e05162021-12-22 11:52:55.697root 11241100x80000000000000003868677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8fe93a9c097a3f22021-12-22 11:52:55.697root 11241100x80000000000000003868678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd536f06e92f9702021-12-22 11:52:55.698root 11241100x80000000000000003868679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4519f803103c8c2021-12-22 11:52:55.698root 11241100x80000000000000003868680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565053f2c1def0da2021-12-22 11:52:55.698root 11241100x80000000000000003868681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b5335f302611452021-12-22 11:52:55.699root 11241100x80000000000000003868682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c51de4fd2fafb52021-12-22 11:52:55.699root 11241100x80000000000000003868683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0218b0fb6b54a4532021-12-22 11:52:55.699root 11241100x80000000000000003868684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2e52a2af7b00f92021-12-22 11:52:55.699root 11241100x80000000000000003868685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ecb72396548dfbe2021-12-22 11:52:55.699root 11241100x80000000000000003868686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd01c8572139a9f72021-12-22 11:52:55.700root 11241100x80000000000000003868687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0ffec2bf4011012021-12-22 11:52:55.700root 11241100x80000000000000003868688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba02b31efc58d9a2021-12-22 11:52:55.700root 11241100x80000000000000003868689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b86757d06330ad2021-12-22 11:52:55.700root 11241100x80000000000000003868690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421e9a7fe56df31a2021-12-22 11:52:55.700root 11241100x80000000000000003868691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1f6ad515e0cdea2021-12-22 11:52:55.700root 11241100x80000000000000003868692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e084a589d979f5f42021-12-22 11:52:55.700root 11241100x80000000000000003868693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff15368f785d9672021-12-22 11:52:55.701root 11241100x80000000000000003868694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78527efc92a427302021-12-22 11:52:55.701root 11241100x80000000000000003868695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1c4bf350189d4b2021-12-22 11:52:55.701root 11241100x80000000000000003868696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00bad83e52b94e7c2021-12-22 11:52:55.701root 11241100x80000000000000003868697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6dff28533fb86f2021-12-22 11:52:55.701root 11241100x80000000000000003868698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba0c2b1c8b8a1692021-12-22 11:52:55.701root 11241100x80000000000000003868699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a80b53358277c322021-12-22 11:52:55.701root 11241100x80000000000000003868700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d923fcc2c8ce83c52021-12-22 11:52:55.701root 11241100x80000000000000003868701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:55.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1940da4adbd3ef72021-12-22 11:52:55.701root 354300x80000000000000003868702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.128{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55590-false10.0.1.12-8000- 11241100x80000000000000003868703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7034c3215fcfca452021-12-22 11:52:56.129root 11241100x80000000000000003868704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18103180ae292dd2021-12-22 11:52:56.129root 11241100x80000000000000003868705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac67e9a82a7034ec2021-12-22 11:52:56.129root 11241100x80000000000000003868706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058f0ad212332ead2021-12-22 11:52:56.129root 11241100x80000000000000003868707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d184622b43800442021-12-22 11:52:56.130root 11241100x80000000000000003868708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e594d04f4a4192192021-12-22 11:52:56.130root 11241100x80000000000000003868709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5000239aad0cfcf2021-12-22 11:52:56.130root 11241100x80000000000000003868710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16385c5cbbe711952021-12-22 11:52:56.130root 11241100x80000000000000003868711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da315c42051955f2021-12-22 11:52:56.130root 11241100x80000000000000003868712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3bac4528b4099b2021-12-22 11:52:56.130root 11241100x80000000000000003868713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5d85db411cb4fd2021-12-22 11:52:56.130root 11241100x80000000000000003868714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8f1d0a94ca3d682021-12-22 11:52:56.130root 11241100x80000000000000003868715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c24479ee87f85a2021-12-22 11:52:56.130root 11241100x80000000000000003868716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da40b139e353909e2021-12-22 11:52:56.130root 11241100x80000000000000003868717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf40098fda282b32021-12-22 11:52:56.131root 11241100x80000000000000003868718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e85bb24adf8f5c2021-12-22 11:52:56.131root 11241100x80000000000000003868719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f57ce21266e24e2021-12-22 11:52:56.131root 11241100x80000000000000003868720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374e9c9282a2591a2021-12-22 11:52:56.131root 11241100x80000000000000003868721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9db038c087130e52021-12-22 11:52:56.131root 11241100x80000000000000003868722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f4e061d71dd1fa2021-12-22 11:52:56.131root 11241100x80000000000000003868723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96e94a3f1b544742021-12-22 11:52:56.131root 11241100x80000000000000003868724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091aa6b4203986c12021-12-22 11:52:56.131root 11241100x80000000000000003868725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc1e5c665349bc62021-12-22 11:52:56.132root 11241100x80000000000000003868726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa66d917cf1111152021-12-22 11:52:56.132root 11241100x80000000000000003868727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8029d623733201da2021-12-22 11:52:56.132root 11241100x80000000000000003868728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d315630c57e4ed832021-12-22 11:52:56.132root 11241100x80000000000000003868729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ffbfb8da1290fd2021-12-22 11:52:56.132root 11241100x80000000000000003868730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec2ebd3457bc6952021-12-22 11:52:56.132root 11241100x80000000000000003868731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c2f2d525df928e2021-12-22 11:52:56.132root 11241100x80000000000000003868732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a84bb978220f5a2021-12-22 11:52:56.132root 11241100x80000000000000003868733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2578dc6e777525612021-12-22 11:52:56.132root 11241100x80000000000000003868734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199176e20237397f2021-12-22 11:52:56.132root 11241100x80000000000000003868735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92098e8a3d3ecbaa2021-12-22 11:52:56.132root 11241100x80000000000000003868736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8735ff617974207a2021-12-22 11:52:56.133root 11241100x80000000000000003868737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa0f4ebf9ed29752021-12-22 11:52:56.133root 11241100x80000000000000003868738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64473d8bd2c507ec2021-12-22 11:52:56.133root 11241100x80000000000000003868739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac22f3d75e5584512021-12-22 11:52:56.133root 11241100x80000000000000003868740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d18a42815e11b22021-12-22 11:52:56.133root 11241100x80000000000000003868741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ee653ec980a59b2021-12-22 11:52:56.133root 11241100x80000000000000003868742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c973ee8f0e01e12021-12-22 11:52:56.133root 11241100x80000000000000003868743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e46f4657fc3ed52021-12-22 11:52:56.133root 11241100x80000000000000003868744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f046dd75567c1a2021-12-22 11:52:56.133root 11241100x80000000000000003868745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3131c7e37a31ed582021-12-22 11:52:56.133root 11241100x80000000000000003868746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc104c6a9706d0a2021-12-22 11:52:56.134root 11241100x80000000000000003868747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a4880ba46cdb7c2021-12-22 11:52:56.443root 11241100x80000000000000003868748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32995165191406a92021-12-22 11:52:56.443root 11241100x80000000000000003868749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ec20d9ede7a12d2021-12-22 11:52:56.443root 11241100x80000000000000003868750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dfb376dafcc81ac2021-12-22 11:52:56.443root 11241100x80000000000000003868751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b4fe0e7eb1ddb92021-12-22 11:52:56.443root 11241100x80000000000000003868752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193c3f4f209723332021-12-22 11:52:56.443root 11241100x80000000000000003868753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589df3448421938b2021-12-22 11:52:56.443root 11241100x80000000000000003868754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1698936512f1eae2021-12-22 11:52:56.443root 11241100x80000000000000003868755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7e19a42c4864f02021-12-22 11:52:56.444root 11241100x80000000000000003868756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775794158bc310b82021-12-22 11:52:56.444root 11241100x80000000000000003868757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f719d298e0c2e22021-12-22 11:52:56.444root 11241100x80000000000000003868758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6543410e1883232021-12-22 11:52:56.444root 11241100x80000000000000003868759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed1e9929832f8a32021-12-22 11:52:56.444root 11241100x80000000000000003868760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2673ce03f4dfb71c2021-12-22 11:52:56.444root 11241100x80000000000000003868761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56b8a5a0305cd1e2021-12-22 11:52:56.444root 11241100x80000000000000003868762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91d18168bc9ac3e2021-12-22 11:52:56.444root 11241100x80000000000000003868763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0e79680d3e60262021-12-22 11:52:56.445root 11241100x80000000000000003868764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868944c82d30637f2021-12-22 11:52:56.445root 11241100x80000000000000003868765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c2392de41140712021-12-22 11:52:56.445root 11241100x80000000000000003868766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e433f65e107ea52021-12-22 11:52:56.445root 11241100x80000000000000003868767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d784ceb63751872021-12-22 11:52:56.445root 11241100x80000000000000003868768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbcf1e7500d402532021-12-22 11:52:56.445root 11241100x80000000000000003868769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f575a25f61d8922021-12-22 11:52:56.445root 11241100x80000000000000003868770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788a1b5d6063bdea2021-12-22 11:52:56.446root 11241100x80000000000000003868771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05aafc4483c14bf42021-12-22 11:52:56.446root 11241100x80000000000000003868772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e94b64f08482be2021-12-22 11:52:56.446root 11241100x80000000000000003868773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e6f4a53c8346e02021-12-22 11:52:56.446root 11241100x80000000000000003868774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52bc98dac07b8962021-12-22 11:52:56.446root 11241100x80000000000000003868775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b7b8240c2426442021-12-22 11:52:56.446root 11241100x80000000000000003868776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d044ba5dd9a324982021-12-22 11:52:56.446root 11241100x80000000000000003868777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2c80412912f3b42021-12-22 11:52:56.447root 11241100x80000000000000003868778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5e57c22188a1962021-12-22 11:52:56.447root 11241100x80000000000000003868779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e337e729001d4e2021-12-22 11:52:56.447root 11241100x80000000000000003868780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6d7e12465ad2982021-12-22 11:52:56.447root 11241100x80000000000000003868781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631b1b2b19e5b8592021-12-22 11:52:56.447root 11241100x80000000000000003868782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4a51aff79759272021-12-22 11:52:56.447root 11241100x80000000000000003868783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d543caec966028132021-12-22 11:52:56.447root 11241100x80000000000000003868784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272b0d67238497ac2021-12-22 11:52:56.447root 11241100x80000000000000003868785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b806a4dbdad82e2021-12-22 11:52:56.448root 11241100x80000000000000003868786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b688a5908a1ea87e2021-12-22 11:52:56.448root 11241100x80000000000000003868787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97366743c9959852021-12-22 11:52:56.448root 11241100x80000000000000003868788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521351d724aaaf512021-12-22 11:52:56.448root 11241100x80000000000000003868789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c6c3f1dd5d133d2021-12-22 11:52:56.448root 11241100x80000000000000003868790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1886568a4237492021-12-22 11:52:56.448root 11241100x80000000000000003868791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154e17825205777a2021-12-22 11:52:56.448root 11241100x80000000000000003868792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6294b9746faf88de2021-12-22 11:52:56.943root 11241100x80000000000000003868793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28e7d57876d765b2021-12-22 11:52:56.943root 11241100x80000000000000003868794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac58449239ded3c2021-12-22 11:52:56.943root 11241100x80000000000000003868795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968717aed1100a9e2021-12-22 11:52:56.943root 11241100x80000000000000003868796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99367322122ea9392021-12-22 11:52:56.943root 11241100x80000000000000003868797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac7f22e382b08cf2021-12-22 11:52:56.944root 11241100x80000000000000003868798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add8e7375e8422df2021-12-22 11:52:56.944root 11241100x80000000000000003868799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca8c48d66e088b12021-12-22 11:52:56.944root 11241100x80000000000000003868800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24dc1a93d5c435a52021-12-22 11:52:56.944root 11241100x80000000000000003868801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720de962923f50602021-12-22 11:52:56.944root 11241100x80000000000000003868802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734d5cbdd35fa7fb2021-12-22 11:52:56.944root 11241100x80000000000000003868803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853a1cbaca0197fe2021-12-22 11:52:56.944root 11241100x80000000000000003868804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe55cb6f208f400f2021-12-22 11:52:56.944root 11241100x80000000000000003868805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5bfc4d535af92d02021-12-22 11:52:56.944root 11241100x80000000000000003868806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab9b71a7abbff272021-12-22 11:52:56.944root 11241100x80000000000000003868807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de80153d395cc9f2021-12-22 11:52:56.944root 11241100x80000000000000003868808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed22e1ab9d068ed42021-12-22 11:52:56.944root 11241100x80000000000000003868809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25407e23a31ec93f2021-12-22 11:52:56.944root 11241100x80000000000000003868810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9490bc61a4909252021-12-22 11:52:56.944root 11241100x80000000000000003868811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa33938397d403d12021-12-22 11:52:56.944root 11241100x80000000000000003868812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81ae94956cf7a712021-12-22 11:52:56.945root 11241100x80000000000000003868813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7f351344ea92f62021-12-22 11:52:56.945root 11241100x80000000000000003868814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1d4f5db936c4332021-12-22 11:52:56.945root 11241100x80000000000000003868815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82d20ce786b52f22021-12-22 11:52:56.945root 11241100x80000000000000003868816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0c725846787ed32021-12-22 11:52:56.945root 11241100x80000000000000003868817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b3702b2f5720c72021-12-22 11:52:56.945root 11241100x80000000000000003868818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b86563fc8dc74c2021-12-22 11:52:56.945root 11241100x80000000000000003868819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e6b0202cceca852021-12-22 11:52:56.945root 11241100x80000000000000003868820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a905d6e3c11f8f2021-12-22 11:52:56.945root 11241100x80000000000000003868821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfcf1eb9144be162021-12-22 11:52:56.945root 11241100x80000000000000003868822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef2ecfe919a96212021-12-22 11:52:56.945root 11241100x80000000000000003868823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8248bfaab2a64d02021-12-22 11:52:56.946root 11241100x80000000000000003868824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf258e8483c6f182021-12-22 11:52:56.946root 11241100x80000000000000003868825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1a874cec6c8a9b2021-12-22 11:52:56.946root 11241100x80000000000000003868826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3685d6ff8252e8b52021-12-22 11:52:56.946root 11241100x80000000000000003868827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e074901cc2aa69532021-12-22 11:52:56.946root 11241100x80000000000000003868828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341152e96b1bb9942021-12-22 11:52:56.946root 11241100x80000000000000003868829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5788cc8f2ab399742021-12-22 11:52:56.946root 11241100x80000000000000003868830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422521933315b81c2021-12-22 11:52:57.442root 11241100x80000000000000003868831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7531e1561891dbd02021-12-22 11:52:57.443root 11241100x80000000000000003868832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1019414451bb742021-12-22 11:52:57.443root 11241100x80000000000000003868833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a0f9e78d5329032021-12-22 11:52:57.443root 11241100x80000000000000003868834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610484ef314e266b2021-12-22 11:52:57.443root 11241100x80000000000000003868835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c4708c38e5f0b22021-12-22 11:52:57.443root 11241100x80000000000000003868836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e75a5e1a41cb0f62021-12-22 11:52:57.443root 11241100x80000000000000003868837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcdc4e75d09901d02021-12-22 11:52:57.443root 11241100x80000000000000003868838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32f0d8a77dfcaa42021-12-22 11:52:57.444root 11241100x80000000000000003868839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c1b187b2bc4d502021-12-22 11:52:57.444root 11241100x80000000000000003868840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ffc41bc579cd772021-12-22 11:52:57.444root 11241100x80000000000000003868841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a762f220286bd23f2021-12-22 11:52:57.444root 11241100x80000000000000003868842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0addf1870b4a14b2021-12-22 11:52:57.444root 11241100x80000000000000003868843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e47bfa9733b7972021-12-22 11:52:57.444root 11241100x80000000000000003868844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4898588c1a16b3e22021-12-22 11:52:57.444root 11241100x80000000000000003868845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea287cf4b461e652021-12-22 11:52:57.444root 11241100x80000000000000003868846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ca5e8f501635fd2021-12-22 11:52:57.444root 11241100x80000000000000003868847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35467235d23c65b82021-12-22 11:52:57.444root 11241100x80000000000000003868848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7989c75ec64bc3392021-12-22 11:52:57.445root 11241100x80000000000000003868849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885fca17059884c82021-12-22 11:52:57.445root 11241100x80000000000000003868850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403302256a50d5fd2021-12-22 11:52:57.445root 11241100x80000000000000003868851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d553e14ccb92f9c82021-12-22 11:52:57.445root 11241100x80000000000000003868852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620f4669903268392021-12-22 11:52:57.445root 11241100x80000000000000003868853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4e09bb296dd0e72021-12-22 11:52:57.445root 11241100x80000000000000003868854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a0752947604c102021-12-22 11:52:57.445root 11241100x80000000000000003868855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6de76c8ff799942021-12-22 11:52:57.446root 11241100x80000000000000003868856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba01e93eb4b15332021-12-22 11:52:57.446root 11241100x80000000000000003868857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53fc968e5db1b5df2021-12-22 11:52:57.446root 11241100x80000000000000003868858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0276268160bfcd392021-12-22 11:52:57.446root 11241100x80000000000000003868859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d085597ec4e435682021-12-22 11:52:57.446root 11241100x80000000000000003868860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2185cb565f2f1c682021-12-22 11:52:57.448root 11241100x80000000000000003868861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e9dbcbbbdb1cb22021-12-22 11:52:57.448root 11241100x80000000000000003868862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad2c506e6794e4c2021-12-22 11:52:57.448root 11241100x80000000000000003868863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e54c23379fd47d2021-12-22 11:52:57.449root 11241100x80000000000000003868864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728f5abb66e205772021-12-22 11:52:57.449root 11241100x80000000000000003868865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe825c8580d664272021-12-22 11:52:57.449root 11241100x80000000000000003868866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7b74b65de116d62021-12-22 11:52:57.450root 11241100x80000000000000003868867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8d6faf08fbe1392021-12-22 11:52:57.450root 11241100x80000000000000003868868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cada86567059c0b2021-12-22 11:52:57.450root 11241100x80000000000000003868869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b3233405ab5a682021-12-22 11:52:57.450root 11241100x80000000000000003868870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8c9c3ba04316d72021-12-22 11:52:57.451root 11241100x80000000000000003868871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709a333a8521ff092021-12-22 11:52:57.451root 11241100x80000000000000003868872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c3f20f0e216b232021-12-22 11:52:57.451root 11241100x80000000000000003868873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24083823d1f86d92021-12-22 11:52:57.451root 11241100x80000000000000003868874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3b5a06ca9ab3422021-12-22 11:52:57.451root 11241100x80000000000000003868875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94294069e497f66f2021-12-22 11:52:57.451root 11241100x80000000000000003868876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26bb8b5ef5233ef2021-12-22 11:52:57.452root 11241100x80000000000000003868877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ab7c84668b3bad2021-12-22 11:52:57.453root 11241100x80000000000000003868878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448401b6e82cd6a12021-12-22 11:52:57.453root 11241100x80000000000000003868879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2cccddf97219bb2021-12-22 11:52:57.453root 11241100x80000000000000003868880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11c8f831350841d2021-12-22 11:52:57.453root 11241100x80000000000000003868881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347b908869df36742021-12-22 11:52:57.453root 11241100x80000000000000003868882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79354bcb615ae88d2021-12-22 11:52:57.454root 11241100x80000000000000003868883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e9623d7e09dcc12021-12-22 11:52:57.454root 11241100x80000000000000003868884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27dddd6bc5a205142021-12-22 11:52:57.455root 11241100x80000000000000003868885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76f6f09d0f0e5b02021-12-22 11:52:57.455root 11241100x80000000000000003868886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a48d9aaa323c3182021-12-22 11:52:57.455root 11241100x80000000000000003868887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a646983ff89342fc2021-12-22 11:52:57.455root 11241100x80000000000000003868888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d983b443b20d142021-12-22 11:52:57.455root 11241100x80000000000000003868889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80672b8d639860c12021-12-22 11:52:57.455root 11241100x80000000000000003868890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92468ec06f3acc0e2021-12-22 11:52:57.456root 11241100x80000000000000003868891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc98fb8760d528102021-12-22 11:52:57.456root 11241100x80000000000000003868892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c337f0ea3dfa3d2021-12-22 11:52:57.456root 11241100x80000000000000003868893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bb7f937a9a074e2021-12-22 11:52:57.456root 11241100x80000000000000003868894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbc5000c960fb3f2021-12-22 11:52:57.456root 11241100x80000000000000003868895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d2f796319cead72021-12-22 11:52:57.456root 11241100x80000000000000003868896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba037c3e9de9dc02021-12-22 11:52:57.943root 11241100x80000000000000003868897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69fd7fbe6c077d72021-12-22 11:52:57.943root 11241100x80000000000000003868898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb48c765c383142a2021-12-22 11:52:57.943root 11241100x80000000000000003868899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e753435cca88742021-12-22 11:52:57.944root 11241100x80000000000000003868900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc093ecce9bd09a72021-12-22 11:52:57.944root 11241100x80000000000000003868901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3efe42994fae9d942021-12-22 11:52:57.944root 11241100x80000000000000003868902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430fecaa1c38af1e2021-12-22 11:52:57.944root 11241100x80000000000000003868903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e01a36662f5775a2021-12-22 11:52:57.944root 11241100x80000000000000003868904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7fd2225e13b63822021-12-22 11:52:57.944root 11241100x80000000000000003868905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00dc6fa6af9187692021-12-22 11:52:57.944root 11241100x80000000000000003868906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa6058f152b7b152021-12-22 11:52:57.944root 11241100x80000000000000003868907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5f7ec677c40c552021-12-22 11:52:57.944root 11241100x80000000000000003868908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b55aedfb73e4e82021-12-22 11:52:57.944root 11241100x80000000000000003868909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48727d36684bd5b2021-12-22 11:52:57.945root 11241100x80000000000000003868910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d173425d4a6e6f0e2021-12-22 11:52:57.945root 11241100x80000000000000003868911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680cc6158e2a97862021-12-22 11:52:57.945root 11241100x80000000000000003868912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1dfe0bfb93d0072021-12-22 11:52:57.945root 11241100x80000000000000003868913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd5108d6a9cb1a32021-12-22 11:52:57.945root 11241100x80000000000000003868914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34bf3b31a1b7c942021-12-22 11:52:57.945root 11241100x80000000000000003868915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b45f88f24a96332021-12-22 11:52:57.945root 11241100x80000000000000003868916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7b47fb844fe4b02021-12-22 11:52:57.945root 11241100x80000000000000003868917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27573b3c1a144f082021-12-22 11:52:57.945root 11241100x80000000000000003868918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be98b6552effcc42021-12-22 11:52:57.945root 11241100x80000000000000003868919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1ddac5419513d02021-12-22 11:52:57.945root 11241100x80000000000000003868920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad76e4a26a72b9a2021-12-22 11:52:57.945root 11241100x80000000000000003868921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6c75790e29c0742021-12-22 11:52:57.945root 11241100x80000000000000003868922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2210eb224ac6722021-12-22 11:52:57.945root 11241100x80000000000000003868923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d017ecd2a9d2faa72021-12-22 11:52:57.945root 11241100x80000000000000003868924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a4e7a14bd537f22021-12-22 11:52:57.945root 11241100x80000000000000003868925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9f120f942c2b992021-12-22 11:52:57.946root 11241100x80000000000000003868926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455bc806464df9cb2021-12-22 11:52:57.946root 11241100x80000000000000003868927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c3704a7ce61d172021-12-22 11:52:57.946root 11241100x80000000000000003868928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc85f8757f880fe2021-12-22 11:52:57.946root 11241100x80000000000000003868929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f16577ee5028bfb2021-12-22 11:52:57.946root 11241100x80000000000000003868930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e797f51c0c9b29f2021-12-22 11:52:57.946root 11241100x80000000000000003868931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d24397004508b4b2021-12-22 11:52:57.946root 11241100x80000000000000003868932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eda7b99bad770d72021-12-22 11:52:57.946root 11241100x80000000000000003868933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2e32f6dd2cb8742021-12-22 11:52:57.946root 11241100x80000000000000003868934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616a24af751b9a242021-12-22 11:52:57.946root 11241100x80000000000000003868935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24539399705b2e132021-12-22 11:52:57.946root 11241100x80000000000000003868936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f41ec5d6707b8fe2021-12-22 11:52:57.946root 11241100x80000000000000003868937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7f648110b660022021-12-22 11:52:57.946root 11241100x80000000000000003868938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b2e49a1b2fc55f2021-12-22 11:52:57.947root 11241100x80000000000000003868939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd616cb1d69cefde2021-12-22 11:52:57.947root 11241100x80000000000000003868940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8189e01f1ab434e02021-12-22 11:52:57.947root 11241100x80000000000000003868941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7f27b1605109a92021-12-22 11:52:57.947root 11241100x80000000000000003868942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ee569d1c1144e02021-12-22 11:52:57.947root 11241100x80000000000000003868943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c12ea8c64666e912021-12-22 11:52:57.947root 11241100x80000000000000003868944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9122552578d06b42021-12-22 11:52:58.443root 11241100x80000000000000003868945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaaf2bba8c51c85b2021-12-22 11:52:58.443root 11241100x80000000000000003868946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e102a165297d46222021-12-22 11:52:58.444root 11241100x80000000000000003868947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0782882896d1232021-12-22 11:52:58.444root 11241100x80000000000000003868948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1620cf79a6cbae2021-12-22 11:52:58.444root 11241100x80000000000000003868949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1378d79303832d2021-12-22 11:52:58.444root 11241100x80000000000000003868950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3dae3eeab435352021-12-22 11:52:58.444root 11241100x80000000000000003868951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7929634d11da10f72021-12-22 11:52:58.444root 11241100x80000000000000003868952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde676af40870a5a2021-12-22 11:52:58.444root 11241100x80000000000000003868953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e110afad42a9f72021-12-22 11:52:58.444root 11241100x80000000000000003868954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840d3b8f939de68c2021-12-22 11:52:58.444root 11241100x80000000000000003868955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050f88933ac0cdd72021-12-22 11:52:58.444root 11241100x80000000000000003868956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f447506794ac94822021-12-22 11:52:58.444root 11241100x80000000000000003868957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a76488211e883cf2021-12-22 11:52:58.444root 11241100x80000000000000003868958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14b9f620347cb502021-12-22 11:52:58.444root 11241100x80000000000000003868959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0299ec31fa46ab142021-12-22 11:52:58.444root 11241100x80000000000000003868960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f570f71417e5432a2021-12-22 11:52:58.445root 11241100x80000000000000003868961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa7acc03faa81352021-12-22 11:52:58.445root 11241100x80000000000000003868962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a35fa6c19d75832021-12-22 11:52:58.445root 11241100x80000000000000003868963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0634e0a564d22962021-12-22 11:52:58.445root 11241100x80000000000000003868964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eada61b92ab75f82021-12-22 11:52:58.445root 11241100x80000000000000003868965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ad82e58146f5d82021-12-22 11:52:58.445root 11241100x80000000000000003868966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c88ee2c96c53bb52021-12-22 11:52:58.445root 11241100x80000000000000003868967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6127cb0008550db2021-12-22 11:52:58.445root 11241100x80000000000000003868968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920287e859395ada2021-12-22 11:52:58.445root 11241100x80000000000000003868969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51b8913d75431d42021-12-22 11:52:58.445root 11241100x80000000000000003868970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cadf5aa09dd025762021-12-22 11:52:58.445root 11241100x80000000000000003868971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ec3f2945425a0d2021-12-22 11:52:58.445root 11241100x80000000000000003868972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc9603478ea95222021-12-22 11:52:58.445root 11241100x80000000000000003868973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67aa22ab40357b22021-12-22 11:52:58.445root 11241100x80000000000000003868974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89663615eb1f45962021-12-22 11:52:58.446root 11241100x80000000000000003868975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776dd87253bfd00a2021-12-22 11:52:58.446root 11241100x80000000000000003868976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dccf953cfa1fa5c72021-12-22 11:52:58.446root 11241100x80000000000000003868977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c47494ee88e1432021-12-22 11:52:58.446root 11241100x80000000000000003868978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dba304a58b8e6212021-12-22 11:52:58.446root 11241100x80000000000000003868979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8519402c7b67ad2021-12-22 11:52:58.446root 11241100x80000000000000003868980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8449f1096156fea2021-12-22 11:52:58.446root 11241100x80000000000000003868981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1757e67e3e88deab2021-12-22 11:52:58.446root 11241100x80000000000000003868982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bfea01d1546f4302021-12-22 11:52:58.447root 11241100x80000000000000003868983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6770f4b64b5cc7ae2021-12-22 11:52:58.447root 11241100x80000000000000003868984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6b5c49340568b32021-12-22 11:52:58.447root 11241100x80000000000000003868985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058a5369ba834c0d2021-12-22 11:52:58.447root 11241100x80000000000000003868986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd950b29d5ceb842021-12-22 11:52:58.447root 11241100x80000000000000003868987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e00ae3f6b9e930c2021-12-22 11:52:58.447root 11241100x80000000000000003868988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8fa1abf93d428282021-12-22 11:52:58.447root 11241100x80000000000000003868989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b923903c085b59642021-12-22 11:52:58.447root 11241100x80000000000000003868990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5452b80b3be7602021-12-22 11:52:58.943root 11241100x80000000000000003868991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9e5407263bfc962021-12-22 11:52:58.943root 11241100x80000000000000003868992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb8a7ff8ae2142d2021-12-22 11:52:58.943root 11241100x80000000000000003868993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f249d0fa9ef19ea92021-12-22 11:52:58.943root 11241100x80000000000000003868994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89cb3fee3bbbd4fd2021-12-22 11:52:58.944root 11241100x80000000000000003868995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257bc127f8420a312021-12-22 11:52:58.944root 11241100x80000000000000003868996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f3b5ea44e81a832021-12-22 11:52:58.944root 11241100x80000000000000003868997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae3cbf0dc8273402021-12-22 11:52:58.944root 11241100x80000000000000003868998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8748a59af51421db2021-12-22 11:52:58.944root 11241100x80000000000000003868999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f903037ed9ec342021-12-22 11:52:58.944root 11241100x80000000000000003869000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e283e70b66014fef2021-12-22 11:52:58.944root 11241100x80000000000000003869001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e27aa8272b9fa562021-12-22 11:52:58.944root 11241100x80000000000000003869002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a283e8e5054229e22021-12-22 11:52:58.945root 11241100x80000000000000003869003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1085d481086e3182021-12-22 11:52:58.945root 11241100x80000000000000003869004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a072a49c7f18a182021-12-22 11:52:58.945root 11241100x80000000000000003869005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a28f60eb1dd1ca22021-12-22 11:52:58.945root 11241100x80000000000000003869006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db739caa899dd222021-12-22 11:52:58.945root 11241100x80000000000000003869007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0700b7b9a23adce2021-12-22 11:52:58.945root 11241100x80000000000000003869008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8319caca2586e92f2021-12-22 11:52:58.946root 11241100x80000000000000003869009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1654b5a96cde0792021-12-22 11:52:58.946root 11241100x80000000000000003869010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a150f9f4b77a7c2021-12-22 11:52:58.946root 11241100x80000000000000003869011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02699a501ff887b82021-12-22 11:52:58.946root 11241100x80000000000000003869012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb41af35059407f2021-12-22 11:52:58.946root 11241100x80000000000000003869013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce21f882555d0e8c2021-12-22 11:52:58.946root 11241100x80000000000000003869014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847677e5907643582021-12-22 11:52:58.946root 11241100x80000000000000003869015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e672f60b4a0ecb2021-12-22 11:52:58.947root 11241100x80000000000000003869016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532a1ce577ad75fe2021-12-22 11:52:58.947root 11241100x80000000000000003869017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586c7d5fa740866d2021-12-22 11:52:58.947root 11241100x80000000000000003869018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce67c9e1d6adbc42021-12-22 11:52:58.947root 11241100x80000000000000003869019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57fc82cc1979f9782021-12-22 11:52:58.947root 11241100x80000000000000003869020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096137f8d9c58ec12021-12-22 11:52:58.947root 11241100x80000000000000003869021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec3649b843af8892021-12-22 11:52:58.947root 11241100x80000000000000003869022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79d61af166dcb1a2021-12-22 11:52:58.948root 11241100x80000000000000003869023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404edb71811026162021-12-22 11:52:58.948root 11241100x80000000000000003869024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b072384f3d0503242021-12-22 11:52:58.948root 11241100x80000000000000003869025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abce12eab927442b2021-12-22 11:52:58.948root 11241100x80000000000000003869026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aef048fe8720af22021-12-22 11:52:58.948root 11241100x80000000000000003869027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b85deb618260eb2021-12-22 11:52:58.948root 11241100x80000000000000003869028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bfc4895d9175a372021-12-22 11:52:58.948root 11241100x80000000000000003869029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46637140e2a6265d2021-12-22 11:52:58.949root 11241100x80000000000000003869030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b7c966667ab5eb42021-12-22 11:52:58.949root 11241100x80000000000000003869031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6d65f33b8724532021-12-22 11:52:58.949root 11241100x80000000000000003869032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f474282dc003dc702021-12-22 11:52:58.949root 11241100x80000000000000003869033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62019d2ee39cdd12021-12-22 11:52:58.949root 11241100x80000000000000003869034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff72547f510fdb22021-12-22 11:52:58.949root 11241100x80000000000000003869035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0148df39c5b269392021-12-22 11:52:58.949root 11241100x80000000000000003869036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291041c97de1ff1d2021-12-22 11:52:58.950root 11241100x80000000000000003869037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487467763037e4d72021-12-22 11:52:58.950root 11241100x80000000000000003869038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627c2fff467685f22021-12-22 11:52:58.950root 11241100x80000000000000003869039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7f2c3b5ffbdebf2021-12-22 11:52:58.950root 11241100x80000000000000003869040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:58.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c7b55f9de19e422021-12-22 11:52:58.950root 11241100x80000000000000003869041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791198a302a59d612021-12-22 11:52:59.443root 11241100x80000000000000003869042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4977315d734a0de92021-12-22 11:52:59.443root 11241100x80000000000000003869043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f895ae42d22ca6732021-12-22 11:52:59.443root 11241100x80000000000000003869044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5ef4886ab9f30f2021-12-22 11:52:59.443root 11241100x80000000000000003869045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb10fe2a4f6126632021-12-22 11:52:59.444root 11241100x80000000000000003869046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ea7b592deaa0432021-12-22 11:52:59.444root 11241100x80000000000000003869047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eabf086ffd43bafb2021-12-22 11:52:59.444root 11241100x80000000000000003869048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf53fc358db7cf02021-12-22 11:52:59.444root 11241100x80000000000000003869049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf136584362b1d6c2021-12-22 11:52:59.444root 11241100x80000000000000003869050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d62bdcb77c20752021-12-22 11:52:59.445root 11241100x80000000000000003869051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b0b57216e09a822021-12-22 11:52:59.445root 11241100x80000000000000003869052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875fae63731b76222021-12-22 11:52:59.445root 11241100x80000000000000003869053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fac2280c06d18e2021-12-22 11:52:59.445root 11241100x80000000000000003869054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0055e89234afa02021-12-22 11:52:59.445root 11241100x80000000000000003869055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43202f05fb394bd62021-12-22 11:52:59.446root 11241100x80000000000000003869056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dddc64039867329a2021-12-22 11:52:59.446root 11241100x80000000000000003869057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749c8fc2fa2e16aa2021-12-22 11:52:59.446root 11241100x80000000000000003869058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa016990c4b713a2021-12-22 11:52:59.446root 11241100x80000000000000003869059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102061e6e5dcecac2021-12-22 11:52:59.446root 11241100x80000000000000003869060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c3571e12e9c4312021-12-22 11:52:59.446root 11241100x80000000000000003869061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480195745b972b9c2021-12-22 11:52:59.446root 11241100x80000000000000003869062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4c98a10b4d55132021-12-22 11:52:59.446root 11241100x80000000000000003869063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f981d4c17aba452021-12-22 11:52:59.446root 11241100x80000000000000003869064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231ec4ad2cfe9dc22021-12-22 11:52:59.447root 11241100x80000000000000003869065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca9fcb4bcbee8292021-12-22 11:52:59.447root 11241100x80000000000000003869066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4726ce73df100f2021-12-22 11:52:59.447root 11241100x80000000000000003869067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34a71149facfcfb2021-12-22 11:52:59.447root 11241100x80000000000000003869068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e3c2ca5445a8ac2021-12-22 11:52:59.447root 11241100x80000000000000003869069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147921ef77810d2a2021-12-22 11:52:59.447root 11241100x80000000000000003869070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545360cdd9fa8ac02021-12-22 11:52:59.447root 11241100x80000000000000003869071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97236da0dbbf56972021-12-22 11:52:59.447root 11241100x80000000000000003869072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e629b111a3f8252b2021-12-22 11:52:59.447root 11241100x80000000000000003869073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ddb95cd4e9350862021-12-22 11:52:59.448root 11241100x80000000000000003869074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85a459d69925d142021-12-22 11:52:59.448root 11241100x80000000000000003869075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715d587b71bdc3812021-12-22 11:52:59.448root 11241100x80000000000000003869076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29832fda24f22e1f2021-12-22 11:52:59.448root 11241100x80000000000000003869077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff62fbb472a166382021-12-22 11:52:59.448root 11241100x80000000000000003869078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec909b86497532552021-12-22 11:52:59.448root 11241100x80000000000000003869079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ebdb16eff5499b2021-12-22 11:52:59.449root 11241100x80000000000000003869080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca07b22ae607eaf12021-12-22 11:52:59.449root 11241100x80000000000000003869081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b7bf18aa0617082021-12-22 11:52:59.449root 11241100x80000000000000003869082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e89e6e17c0d96ed2021-12-22 11:52:59.449root 11241100x80000000000000003869083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c8cba4222238f12021-12-22 11:52:59.943root 11241100x80000000000000003869084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b0fde63e1146cc2021-12-22 11:52:59.943root 11241100x80000000000000003869085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38fcf2a53946f92a2021-12-22 11:52:59.943root 11241100x80000000000000003869086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca29e56e459b3de2021-12-22 11:52:59.943root 11241100x80000000000000003869087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b1597e739501662021-12-22 11:52:59.943root 11241100x80000000000000003869088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7f69678e9b47e72021-12-22 11:52:59.944root 11241100x80000000000000003869089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688823f32455ea832021-12-22 11:52:59.944root 11241100x80000000000000003869090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4848b74808537b7a2021-12-22 11:52:59.944root 11241100x80000000000000003869091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6717f8f44bfbf9a2021-12-22 11:52:59.944root 11241100x80000000000000003869092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461d55a15e1653ed2021-12-22 11:52:59.944root 11241100x80000000000000003869093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a6e5f53d82cf482021-12-22 11:52:59.944root 11241100x80000000000000003869094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6bd013a9650d80c2021-12-22 11:52:59.944root 11241100x80000000000000003869095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d537ac8eb2cb24a22021-12-22 11:52:59.945root 11241100x80000000000000003869096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d1c18d60f72cda2021-12-22 11:52:59.945root 11241100x80000000000000003869097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4608a60f3912c0722021-12-22 11:52:59.945root 11241100x80000000000000003869098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8406d4ba747b4a2021-12-22 11:52:59.945root 11241100x80000000000000003869099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7496bf95f98610b12021-12-22 11:52:59.945root 11241100x80000000000000003869100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7323c4cdf36e132021-12-22 11:52:59.945root 11241100x80000000000000003869101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50cecd462bc70fc02021-12-22 11:52:59.945root 11241100x80000000000000003869102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35fd1351609fd8ba2021-12-22 11:52:59.945root 11241100x80000000000000003869103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb6c0654d1226af2021-12-22 11:52:59.945root 11241100x80000000000000003869104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18bf76c2a83b7f1d2021-12-22 11:52:59.946root 11241100x80000000000000003869105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac21b5fd580c12b2021-12-22 11:52:59.946root 11241100x80000000000000003869106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6eea666bfabddeb2021-12-22 11:52:59.946root 11241100x80000000000000003869107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f172dbe6e539400b2021-12-22 11:52:59.946root 11241100x80000000000000003869108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b31bd7e730443d2021-12-22 11:52:59.946root 11241100x80000000000000003869109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ce6353ccd8f5152021-12-22 11:52:59.946root 11241100x80000000000000003869110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ba3bbb8adefd4f2021-12-22 11:52:59.946root 11241100x80000000000000003869111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb8e6ff028bec8a2021-12-22 11:52:59.946root 11241100x80000000000000003869112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c986b0c57e59f82021-12-22 11:52:59.947root 11241100x80000000000000003869113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c32b623b928959f2021-12-22 11:52:59.947root 11241100x80000000000000003869114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43eca63f8b1ffe42021-12-22 11:52:59.947root 11241100x80000000000000003869115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb07422d42ce98662021-12-22 11:52:59.947root 11241100x80000000000000003869116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a0bc0f4dcd8bea2021-12-22 11:52:59.947root 11241100x80000000000000003869117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483c13e0c15ffec42021-12-22 11:52:59.947root 11241100x80000000000000003869118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6adaf7606ca8462021-12-22 11:52:59.947root 11241100x80000000000000003869119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580c7037fdedcf332021-12-22 11:52:59.947root 11241100x80000000000000003869120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451efddfabc5136f2021-12-22 11:52:59.947root 11241100x80000000000000003869121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3405095024d85aa2021-12-22 11:52:59.948root 11241100x80000000000000003869122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df98b769c4e58092021-12-22 11:52:59.948root 11241100x80000000000000003869123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:52:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67250dccb84954ab2021-12-22 11:52:59.948root 11241100x80000000000000003869124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abd3c2cf7223da62021-12-22 11:53:00.443root 11241100x80000000000000003869125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa1761c6fae0d8e2021-12-22 11:53:00.443root 11241100x80000000000000003869126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e028f93f424d1532021-12-22 11:53:00.443root 11241100x80000000000000003869127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759b9b94800645f22021-12-22 11:53:00.443root 11241100x80000000000000003869128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad2221b0c0523952021-12-22 11:53:00.444root 11241100x80000000000000003869129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd26166eeefbc962021-12-22 11:53:00.444root 11241100x80000000000000003869130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de602b9915e774002021-12-22 11:53:00.444root 11241100x80000000000000003869131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc6a7f412bd94572021-12-22 11:53:00.444root 11241100x80000000000000003869132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3d8cdef3f3d5332021-12-22 11:53:00.444root 11241100x80000000000000003869133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241876525dd699d72021-12-22 11:53:00.444root 11241100x80000000000000003869134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3cb615d76329f62021-12-22 11:53:00.444root 11241100x80000000000000003869135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3f9a0f6642d08f2021-12-22 11:53:00.445root 11241100x80000000000000003869136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f815464f69c52812021-12-22 11:53:00.445root 11241100x80000000000000003869137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07f32b6498252222021-12-22 11:53:00.445root 11241100x80000000000000003869138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072a06999ec76a2f2021-12-22 11:53:00.445root 11241100x80000000000000003869139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84d140f89ef08ec2021-12-22 11:53:00.445root 11241100x80000000000000003869140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12b06eec6ad15212021-12-22 11:53:00.445root 11241100x80000000000000003869141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bb577ea661a8c22021-12-22 11:53:00.445root 11241100x80000000000000003869142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36064f9e0cd829e72021-12-22 11:53:00.446root 11241100x80000000000000003869143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a41be17864663b2021-12-22 11:53:00.446root 11241100x80000000000000003869144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ed4a792f4d31eb2021-12-22 11:53:00.446root 11241100x80000000000000003869145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972d388ec8f37be72021-12-22 11:53:00.446root 11241100x80000000000000003869146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59fc4b60c8efd3d52021-12-22 11:53:00.446root 11241100x80000000000000003869147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12774870dd18a6842021-12-22 11:53:00.446root 11241100x80000000000000003869148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a777cdad21086e2021-12-22 11:53:00.446root 11241100x80000000000000003869149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e69848dc5d0a682021-12-22 11:53:00.446root 11241100x80000000000000003869150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ff2a4fadcf02832021-12-22 11:53:00.446root 11241100x80000000000000003869151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c569ab36a48c95312021-12-22 11:53:00.446root 11241100x80000000000000003869152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d6efea9d1d52912021-12-22 11:53:00.446root 11241100x80000000000000003869153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7858d611a7b8d442021-12-22 11:53:00.447root 11241100x80000000000000003869154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0fbd483fe2c01382021-12-22 11:53:00.447root 11241100x80000000000000003869155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d534d3ee9ab8222021-12-22 11:53:00.447root 11241100x80000000000000003869156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f4f6ff843c3efd2021-12-22 11:53:00.447root 11241100x80000000000000003869157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f644b5212ff4ce2021-12-22 11:53:00.447root 11241100x80000000000000003869158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed6ab9d1733e4402021-12-22 11:53:00.447root 11241100x80000000000000003869159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a350f8dc198a3f962021-12-22 11:53:00.447root 11241100x80000000000000003869160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0141198836f3d7e2021-12-22 11:53:00.447root 11241100x80000000000000003869161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675f12d2fd3e9cc62021-12-22 11:53:00.447root 11241100x80000000000000003869162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38afc02aa6cb94bf2021-12-22 11:53:00.447root 11241100x80000000000000003869163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf6ffe6098e8db52021-12-22 11:53:00.448root 11241100x80000000000000003869164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2f0e6bc4f6429d2021-12-22 11:53:00.943root 11241100x80000000000000003869165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977c40e47dff629d2021-12-22 11:53:00.943root 11241100x80000000000000003869166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d52a7a0046254b2021-12-22 11:53:00.943root 11241100x80000000000000003869167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2129b53424b43f8d2021-12-22 11:53:00.943root 11241100x80000000000000003869168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f45fd04bfa31eac2021-12-22 11:53:00.943root 11241100x80000000000000003869169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cb9d445913d11e2021-12-22 11:53:00.943root 11241100x80000000000000003869170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3090ecbe9c32ea2021-12-22 11:53:00.943root 11241100x80000000000000003869171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15fc6f4caa6af6152021-12-22 11:53:00.944root 11241100x80000000000000003869172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0d0da5b371ff122021-12-22 11:53:00.944root 11241100x80000000000000003869173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50106759e05618902021-12-22 11:53:00.944root 11241100x80000000000000003869174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34acefd58a95563e2021-12-22 11:53:00.944root 11241100x80000000000000003869175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8bf65ec0dd4d4e2021-12-22 11:53:00.944root 11241100x80000000000000003869176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c14aeeeb7e267cb2021-12-22 11:53:00.944root 11241100x80000000000000003869177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3142bd8ba6a89cad2021-12-22 11:53:00.944root 11241100x80000000000000003869178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a935317938c79d2021-12-22 11:53:00.945root 11241100x80000000000000003869179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a41ddc9a4ead582021-12-22 11:53:00.945root 11241100x80000000000000003869180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c2a1966ad0429382021-12-22 11:53:00.945root 11241100x80000000000000003869181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef82eaf54c3888b2021-12-22 11:53:00.945root 11241100x80000000000000003869182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc01c1792ef18112021-12-22 11:53:00.945root 11241100x80000000000000003869183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2353812a57608ca42021-12-22 11:53:00.945root 11241100x80000000000000003869184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec059c7eb8eb9c982021-12-22 11:53:00.945root 11241100x80000000000000003869185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595f9177098c66202021-12-22 11:53:00.946root 11241100x80000000000000003869186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c33ddc8d28dc69d2021-12-22 11:53:00.946root 11241100x80000000000000003869187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a01255981d229d62021-12-22 11:53:00.946root 11241100x80000000000000003869188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82327fbbda841f062021-12-22 11:53:00.946root 11241100x80000000000000003869189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67067c30cc60ecb42021-12-22 11:53:00.946root 11241100x80000000000000003869190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a056bdad75dac62d2021-12-22 11:53:00.947root 11241100x80000000000000003869191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e94869f50daf4f32021-12-22 11:53:00.947root 11241100x80000000000000003869192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7d5494f4b88d592021-12-22 11:53:00.947root 11241100x80000000000000003869193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dccf0278524708772021-12-22 11:53:00.947root 11241100x80000000000000003869194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935d3958f06136c12021-12-22 11:53:00.947root 11241100x80000000000000003869195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de2c50d90700e182021-12-22 11:53:00.947root 11241100x80000000000000003869196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8433c44ea60079212021-12-22 11:53:00.948root 11241100x80000000000000003869197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fda6a2d6ad9aaa22021-12-22 11:53:00.948root 11241100x80000000000000003869198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2233198233dbd5c52021-12-22 11:53:00.948root 11241100x80000000000000003869199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50e6eef883c65172021-12-22 11:53:00.948root 11241100x80000000000000003869200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc9fc4f9bd6faa82021-12-22 11:53:00.948root 11241100x80000000000000003869201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1230d2a1e490f2d52021-12-22 11:53:00.948root 11241100x80000000000000003869202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f9fbed73d020292021-12-22 11:53:00.949root 11241100x80000000000000003869203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d3d7424730b01b2021-12-22 11:53:00.949root 11241100x80000000000000003869204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3127727141ab9d92021-12-22 11:53:00.949root 11241100x80000000000000003869205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2536be1ec3428c072021-12-22 11:53:00.949root 11241100x80000000000000003869206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed6faee43045b362021-12-22 11:53:00.949root 354300x80000000000000003869207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.215{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55592-false10.0.1.12-8000- 11241100x80000000000000003869208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e9d4495eed49d42021-12-22 11:53:01.216root 11241100x80000000000000003869209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c75b74547f521bd2021-12-22 11:53:01.216root 11241100x80000000000000003869210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d450cf9d170dd522021-12-22 11:53:01.216root 11241100x80000000000000003869211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589827c97cabfdbe2021-12-22 11:53:01.216root 11241100x80000000000000003869212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3a4971dd6df8eb2021-12-22 11:53:01.216root 11241100x80000000000000003869213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ebcef82bd8e4fb42021-12-22 11:53:01.216root 11241100x80000000000000003869214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245f6990250fba6a2021-12-22 11:53:01.216root 11241100x80000000000000003869215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6e4d7007749f7e2021-12-22 11:53:01.216root 11241100x80000000000000003869216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5144b084ae475e2021-12-22 11:53:01.217root 11241100x80000000000000003869217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db82ff0a5b10b572021-12-22 11:53:01.217root 11241100x80000000000000003869218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea08913bf2e502aa2021-12-22 11:53:01.217root 11241100x80000000000000003869219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa375d903b0fec5b2021-12-22 11:53:01.217root 11241100x80000000000000003869220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03ce9515ef5051d2021-12-22 11:53:01.217root 11241100x80000000000000003869221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6505bf24ff61427b2021-12-22 11:53:01.217root 11241100x80000000000000003869222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee749254604d5492021-12-22 11:53:01.217root 11241100x80000000000000003869223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05145057f7ec6b42021-12-22 11:53:01.218root 11241100x80000000000000003869224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66148ddfb7287842021-12-22 11:53:01.218root 11241100x80000000000000003869225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a89b97c9daaf922021-12-22 11:53:01.218root 11241100x80000000000000003869226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38550be85f227dd52021-12-22 11:53:01.218root 11241100x80000000000000003869227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c3b8d813af4e9a2021-12-22 11:53:01.218root 11241100x80000000000000003869228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147244538b41682f2021-12-22 11:53:01.218root 11241100x80000000000000003869229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0b1d77cdbec7c72021-12-22 11:53:01.218root 11241100x80000000000000003869230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7445a561e16e9f12021-12-22 11:53:01.218root 11241100x80000000000000003869231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a55fe3c8f849952021-12-22 11:53:01.218root 11241100x80000000000000003869232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9043d5f8048086302021-12-22 11:53:01.219root 11241100x80000000000000003869233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da65b0e8ba1d1402021-12-22 11:53:01.219root 11241100x80000000000000003869234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e90471033664d032021-12-22 11:53:01.219root 11241100x80000000000000003869235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a32b872525bd5c2021-12-22 11:53:01.219root 11241100x80000000000000003869236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff3d78433274a412021-12-22 11:53:01.219root 11241100x80000000000000003869237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d08394101e254cf2021-12-22 11:53:01.219root 11241100x80000000000000003869238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade51b5defe1a4292021-12-22 11:53:01.219root 11241100x80000000000000003869239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7169e7f15fa16bc2021-12-22 11:53:01.219root 11241100x80000000000000003869240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d924f3016f6ec1942021-12-22 11:53:01.219root 11241100x80000000000000003869241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c590a8df76e528e52021-12-22 11:53:01.219root 11241100x80000000000000003869242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41bb1a248da11692021-12-22 11:53:01.219root 11241100x80000000000000003869243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb4585ba2b5c31f2021-12-22 11:53:01.219root 11241100x80000000000000003869244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9992d90adc935eb82021-12-22 11:53:01.220root 11241100x80000000000000003869245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b4b1384e6735572021-12-22 11:53:01.220root 11241100x80000000000000003869246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d267dd00ea30ab2021-12-22 11:53:01.220root 11241100x80000000000000003869247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0188d11c5c1a660d2021-12-22 11:53:01.220root 11241100x80000000000000003869248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5252d9e4420459ef2021-12-22 11:53:01.220root 11241100x80000000000000003869249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec62ea8067d868a2021-12-22 11:53:01.220root 11241100x80000000000000003869250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1ae5ad558cdae62021-12-22 11:53:01.220root 11241100x80000000000000003869251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db543361323b8c92021-12-22 11:53:01.220root 11241100x80000000000000003869252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1bd4b61f9db9782021-12-22 11:53:01.220root 11241100x80000000000000003869253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f435787fd715a2d2021-12-22 11:53:01.221root 11241100x80000000000000003869254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe21fd32222fff22021-12-22 11:53:01.221root 11241100x80000000000000003869255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3221b1630e709fff2021-12-22 11:53:01.221root 11241100x80000000000000003869256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f215519fd59b842021-12-22 11:53:01.221root 11241100x80000000000000003869257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ffdc04ec91df24e2021-12-22 11:53:01.221root 11241100x80000000000000003869258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436fe2883a07e7312021-12-22 11:53:01.221root 11241100x80000000000000003869259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039915feee175b212021-12-22 11:53:01.221root 11241100x80000000000000003869260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd33c7ef09d5867f2021-12-22 11:53:01.222root 11241100x80000000000000003869261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b45f720a96ecf22021-12-22 11:53:01.222root 11241100x80000000000000003869262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac152ca3cdf379e2021-12-22 11:53:01.693root 11241100x80000000000000003869263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af006ffc4814a31d2021-12-22 11:53:01.693root 11241100x80000000000000003869264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc19decf25fd0e2d2021-12-22 11:53:01.693root 11241100x80000000000000003869265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5b4db847c93fe12021-12-22 11:53:01.693root 11241100x80000000000000003869266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353194cb582bb5eb2021-12-22 11:53:01.694root 11241100x80000000000000003869267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f84c2738b9d99c72021-12-22 11:53:01.694root 11241100x80000000000000003869268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649b7edc1d3fb59b2021-12-22 11:53:01.694root 11241100x80000000000000003869269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1488e0b240f9dc82021-12-22 11:53:01.694root 11241100x80000000000000003869270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83e30eea3c679c92021-12-22 11:53:01.694root 11241100x80000000000000003869271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8e6e35b9ee43db2021-12-22 11:53:01.695root 11241100x80000000000000003869272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75906e7b49091e1c2021-12-22 11:53:01.695root 11241100x80000000000000003869273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1639531ff5dfb4702021-12-22 11:53:01.695root 11241100x80000000000000003869274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb21602f2ef4d852021-12-22 11:53:01.695root 11241100x80000000000000003869275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7570da940ea2632021-12-22 11:53:01.695root 11241100x80000000000000003869276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a385e346fd36655b2021-12-22 11:53:01.695root 11241100x80000000000000003869277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442cbea2e9454fc82021-12-22 11:53:01.696root 11241100x80000000000000003869278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a290dea9fe33ee832021-12-22 11:53:01.696root 11241100x80000000000000003869279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c77610b34c7a75d2021-12-22 11:53:01.696root 11241100x80000000000000003869280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0e04186bf411862021-12-22 11:53:01.696root 11241100x80000000000000003869281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70744f55a101e5062021-12-22 11:53:01.696root 11241100x80000000000000003869282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b61bbacc7c23642021-12-22 11:53:01.696root 11241100x80000000000000003869283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668ef9e5c604b89a2021-12-22 11:53:01.696root 11241100x80000000000000003869284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec51bffa6be31f1e2021-12-22 11:53:01.697root 11241100x80000000000000003869285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0ea8ef5c2161332021-12-22 11:53:01.697root 11241100x80000000000000003869286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d7ceb4a8994da42021-12-22 11:53:01.697root 11241100x80000000000000003869287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d8b4b0d7b9c3112021-12-22 11:53:01.697root 11241100x80000000000000003869288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcadd12edeee47b92021-12-22 11:53:01.697root 11241100x80000000000000003869289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4501c78ebd05c9be2021-12-22 11:53:01.697root 11241100x80000000000000003869290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c36bc107401e41e12021-12-22 11:53:01.698root 11241100x80000000000000003869291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34fce55766f240082021-12-22 11:53:01.698root 11241100x80000000000000003869292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbadeed6aef720702021-12-22 11:53:01.698root 11241100x80000000000000003869293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4a0b0ed5aa57212021-12-22 11:53:01.698root 11241100x80000000000000003869294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b4b29283a56cd52021-12-22 11:53:01.698root 11241100x80000000000000003869295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d0f566153027c62021-12-22 11:53:01.698root 11241100x80000000000000003869296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0b9822a4a280f32021-12-22 11:53:01.698root 11241100x80000000000000003869297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c3a13881e105622021-12-22 11:53:01.699root 11241100x80000000000000003869298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea976d81b2c34b2e2021-12-22 11:53:01.699root 11241100x80000000000000003869299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6dcfe157a912b162021-12-22 11:53:01.699root 11241100x80000000000000003869300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255d9efabec743542021-12-22 11:53:01.699root 11241100x80000000000000003869301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433d18d484e1340f2021-12-22 11:53:01.699root 11241100x80000000000000003869302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35748bb468a9e5052021-12-22 11:53:01.699root 11241100x80000000000000003869303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:01.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a6d91b0aee96e52021-12-22 11:53:01.700root 11241100x80000000000000003869304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd30074b3b94200f2021-12-22 11:53:02.193root 11241100x80000000000000003869305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e1f04570d252952021-12-22 11:53:02.193root 11241100x80000000000000003869306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19bcc2297ee767b12021-12-22 11:53:02.193root 11241100x80000000000000003869307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ba86ee21c96b6e2021-12-22 11:53:02.193root 11241100x80000000000000003869308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25bbde9aada0801a2021-12-22 11:53:02.193root 11241100x80000000000000003869309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62f6cc4405a0c8a2021-12-22 11:53:02.193root 11241100x80000000000000003869310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630d4de27a33a6cc2021-12-22 11:53:02.193root 11241100x80000000000000003869311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f7ba750606d8812021-12-22 11:53:02.193root 11241100x80000000000000003869312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0cfb800c7c3e602021-12-22 11:53:02.193root 11241100x80000000000000003869313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90bb8d8f1c451d1a2021-12-22 11:53:02.194root 11241100x80000000000000003869314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1985e5fbc107012021-12-22 11:53:02.194root 11241100x80000000000000003869315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e07b73caa450a32021-12-22 11:53:02.194root 11241100x80000000000000003869316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2deda4b16e069a32021-12-22 11:53:02.194root 11241100x80000000000000003869317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5134ce3d46b1742021-12-22 11:53:02.194root 11241100x80000000000000003869318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af403013a1aefe2e2021-12-22 11:53:02.194root 11241100x80000000000000003869319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a508cf13e82b5b12021-12-22 11:53:02.194root 11241100x80000000000000003869320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb0ba4a6b692c2e2021-12-22 11:53:02.194root 11241100x80000000000000003869321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b0c9b3866c247f2021-12-22 11:53:02.194root 11241100x80000000000000003869322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1c893e329565e22021-12-22 11:53:02.195root 11241100x80000000000000003869323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f02e69897c310f2021-12-22 11:53:02.195root 11241100x80000000000000003869324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7dc8a1840f0dd742021-12-22 11:53:02.195root 11241100x80000000000000003869325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2445cd00ca627532021-12-22 11:53:02.195root 11241100x80000000000000003869326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564726e43e0772f12021-12-22 11:53:02.195root 11241100x80000000000000003869327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7389d3b8c9bfbdff2021-12-22 11:53:02.196root 11241100x80000000000000003869328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e02527905df49d12021-12-22 11:53:02.196root 11241100x80000000000000003869329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3412e7ebaa2a69132021-12-22 11:53:02.196root 11241100x80000000000000003869330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db6471661be496b2021-12-22 11:53:02.196root 11241100x80000000000000003869331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a640620d903e5ed2021-12-22 11:53:02.196root 11241100x80000000000000003869332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bd26c206d73d442021-12-22 11:53:02.196root 11241100x80000000000000003869333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ac745cf21f36192021-12-22 11:53:02.196root 11241100x80000000000000003869334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda6a4ad12877a522021-12-22 11:53:02.197root 11241100x80000000000000003869335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49aaf77a75e20bd32021-12-22 11:53:02.197root 11241100x80000000000000003869336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b68ef3ae9693c392021-12-22 11:53:02.197root 11241100x80000000000000003869337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612c9f66bd7e72dc2021-12-22 11:53:02.197root 11241100x80000000000000003869338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c81dbb1718d22b2021-12-22 11:53:02.197root 11241100x80000000000000003869339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a21bca98734a39f22021-12-22 11:53:02.197root 11241100x80000000000000003869340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7bfdc17d8d2af12021-12-22 11:53:02.197root 11241100x80000000000000003869341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5cd87a6ef014f8f2021-12-22 11:53:02.198root 11241100x80000000000000003869342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212258b73a09dc822021-12-22 11:53:02.198root 11241100x80000000000000003869343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3169ab4e11a3697c2021-12-22 11:53:02.198root 11241100x80000000000000003869344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31c2f900d3fcc5d2021-12-22 11:53:02.198root 11241100x80000000000000003869345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c29086aa4275bac2021-12-22 11:53:02.198root 11241100x80000000000000003869346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff9d6674ba7218d2021-12-22 11:53:02.198root 11241100x80000000000000003869347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0202a17e47dc0242021-12-22 11:53:02.198root 11241100x80000000000000003869348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3fbdd7f3bbe0fd2021-12-22 11:53:02.693root 11241100x80000000000000003869349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bd862d3528481e2021-12-22 11:53:02.693root 11241100x80000000000000003869350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6156a9273c0b632021-12-22 11:53:02.693root 11241100x80000000000000003869351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82533e3af7d2e6b12021-12-22 11:53:02.693root 11241100x80000000000000003869352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889a0adc619005312021-12-22 11:53:02.694root 11241100x80000000000000003869353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ba49e8a58d1f472021-12-22 11:53:02.694root 11241100x80000000000000003869354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac477e218c0935f2021-12-22 11:53:02.694root 11241100x80000000000000003869355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c8af9c1e5fa6432021-12-22 11:53:02.694root 11241100x80000000000000003869356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4634c73f1e838d52021-12-22 11:53:02.694root 11241100x80000000000000003869357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2abdc9b54e4fb4792021-12-22 11:53:02.694root 11241100x80000000000000003869358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9252413323d78022021-12-22 11:53:02.695root 11241100x80000000000000003869359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5b9a174329e86e2021-12-22 11:53:02.695root 11241100x80000000000000003869360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7933cd1ecb1c0052021-12-22 11:53:02.695root 11241100x80000000000000003869361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeabf2d01efe90d92021-12-22 11:53:02.695root 11241100x80000000000000003869362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570c55361c82dd9f2021-12-22 11:53:02.696root 11241100x80000000000000003869363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4a82b54963ac472021-12-22 11:53:02.696root 11241100x80000000000000003869364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5483b04672e02dd2021-12-22 11:53:02.696root 11241100x80000000000000003869365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef87b3e6685e12c52021-12-22 11:53:02.696root 11241100x80000000000000003869366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ed2ec75ca524d72021-12-22 11:53:02.696root 11241100x80000000000000003869367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0263b263a7592a2021-12-22 11:53:02.696root 11241100x80000000000000003869368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f4a15715a5440a2021-12-22 11:53:02.696root 11241100x80000000000000003869369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a216ff822c94cb2021-12-22 11:53:02.696root 11241100x80000000000000003869370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e6b774f60186d52021-12-22 11:53:02.697root 11241100x80000000000000003869371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921c266e39aec1a32021-12-22 11:53:02.697root 11241100x80000000000000003869372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5f61c095de9f522021-12-22 11:53:02.697root 11241100x80000000000000003869373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc805d346b200baa2021-12-22 11:53:02.697root 11241100x80000000000000003869374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a158c5de4113d88a2021-12-22 11:53:02.698root 11241100x80000000000000003869375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19075c155a23ad82021-12-22 11:53:02.698root 11241100x80000000000000003869376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d229b3a55abc572021-12-22 11:53:02.698root 11241100x80000000000000003869377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0aa3e120b5d31a2021-12-22 11:53:02.699root 11241100x80000000000000003869378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0110815d0dc2efe02021-12-22 11:53:02.699root 11241100x80000000000000003869379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40fe0f0051136c0a2021-12-22 11:53:02.699root 11241100x80000000000000003869380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8efc838d58b0f9e2021-12-22 11:53:02.699root 11241100x80000000000000003869381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbdbf15e882975eb2021-12-22 11:53:02.700root 11241100x80000000000000003869382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01188c2530c92c412021-12-22 11:53:02.700root 11241100x80000000000000003869383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf668796ba3882a42021-12-22 11:53:02.700root 11241100x80000000000000003869384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d75a0efac602e22021-12-22 11:53:02.700root 11241100x80000000000000003869385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb720380cc9a2a62021-12-22 11:53:02.700root 11241100x80000000000000003869386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c561de9007729e732021-12-22 11:53:02.700root 11241100x80000000000000003869387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba777abd943d9bdd2021-12-22 11:53:02.700root 11241100x80000000000000003869388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6248a21258009a92021-12-22 11:53:02.700root 154100x80000000000000003869389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.791{ec2b6afe-119e-61c3-089e-273471550000}19148/usr/bin/sudo-----sudo ./run_hook.sh/home/ubuntuubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 354300x80000000000000003869390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.794{ec2b6afe-119e-61c3-089e-273471550000}19148/usr/bin/sudoubuntuudptruefalse127.0.0.1-59233-false127.0.0.53-53- 354300x80000000000000003869391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.794{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-39855-false10.0.0.2-53- 354300x80000000000000003869392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.795{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-51028-false10.0.0.2-53- 354300x80000000000000003869393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.795{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-59233- 354300x80000000000000003869394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.795{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-56176- 354300x80000000000000003869395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.795{ec2b6afe-119e-61c3-089e-273471550000}19148/usr/bin/sudoubuntuudptruefalse127.0.0.1-56176-false127.0.0.53-53- 154100x80000000000000003869396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.798{ec2b6afe-119e-61c3-6862-a6771a560000}19149/bin/dash-----sh ./run_hook.sh/home/ubunturoot{ec2b6afe-0000-0000-0000-000000000000}033no level-{ec2b6afe-119e-61c3-089e-273471550000}19148/usr/bin/sudosudoubuntu 154100x80000000000000003869397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.799{ec2b6afe-119e-61c3-6862-a85e82550000}19150/bin/dash-----sh ./dll_hook.sh/home/ubunturoot{ec2b6afe-0000-0000-0000-000000000000}033no level-{ec2b6afe-119e-61c3-6862-a6771a560000}19149/bin/dashshroot 154100x80000000000000003869398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.803{ec2b6afe-119e-61c3-10f9-91e645560000}19151/home/ubuntu/prog-----./prog/home/ubunturoot{ec2b6afe-0000-0000-0000-000000000000}033no level-{ec2b6afe-119e-61c3-6862-a85e82550000}19150/bin/dashshroot 534500x80000000000000003869399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.803{ec2b6afe-119e-61c3-10f9-91e645560000}19151/home/ubuntu/progroot 534500x80000000000000003869400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.804{ec2b6afe-119e-61c3-6862-a85e82550000}19150/bin/dashroot 534500x80000000000000003869401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.804{ec2b6afe-119e-61c3-6862-a6771a560000}19149/bin/dashroot 534500x80000000000000003869402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:02.805{ec2b6afe-119e-61c3-089e-273471550000}19148/usr/bin/sudoroot 11241100x80000000000000003869403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.141{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-22 11:53:03.141root 11241100x80000000000000003869404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1341061ce24e47c2021-12-22 11:53:03.142root 11241100x80000000000000003869405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29b5baf25e5727d2021-12-22 11:53:03.142root 11241100x80000000000000003869406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594609033276cd7a2021-12-22 11:53:03.142root 11241100x80000000000000003869407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c9242aab44a4962021-12-22 11:53:03.142root 11241100x80000000000000003869408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301c2c314b48e1bc2021-12-22 11:53:03.142root 11241100x80000000000000003869409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75fc4177ec0067f42021-12-22 11:53:03.143root 11241100x80000000000000003869410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b80e412cc7f5ebe2021-12-22 11:53:03.143root 11241100x80000000000000003869411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae77f7ce36700e72021-12-22 11:53:03.143root 11241100x80000000000000003869412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab19e81fc8e996712021-12-22 11:53:03.143root 11241100x80000000000000003869413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb7cccdfdc228112021-12-22 11:53:03.143root 11241100x80000000000000003869414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16eb5670af1394272021-12-22 11:53:03.143root 11241100x80000000000000003869415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4da629cfd7b0432021-12-22 11:53:03.143root 11241100x80000000000000003869416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6f2f0269fb07bb2021-12-22 11:53:03.143root 11241100x80000000000000003869417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218bb6cb98db60362021-12-22 11:53:03.143root 11241100x80000000000000003869418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d5be27dbaf1ccd2021-12-22 11:53:03.143root 11241100x80000000000000003869419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd457171da5ca3642021-12-22 11:53:03.144root 11241100x80000000000000003869420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b5a7556a49244f2021-12-22 11:53:03.144root 11241100x80000000000000003869421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068e10d9779b20812021-12-22 11:53:03.144root 11241100x80000000000000003869422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c434ffdc28fab6502021-12-22 11:53:03.144root 11241100x80000000000000003869423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abccd4e2544656bd2021-12-22 11:53:03.144root 11241100x80000000000000003869424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537bf354781558982021-12-22 11:53:03.144root 11241100x80000000000000003869425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3956b1a59f0385242021-12-22 11:53:03.144root 11241100x80000000000000003869426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f937b1999d6f22242021-12-22 11:53:03.144root 11241100x80000000000000003869427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976d9417921ab32f2021-12-22 11:53:03.144root 11241100x80000000000000003869428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db39df0b8245f36d2021-12-22 11:53:03.144root 11241100x80000000000000003869429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e055d905ce01eae2021-12-22 11:53:03.145root 11241100x80000000000000003869430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ffb8d07bfb7a2b2021-12-22 11:53:03.145root 11241100x80000000000000003869431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145a14766623b79a2021-12-22 11:53:03.145root 11241100x80000000000000003869432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4f8434663848722021-12-22 11:53:03.145root 11241100x80000000000000003869433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5679b0d3d3d3f36d2021-12-22 11:53:03.145root 11241100x80000000000000003869434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b2890e7d76d2e52021-12-22 11:53:03.145root 11241100x80000000000000003869435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155bf786d0f8753b2021-12-22 11:53:03.146root 11241100x80000000000000003869436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0ed45300f4ae8f2021-12-22 11:53:03.146root 11241100x80000000000000003869437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1a335a3984518e2021-12-22 11:53:03.146root 11241100x80000000000000003869438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1a4749f7b1609f2021-12-22 11:53:03.147root 11241100x80000000000000003869439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa81807e4d35e312021-12-22 11:53:03.147root 11241100x80000000000000003869440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cca07657e888aa42021-12-22 11:53:03.147root 11241100x80000000000000003869441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba896cf21f1b2ea2021-12-22 11:53:03.148root 11241100x80000000000000003869442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46949bc73867a5a62021-12-22 11:53:03.148root 11241100x80000000000000003869443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750001f8931934652021-12-22 11:53:03.148root 11241100x80000000000000003869444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79da49149e5655942021-12-22 11:53:03.148root 11241100x80000000000000003869445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d748baa20e5f10172021-12-22 11:53:03.149root 11241100x80000000000000003869446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d643912f40b4532021-12-22 11:53:03.149root 11241100x80000000000000003869447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba75bff0aac9d8712021-12-22 11:53:03.149root 11241100x80000000000000003869448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407b22e458f2a8972021-12-22 11:53:03.149root 11241100x80000000000000003869449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b6def853bf81a12021-12-22 11:53:03.149root 11241100x80000000000000003869450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea0c7468173b3a72021-12-22 11:53:03.150root 11241100x80000000000000003869451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01ff12cda4b0b4c2021-12-22 11:53:03.150root 11241100x80000000000000003869452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302b6e9893d32a252021-12-22 11:53:03.150root 11241100x80000000000000003869453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f346c22b1c6064b42021-12-22 11:53:03.150root 11241100x80000000000000003869454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2760f385c5301aa72021-12-22 11:53:03.150root 11241100x80000000000000003869455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe573905c5944032021-12-22 11:53:03.151root 11241100x80000000000000003869456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2192dffb22295e62021-12-22 11:53:03.151root 11241100x80000000000000003869457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943ec84df008e2112021-12-22 11:53:03.151root 11241100x80000000000000003869458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8348f63ecfff5db72021-12-22 11:53:03.151root 11241100x80000000000000003869459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6a2de52214c0df2021-12-22 11:53:03.151root 11241100x80000000000000003869460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388ff65caf6979812021-12-22 11:53:03.151root 11241100x80000000000000003869461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705b46f8aa3f398a2021-12-22 11:53:03.151root 11241100x80000000000000003869462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbe86ed3e6d0f622021-12-22 11:53:03.151root 11241100x80000000000000003869463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1b19c8c7d147ae2021-12-22 11:53:03.152root 11241100x80000000000000003869464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07fb6d5fc570b7512021-12-22 11:53:03.152root 11241100x80000000000000003869465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0840beb261e395bb2021-12-22 11:53:03.152root 11241100x80000000000000003869466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8781d9abd2b52f12021-12-22 11:53:03.152root 11241100x80000000000000003869467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653ad1dda47fe1672021-12-22 11:53:03.152root 11241100x80000000000000003869468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2251029447d560a2021-12-22 11:53:03.152root 11241100x80000000000000003869469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95b435180e2cc622021-12-22 11:53:03.153root 11241100x80000000000000003869470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31f92cfa562ea702021-12-22 11:53:03.153root 11241100x80000000000000003869471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886fe51a01342b2a2021-12-22 11:53:03.153root 11241100x80000000000000003869472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31dbc727c1146d892021-12-22 11:53:03.153root 11241100x80000000000000003869473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0045fe5684c6445b2021-12-22 11:53:03.153root 11241100x80000000000000003869474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c985672d0a36eb042021-12-22 11:53:03.153root 11241100x80000000000000003869475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5a9d91e4e96ce52021-12-22 11:53:03.153root 11241100x80000000000000003869476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e393ba57cb9e502021-12-22 11:53:03.153root 11241100x80000000000000003869477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70fa393f916816652021-12-22 11:53:03.153root 11241100x80000000000000003869478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c82a1bf947c52642021-12-22 11:53:03.154root 11241100x80000000000000003869479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513b9e74b0acd9e92021-12-22 11:53:03.154root 11241100x80000000000000003869480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655cb41943902c4b2021-12-22 11:53:03.154root 11241100x80000000000000003869481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cdd1d5d3338efc72021-12-22 11:53:03.154root 11241100x80000000000000003869482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24633aff8ca07ec2021-12-22 11:53:03.156root 11241100x80000000000000003869483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ab58b7cc623d8c2021-12-22 11:53:03.156root 11241100x80000000000000003869484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ac6277a06b406c2021-12-22 11:53:03.156root 11241100x80000000000000003869485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41944924932ae86d2021-12-22 11:53:03.156root 11241100x80000000000000003869486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf5d3922794f50b2021-12-22 11:53:03.156root 11241100x80000000000000003869487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab5d4ff99877f8d2021-12-22 11:53:03.156root 11241100x80000000000000003869488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f95626f2a534002021-12-22 11:53:03.156root 11241100x80000000000000003869489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68aecc665e9bd2c12021-12-22 11:53:03.156root 11241100x80000000000000003869490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b86082b5ae645412021-12-22 11:53:03.156root 11241100x80000000000000003869491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52fa3233749072c82021-12-22 11:53:03.157root 11241100x80000000000000003869492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491eb9262a4f9d092021-12-22 11:53:03.157root 11241100x80000000000000003869493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5386ef44b24ca69b2021-12-22 11:53:03.157root 11241100x80000000000000003869494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9bbac119a4357e2021-12-22 11:53:03.157root 11241100x80000000000000003869495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56fd7a32b8129272021-12-22 11:53:03.157root 11241100x80000000000000003869496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179962bdbce071832021-12-22 11:53:03.157root 11241100x80000000000000003869497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acca563f52767d3f2021-12-22 11:53:03.157root 11241100x80000000000000003869498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f2b8689f944f782021-12-22 11:53:03.157root 11241100x80000000000000003869499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb774991b6afe65b2021-12-22 11:53:03.157root 11241100x80000000000000003869500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b412f723160ec8562021-12-22 11:53:03.157root 11241100x80000000000000003869501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5724f2ab4802de7e2021-12-22 11:53:03.157root 11241100x80000000000000003869502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0e60c1a13960f12021-12-22 11:53:03.157root 11241100x80000000000000003869503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4a75308b8ca6db2021-12-22 11:53:03.157root 11241100x80000000000000003869504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f527481d93e5f12b2021-12-22 11:53:03.157root 11241100x80000000000000003869505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16625d2e3c89a9c2021-12-22 11:53:03.157root 11241100x80000000000000003869506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9d37715a7840202021-12-22 11:53:03.158root 11241100x80000000000000003869507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5067c8d2ba45c57e2021-12-22 11:53:03.158root 11241100x80000000000000003869508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4827612df78b3ab2021-12-22 11:53:03.158root 11241100x80000000000000003869509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e95b417ce6e0102021-12-22 11:53:03.158root 11241100x80000000000000003869510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c812a663170874a62021-12-22 11:53:03.158root 11241100x80000000000000003869511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.159{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1676024b3f0344162021-12-22 11:53:03.159root 11241100x80000000000000003869512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.159{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9506fed6aa9bba162021-12-22 11:53:03.159root 11241100x80000000000000003869513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.159{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7d7a2d3c9d88392021-12-22 11:53:03.159root 11241100x80000000000000003869514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.159{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949defa49971dd062021-12-22 11:53:03.159root 11241100x80000000000000003869515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.159{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de5079f92df69552021-12-22 11:53:03.159root 11241100x80000000000000003869516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.159{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee58cd33774e4a792021-12-22 11:53:03.159root 11241100x80000000000000003869517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.159{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e29c57d6321f60d2021-12-22 11:53:03.159root 11241100x80000000000000003869518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.159{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c9d7c7a92057a32021-12-22 11:53:03.159root 11241100x80000000000000003869519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.160{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9b6c1ea41ad1b92021-12-22 11:53:03.160root 11241100x80000000000000003869520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.160{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd8cc5aed16a2d02021-12-22 11:53:03.160root 11241100x80000000000000003869521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.160{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4738345304e62c6b2021-12-22 11:53:03.160root 11241100x80000000000000003869522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.160{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e7dd9171b4103d2021-12-22 11:53:03.160root 11241100x80000000000000003869523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.160{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441a14838e0104aa2021-12-22 11:53:03.160root 11241100x80000000000000003869524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.161{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e684c17fffac2212021-12-22 11:53:03.161root 11241100x80000000000000003869525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.161{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302ef28939811e3a2021-12-22 11:53:03.161root 11241100x80000000000000003869526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.161{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30d0929589ac48b2021-12-22 11:53:03.161root 11241100x80000000000000003869527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.161{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c124d7ea7d1493e62021-12-22 11:53:03.161root 11241100x80000000000000003869528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.161{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5c1d0544a70e842021-12-22 11:53:03.161root 11241100x80000000000000003869529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.161{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9001d124acdf3032021-12-22 11:53:03.161root 11241100x80000000000000003869530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.161{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce73c9f6bbfd5242021-12-22 11:53:03.161root 11241100x80000000000000003869531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75702d5f2cfcfdf32021-12-22 11:53:03.163root 11241100x80000000000000003869532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5303c68040e84772021-12-22 11:53:03.163root 11241100x80000000000000003869533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5630dca457738e332021-12-22 11:53:03.163root 11241100x80000000000000003869534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6bb25673579e462021-12-22 11:53:03.163root 11241100x80000000000000003869535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2783a3a23c7749952021-12-22 11:53:03.163root 11241100x80000000000000003869536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992a835993a785fe2021-12-22 11:53:03.163root 11241100x80000000000000003869537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2e315d9f59cb0d2021-12-22 11:53:03.163root 11241100x80000000000000003869538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554fe24626ae45312021-12-22 11:53:03.163root 11241100x80000000000000003869539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.164{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ebe76622073c6f2021-12-22 11:53:03.164root 11241100x80000000000000003869540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.164{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d67bcb1a4960302021-12-22 11:53:03.164root 11241100x80000000000000003869541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.164{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd66cd467555f902021-12-22 11:53:03.164root 11241100x80000000000000003869542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.164{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3cad619450d1622021-12-22 11:53:03.164root 11241100x80000000000000003869543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a589b3f73e7d8f2021-12-22 11:53:03.443root 11241100x80000000000000003869544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65a4f87e7336bab2021-12-22 11:53:03.443root 11241100x80000000000000003869545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5ff1970e937b822021-12-22 11:53:03.443root 11241100x80000000000000003869546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d8783b96db7d072021-12-22 11:53:03.443root 11241100x80000000000000003869547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191177905daac03c2021-12-22 11:53:03.443root 11241100x80000000000000003869548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab6b7affd68a4b12021-12-22 11:53:03.443root 11241100x80000000000000003869549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ac5fbb0c826ba12021-12-22 11:53:03.444root 11241100x80000000000000003869550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a5dbf94b435a252021-12-22 11:53:03.444root 11241100x80000000000000003869551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff441557444c6042021-12-22 11:53:03.444root 11241100x80000000000000003869552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09763becdd4cb2bf2021-12-22 11:53:03.444root 11241100x80000000000000003869553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a427605b8bda23fd2021-12-22 11:53:03.444root 11241100x80000000000000003869554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ef5ff91acda3de2021-12-22 11:53:03.444root 11241100x80000000000000003869555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a88f619ffb6ecfb2021-12-22 11:53:03.445root 11241100x80000000000000003869556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06cf541f37ea61962021-12-22 11:53:03.445root 11241100x80000000000000003869557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75e1fc0a70a06a22021-12-22 11:53:03.445root 11241100x80000000000000003869558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ce98ba2256af242021-12-22 11:53:03.445root 11241100x80000000000000003869559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f841bb64bde5d92021-12-22 11:53:03.445root 11241100x80000000000000003869560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc06c83e68214e22021-12-22 11:53:03.445root 11241100x80000000000000003869561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a060bd00398f4bac2021-12-22 11:53:03.445root 11241100x80000000000000003869562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03110809a7c04bc2021-12-22 11:53:03.445root 11241100x80000000000000003869563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc16649bc30d91872021-12-22 11:53:03.445root 11241100x80000000000000003869564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36861d6f09a98052021-12-22 11:53:03.445root 11241100x80000000000000003869565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d988687fc76ed32021-12-22 11:53:03.445root 11241100x80000000000000003869566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24cfcdc09e339f322021-12-22 11:53:03.445root 11241100x80000000000000003869567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efad80e773181ff22021-12-22 11:53:03.446root 11241100x80000000000000003869568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33430a1da6e4e9502021-12-22 11:53:03.446root 11241100x80000000000000003869569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4866c6764e9191f62021-12-22 11:53:03.446root 11241100x80000000000000003869570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca3e6dda4ac5de82021-12-22 11:53:03.446root 11241100x80000000000000003869571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c7bec18c3d3baf2021-12-22 11:53:03.446root 11241100x80000000000000003869572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7bfe6fc35075fd92021-12-22 11:53:03.446root 11241100x80000000000000003869573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ee99e86d02db692021-12-22 11:53:03.446root 11241100x80000000000000003869574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfda7db7ee1953d52021-12-22 11:53:03.446root 11241100x80000000000000003869575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d940feb2592f83b32021-12-22 11:53:03.447root 11241100x80000000000000003869576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843ffa8b4a5592292021-12-22 11:53:03.447root 11241100x80000000000000003869577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abb466cbdfe06dc2021-12-22 11:53:03.447root 11241100x80000000000000003869578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a815c2fcc104600e2021-12-22 11:53:03.447root 11241100x80000000000000003869579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c97ee53c40b6fa2021-12-22 11:53:03.447root 11241100x80000000000000003869580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7656cbb6a3b39daf2021-12-22 11:53:03.448root 11241100x80000000000000003869581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343c87bf1574d1c52021-12-22 11:53:03.448root 11241100x80000000000000003869582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531513e7b99580342021-12-22 11:53:03.448root 11241100x80000000000000003869583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bef65abe10e748a2021-12-22 11:53:03.448root 11241100x80000000000000003869584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78ed2f428c12ab42021-12-22 11:53:03.448root 11241100x80000000000000003869585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be079ed7be7c88002021-12-22 11:53:03.448root 11241100x80000000000000003869586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e419209f309249a42021-12-22 11:53:03.448root 11241100x80000000000000003869587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0bf0be171807602021-12-22 11:53:03.448root 11241100x80000000000000003869588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2b4fe590ee0be42021-12-22 11:53:03.449root 11241100x80000000000000003869589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775e29614438cd802021-12-22 11:53:03.449root 11241100x80000000000000003869590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fe14f0f44a92832021-12-22 11:53:03.449root 11241100x80000000000000003869591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f78445ab2e5b0b72021-12-22 11:53:03.449root 11241100x80000000000000003869592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09723b5dda1ed5652021-12-22 11:53:03.449root 11241100x80000000000000003869593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812f90ef6b548d1f2021-12-22 11:53:03.449root 11241100x80000000000000003869594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5dd571defcb49ab2021-12-22 11:53:03.449root 11241100x80000000000000003869595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271f9dbdb82b2e5c2021-12-22 11:53:03.450root 11241100x80000000000000003869596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131e1264468bc16f2021-12-22 11:53:03.450root 11241100x80000000000000003869597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7794f071215edb32021-12-22 11:53:03.450root 11241100x80000000000000003869598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48aaa26487be470a2021-12-22 11:53:03.450root 11241100x80000000000000003869599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b13b2d46783adc2021-12-22 11:53:03.450root 11241100x80000000000000003869600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddff5fee0a5096972021-12-22 11:53:03.450root 11241100x80000000000000003869601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521681a0e450270a2021-12-22 11:53:03.450root 11241100x80000000000000003869602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aee88d325d183b32021-12-22 11:53:03.451root 11241100x80000000000000003869603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f8ff64de94a8062021-12-22 11:53:03.943root 11241100x80000000000000003869604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0d10bc89532f1a2021-12-22 11:53:03.943root 11241100x80000000000000003869605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8610d826d9b4ac2021-12-22 11:53:03.943root 11241100x80000000000000003869606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d80d25d9aa2735e2021-12-22 11:53:03.943root 11241100x80000000000000003869607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc0d48b1df09ed52021-12-22 11:53:03.943root 11241100x80000000000000003869608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d6c25b0aa76e7b2021-12-22 11:53:03.943root 11241100x80000000000000003869609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39cdb05c0313a382021-12-22 11:53:03.943root 11241100x80000000000000003869610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e788e00339a5b7782021-12-22 11:53:03.943root 11241100x80000000000000003869611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4442786d42fea3f22021-12-22 11:53:03.944root 11241100x80000000000000003869612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48fc14d72e8e16012021-12-22 11:53:03.944root 11241100x80000000000000003869613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9d0b03076eed7c2021-12-22 11:53:03.944root 11241100x80000000000000003869614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b083609ea1bae9922021-12-22 11:53:03.944root 11241100x80000000000000003869615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33b778d9d002b152021-12-22 11:53:03.944root 11241100x80000000000000003869616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceca789702d256c72021-12-22 11:53:03.944root 11241100x80000000000000003869617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2a754394e427de2021-12-22 11:53:03.944root 11241100x80000000000000003869618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67796676757fe78f2021-12-22 11:53:03.944root 11241100x80000000000000003869619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4563954701beab2d2021-12-22 11:53:03.944root 11241100x80000000000000003869620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a96684700055a882021-12-22 11:53:03.944root 11241100x80000000000000003869621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7441a607c907ad392021-12-22 11:53:03.945root 11241100x80000000000000003869622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcbeaf62ba7eb0b22021-12-22 11:53:03.945root 11241100x80000000000000003869623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6356f9c6d5788562021-12-22 11:53:03.945root 11241100x80000000000000003869624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d2e45f3bdcde162021-12-22 11:53:03.945root 11241100x80000000000000003869625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4998bf5968af37082021-12-22 11:53:03.945root 11241100x80000000000000003869626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d8c1fed2172c4a2021-12-22 11:53:03.945root 11241100x80000000000000003869627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89cf1b340fd09f2a2021-12-22 11:53:03.945root 11241100x80000000000000003869628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153f4a67f5e8772f2021-12-22 11:53:03.945root 11241100x80000000000000003869629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8eb03f3a4f48e4f2021-12-22 11:53:03.946root 11241100x80000000000000003869630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc7204dae25a90c2021-12-22 11:53:03.946root 11241100x80000000000000003869631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182b72ffd75b78d02021-12-22 11:53:03.946root 11241100x80000000000000003869632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9422646e81dc8412021-12-22 11:53:03.947root 11241100x80000000000000003869633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6df71b4a3a1ac602021-12-22 11:53:03.947root 11241100x80000000000000003869634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e107de0c9b8a0b732021-12-22 11:53:03.947root 11241100x80000000000000003869635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ab6199aad40fcf2021-12-22 11:53:03.947root 11241100x80000000000000003869636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43e3781884fb5fe2021-12-22 11:53:03.947root 11241100x80000000000000003869637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41449ebae1fb81212021-12-22 11:53:03.947root 11241100x80000000000000003869638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc8651bdf682c3f2021-12-22 11:53:03.947root 11241100x80000000000000003869639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4b800cc338f90f2021-12-22 11:53:03.948root 11241100x80000000000000003869640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058c6932ce5f35402021-12-22 11:53:03.948root 11241100x80000000000000003869641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52c74d7c03596e92021-12-22 11:53:03.948root 11241100x80000000000000003869642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1615840336a6d22021-12-22 11:53:03.948root 11241100x80000000000000003869643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3865b5c67984c7c52021-12-22 11:53:03.948root 11241100x80000000000000003869644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf451250d1a0a8342021-12-22 11:53:03.949root 11241100x80000000000000003869645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f03500c1a24a2b2021-12-22 11:53:03.949root 11241100x80000000000000003869646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117ea8047086f04f2021-12-22 11:53:03.949root 11241100x80000000000000003869647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45475527c13435c52021-12-22 11:53:03.950root 11241100x80000000000000003869648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7719d7c981a1d72021-12-22 11:53:03.950root 11241100x80000000000000003869649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd459ae50705535e2021-12-22 11:53:03.950root 11241100x80000000000000003869650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d83e4888693a872021-12-22 11:53:03.950root 11241100x80000000000000003869651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84098a8334619cbc2021-12-22 11:53:03.950root 11241100x80000000000000003869652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa982c3990cd9402021-12-22 11:53:03.950root 11241100x80000000000000003869653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4ce9509ed385252021-12-22 11:53:03.950root 11241100x80000000000000003869654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91fb4c80664929d52021-12-22 11:53:03.950root 11241100x80000000000000003869655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667a0033127b337d2021-12-22 11:53:03.950root 11241100x80000000000000003869656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40ec05f8de08cce2021-12-22 11:53:03.951root 11241100x80000000000000003869657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8572a27322f8502021-12-22 11:53:03.951root 11241100x80000000000000003869658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e425725631200782021-12-22 11:53:03.951root 11241100x80000000000000003869659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0b63c801de7b002021-12-22 11:53:03.951root 11241100x80000000000000003869660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34660d532b4c65852021-12-22 11:53:03.951root 11241100x80000000000000003869661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03963debc67da6e12021-12-22 11:53:03.951root 11241100x80000000000000003869662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a65388fec1a80e62021-12-22 11:53:03.951root 11241100x80000000000000003869663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed64ef5a1a7907c2021-12-22 11:53:03.951root 11241100x80000000000000003869664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8d4882771e00932021-12-22 11:53:03.951root 11241100x80000000000000003869665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718745922b5a0bce2021-12-22 11:53:03.951root 11241100x80000000000000003869666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c81bb51f7840e902021-12-22 11:53:03.952root 11241100x80000000000000003869667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.151d023bdd705dd32021-12-22 11:53:03.952root 11241100x80000000000000003869668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53df8c599ec4d402021-12-22 11:53:03.952root 11241100x80000000000000003869669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb91bed1d10fa582021-12-22 11:53:03.952root 11241100x80000000000000003869670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4739358c34337fd2021-12-22 11:53:03.952root 11241100x80000000000000003869671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994af4f9a9e8ec542021-12-22 11:53:03.954root 11241100x80000000000000003869672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcea7a22f81f786c2021-12-22 11:53:03.954root 11241100x80000000000000003869673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8494da782d9f5c92021-12-22 11:53:03.954root 11241100x80000000000000003869674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db8468265513c00d2021-12-22 11:53:03.954root 11241100x80000000000000003869675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9151a9580cc738fd2021-12-22 11:53:03.954root 11241100x80000000000000003869676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699672bb3e8195332021-12-22 11:53:03.954root 11241100x80000000000000003869677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0660058e5ee71c7e2021-12-22 11:53:03.954root 11241100x80000000000000003869678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b61d21fe49983202021-12-22 11:53:03.954root 11241100x80000000000000003869679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b19b500123ba9c22021-12-22 11:53:03.955root 11241100x80000000000000003869680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1dbb9f5a13f2252021-12-22 11:53:03.955root 11241100x80000000000000003869681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058faaae66611c962021-12-22 11:53:03.955root 11241100x80000000000000003869682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2677598cca987272021-12-22 11:53:03.955root 11241100x80000000000000003869683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8751923dcdcf50772021-12-22 11:53:03.955root 11241100x80000000000000003869684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8895952a7fa0f32021-12-22 11:53:03.955root 11241100x80000000000000003869685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c63bf2f2cc8d77f2021-12-22 11:53:03.955root 11241100x80000000000000003869686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561f14e7023abf212021-12-22 11:53:03.955root 11241100x80000000000000003869687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d021b9fcc9a3532021-12-22 11:53:03.956root 11241100x80000000000000003869688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec68307a16bf1a92021-12-22 11:53:03.956root 11241100x80000000000000003869689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7549297b15b699a32021-12-22 11:53:03.956root 11241100x80000000000000003869690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7ace5eacfba17b2021-12-22 11:53:03.956root 11241100x80000000000000003869691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b280e6fd85a8e8d2021-12-22 11:53:03.956root 11241100x80000000000000003869692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad5490e993f896a2021-12-22 11:53:03.957root 11241100x80000000000000003869693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad38a53f4ff18232021-12-22 11:53:03.957root 11241100x80000000000000003869694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13170129552002d2021-12-22 11:53:03.957root 11241100x80000000000000003869695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac18019311af110f2021-12-22 11:53:03.958root 11241100x80000000000000003869696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f6d039e1db8acb2021-12-22 11:53:03.958root 11241100x80000000000000003869697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f4982fc572b4842021-12-22 11:53:03.958root 11241100x80000000000000003869698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c085dc3dbd23b0292021-12-22 11:53:03.958root 11241100x80000000000000003869699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4d73605d0ff8b32021-12-22 11:53:03.958root 11241100x80000000000000003869700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf416e06b2d78e02021-12-22 11:53:03.958root 11241100x80000000000000003869701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e8b0e92efd828b2021-12-22 11:53:03.958root 11241100x80000000000000003869702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e5091aa78c9c362021-12-22 11:53:03.959root 11241100x80000000000000003869703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b9cdcdea508ac12021-12-22 11:53:03.959root 11241100x80000000000000003869704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5e9004938d48402021-12-22 11:53:03.959root 11241100x80000000000000003869705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb147b20f821ffe2021-12-22 11:53:03.959root 11241100x80000000000000003869706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241f19f70fcfd78a2021-12-22 11:53:03.960root 11241100x80000000000000003869707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd24d704dec25aa2021-12-22 11:53:03.961root 11241100x80000000000000003869708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487cfa12a069ca622021-12-22 11:53:03.961root 11241100x80000000000000003869709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d590d2071a5fdd82021-12-22 11:53:03.961root 11241100x80000000000000003869710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c303ea6f3aa7dc2021-12-22 11:53:03.961root 11241100x80000000000000003869711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40eff4747fe09d292021-12-22 11:53:03.961root 11241100x80000000000000003869712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c9ca8e370705ff2021-12-22 11:53:03.962root 11241100x80000000000000003869713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e7741c57ed322b2021-12-22 11:53:03.962root 11241100x80000000000000003869714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e63b8c9e47559c2021-12-22 11:53:03.962root 11241100x80000000000000003869715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5a4347c4e7b9352021-12-22 11:53:03.963root 11241100x80000000000000003869716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61c378511991c842021-12-22 11:53:03.963root 11241100x80000000000000003869717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b144d96139bd6aa42021-12-22 11:53:03.963root 11241100x80000000000000003869718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8445ee7c1a0b9b2021-12-22 11:53:03.964root 11241100x80000000000000003869719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1c637de54786b92021-12-22 11:53:03.964root 11241100x80000000000000003869720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6ea78b6e93b6c52021-12-22 11:53:03.964root 11241100x80000000000000003869721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b37f9db6f14e5d2021-12-22 11:53:03.964root 11241100x80000000000000003869722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bebf528e97b247382021-12-22 11:53:03.965root 11241100x80000000000000003869723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6825a93dceacab602021-12-22 11:53:03.965root 11241100x80000000000000003869724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4960f07916424202021-12-22 11:53:03.965root 11241100x80000000000000003869725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086822e331bade082021-12-22 11:53:03.965root 11241100x80000000000000003869726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f6655285dc75342021-12-22 11:53:03.965root 11241100x80000000000000003869727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb84e98b58c599962021-12-22 11:53:03.966root 11241100x80000000000000003869728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0652766742999162021-12-22 11:53:03.966root 11241100x80000000000000003869729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1220697fd83f3e2021-12-22 11:53:03.966root 11241100x80000000000000003869730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025ccb98394af6322021-12-22 11:53:03.967root 11241100x80000000000000003869731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d85c7780e4680352021-12-22 11:53:03.967root 11241100x80000000000000003869732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651601a63d6691772021-12-22 11:53:03.967root 11241100x80000000000000003869733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a714e2e60ba3172021-12-22 11:53:03.967root 11241100x80000000000000003869734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22fd6d6ce3b50c4d2021-12-22 11:53:03.967root 11241100x80000000000000003869735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ffce1b668d230f2021-12-22 11:53:03.967root 11241100x80000000000000003869736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b654cb988c14bc62021-12-22 11:53:03.967root 11241100x80000000000000003869737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60cdf9b8df88bc422021-12-22 11:53:03.967root 11241100x80000000000000003869738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88a5164d99419cc2021-12-22 11:53:03.968root 11241100x80000000000000003869739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c4c983d292e75d2021-12-22 11:53:03.968root 11241100x80000000000000003869740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ecd1a51b593e5442021-12-22 11:53:03.968root 11241100x80000000000000003869741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e51aaf96b7a88e2021-12-22 11:53:03.968root 11241100x80000000000000003869742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8ba6c7ebd54f942021-12-22 11:53:03.968root 11241100x80000000000000003869743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d881bc1b6ee4c02021-12-22 11:53:03.968root 11241100x80000000000000003869744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6602cf34000492532021-12-22 11:53:03.969root 11241100x80000000000000003869745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e543c362f31a652021-12-22 11:53:03.969root 11241100x80000000000000003869746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948c4244e9ce37712021-12-22 11:53:03.969root 11241100x80000000000000003869747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03dcc52e6907d9552021-12-22 11:53:03.969root 11241100x80000000000000003869748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecdea36e4be64fc92021-12-22 11:53:03.969root 11241100x80000000000000003869749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93de47fd091092dc2021-12-22 11:53:03.969root 11241100x80000000000000003869750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8915cb583861da2021-12-22 11:53:03.969root 11241100x80000000000000003869751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442dc722cd2bfbfa2021-12-22 11:53:03.969root 11241100x80000000000000003869752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78eb474b7ac537d2021-12-22 11:53:03.969root 11241100x80000000000000003869753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce047c68184191bf2021-12-22 11:53:03.970root 11241100x80000000000000003869754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bcf8b5b21440f2d2021-12-22 11:53:03.970root 11241100x80000000000000003869755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe647e0e0c2d3942021-12-22 11:53:03.970root 11241100x80000000000000003869756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a538d5d8c281b82021-12-22 11:53:03.970root 11241100x80000000000000003869757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1329549b41aa4162021-12-22 11:53:03.970root 11241100x80000000000000003869758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ffab95c06bef62b2021-12-22 11:53:03.970root 11241100x80000000000000003869759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa639921f371ad02021-12-22 11:53:03.970root 11241100x80000000000000003869760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d3ab2d9414a2652021-12-22 11:53:03.970root 11241100x80000000000000003869761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1770488bb7c0246b2021-12-22 11:53:03.970root 11241100x80000000000000003869762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cac0da061e3b772021-12-22 11:53:03.971root 11241100x80000000000000003869763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e30aa5148aabc492021-12-22 11:53:03.971root 11241100x80000000000000003869764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e3ccd4b66a11da2021-12-22 11:53:03.971root 11241100x80000000000000003869765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc16f86dea8cc8e2021-12-22 11:53:03.971root 11241100x80000000000000003869766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0701bf9e746d3af02021-12-22 11:53:03.971root 11241100x80000000000000003869767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4964e434e10ec35f2021-12-22 11:53:03.971root 11241100x80000000000000003869768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828b4fd94f294be42021-12-22 11:53:03.971root 11241100x80000000000000003869769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9a63675a4231e02021-12-22 11:53:03.972root 11241100x80000000000000003869770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08505c9b0f50734e2021-12-22 11:53:03.972root 11241100x80000000000000003869771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812f088fa2c594f62021-12-22 11:53:03.972root 11241100x80000000000000003869772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d385ebc82c2ec6152021-12-22 11:53:03.972root 11241100x80000000000000003869773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8a3ec71e9eaa0f2021-12-22 11:53:03.972root 11241100x80000000000000003869774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38cd80da1f3077ef2021-12-22 11:53:03.972root 11241100x80000000000000003869775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0394f21e6f9e062021-12-22 11:53:03.972root 11241100x80000000000000003869776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5d8670ec9a19882021-12-22 11:53:03.972root 11241100x80000000000000003869777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb95762fb3ae9bd2021-12-22 11:53:03.972root 11241100x80000000000000003869778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2ed990db3457832021-12-22 11:53:03.972root 11241100x80000000000000003869779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ce1fd0f66efb432021-12-22 11:53:03.973root 11241100x80000000000000003869780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbe77164fd2490e2021-12-22 11:53:03.973root 11241100x80000000000000003869781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3c94df23ee18b32021-12-22 11:53:03.973root 11241100x80000000000000003869782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14b254a25e1943d2021-12-22 11:53:03.973root 11241100x80000000000000003869783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6499c974aef7eca92021-12-22 11:53:03.973root 11241100x80000000000000003869784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1adf0af337f8dd902021-12-22 11:53:03.973root 11241100x80000000000000003869785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b0920d8d7826ab2021-12-22 11:53:03.973root 11241100x80000000000000003869786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4294c47c0905e452021-12-22 11:53:03.973root 11241100x80000000000000003869787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bdf035e7a669d862021-12-22 11:53:03.973root 11241100x80000000000000003869788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22ad4b6386388832021-12-22 11:53:03.974root 11241100x80000000000000003869789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebbf6d90cd019352021-12-22 11:53:03.974root 11241100x80000000000000003869790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c241c3b1d18b97072021-12-22 11:53:03.974root 11241100x80000000000000003869791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c2608c844158652021-12-22 11:53:03.974root 11241100x80000000000000003869792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91949cc464baa85b2021-12-22 11:53:03.974root 11241100x80000000000000003869793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76da607a377ef5502021-12-22 11:53:03.974root 11241100x80000000000000003869794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce94ad2cf680a02c2021-12-22 11:53:03.974root 11241100x80000000000000003869795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0068710f136223cc2021-12-22 11:53:03.974root 11241100x80000000000000003869796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d1e6de7f05078a2021-12-22 11:53:03.974root 11241100x80000000000000003869797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.975{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c473787b6d507cc2021-12-22 11:53:03.975root 11241100x80000000000000003869798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.975{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1174b0a3c7fbdc2021-12-22 11:53:03.975root 11241100x80000000000000003869799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.975{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbeba4cf90bc22b2021-12-22 11:53:03.975root 11241100x80000000000000003869800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.975{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0453abf99283f4962021-12-22 11:53:03.975root 11241100x80000000000000003869801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.975{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca3266f6e7087502021-12-22 11:53:03.975root 11241100x80000000000000003869802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.975{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471f1f9128a9aab52021-12-22 11:53:03.975root 11241100x80000000000000003869803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.975{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a066783bc05b0f362021-12-22 11:53:03.975root 11241100x80000000000000003869804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.975{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2782bace15d62c382021-12-22 11:53:03.975root 11241100x80000000000000003869805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.975{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b8ca98abb032242021-12-22 11:53:03.975root 11241100x80000000000000003869806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.976{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf79bbe74d138192021-12-22 11:53:03.976root 11241100x80000000000000003869807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.976{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480502080aeed84b2021-12-22 11:53:03.976root 11241100x80000000000000003869808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.976{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f51f3e5acf677142021-12-22 11:53:03.976root 11241100x80000000000000003869809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.976{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0cc005a50a48f352021-12-22 11:53:03.976root 11241100x80000000000000003869810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.976{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e7b56dae52eb9b2021-12-22 11:53:03.976root 11241100x80000000000000003869811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.976{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f535741eb5c3baea2021-12-22 11:53:03.976root 11241100x80000000000000003869812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.976{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b001b5093b28dd02021-12-22 11:53:03.976root 11241100x80000000000000003869813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.976{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff0daae4d1145672021-12-22 11:53:03.976root 11241100x80000000000000003869814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.976{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea7e03a85b98d5d2021-12-22 11:53:03.976root 11241100x80000000000000003869815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.977{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fddc19e37a747732021-12-22 11:53:03.977root 11241100x80000000000000003869816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.977{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547738e40f205ac92021-12-22 11:53:03.977root 11241100x80000000000000003869817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.977{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac036917841e2d062021-12-22 11:53:03.977root 11241100x80000000000000003869818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.977{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b6c919de7e620a2021-12-22 11:53:03.977root 11241100x80000000000000003869819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.977{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d35bb12e8e8b682021-12-22 11:53:03.977root 11241100x80000000000000003869820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.977{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9479c6e5c04aba92021-12-22 11:53:03.977root 11241100x80000000000000003869821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.977{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e64bc7f655b28c2021-12-22 11:53:03.977root 11241100x80000000000000003869822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.977{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8ff2302dbdfc492021-12-22 11:53:03.977root 11241100x80000000000000003869823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.978{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7cf5fc8633c83e2021-12-22 11:53:03.978root 11241100x80000000000000003869824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.978{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f8234bdc4f79a92021-12-22 11:53:03.978root 11241100x80000000000000003869825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.978{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d560f03b646150d2021-12-22 11:53:03.978root 11241100x80000000000000003869826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.978{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5df8978f7494ba82021-12-22 11:53:03.978root 11241100x80000000000000003869827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.978{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f458705f3b11ec2021-12-22 11:53:03.978root 11241100x80000000000000003869828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.978{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3abd785175b4032021-12-22 11:53:03.978root 11241100x80000000000000003869829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.978{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef560f47291ff3602021-12-22 11:53:03.978root 11241100x80000000000000003869830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.978{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77bc80ef0963198e2021-12-22 11:53:03.978root 11241100x80000000000000003869831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.979{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e90ad262f418c52021-12-22 11:53:03.979root 11241100x80000000000000003869832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.979{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc2fed82491f1e62021-12-22 11:53:03.979root 11241100x80000000000000003869833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.979{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539b8e5a0403f9d92021-12-22 11:53:03.979root 11241100x80000000000000003869834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.979{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bdd6dfb26e875982021-12-22 11:53:03.979root 11241100x80000000000000003869835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.979{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6ed6a2286f90ef2021-12-22 11:53:03.979root 11241100x80000000000000003869836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.979{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ea407821b0c1812021-12-22 11:53:03.979root 11241100x80000000000000003869837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.979{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c2dae493d580422021-12-22 11:53:03.979root 11241100x80000000000000003869838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.979{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce70ea4bfa1c6a3d2021-12-22 11:53:03.979root 11241100x80000000000000003869839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.979{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e265f9666da338b2021-12-22 11:53:03.979root 11241100x80000000000000003869840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.980{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e238a55bcb8f93672021-12-22 11:53:03.980root 11241100x80000000000000003869841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.980{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb3375366d0bc8d2021-12-22 11:53:03.980root 11241100x80000000000000003869842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.980{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33602398fda561a2021-12-22 11:53:03.980root 11241100x80000000000000003869843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.980{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534f804e6dd7a89d2021-12-22 11:53:03.980root 11241100x80000000000000003869844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.980{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d6a09bffab4ae22021-12-22 11:53:03.980root 11241100x80000000000000003869845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.980{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871fa98fad104e832021-12-22 11:53:03.980root 11241100x80000000000000003869846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.981{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270a53b2ef9dea632021-12-22 11:53:03.981root 11241100x80000000000000003869847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.981{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f314364a2af0ae2021-12-22 11:53:03.981root 11241100x80000000000000003869848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.981{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e100fca611f2a77c2021-12-22 11:53:03.981root 11241100x80000000000000003869849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.981{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c97a7a3da932922021-12-22 11:53:03.981root 11241100x80000000000000003869850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.981{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4268ad83da624cd82021-12-22 11:53:03.981root 11241100x80000000000000003869851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.981{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcdb52d543a404932021-12-22 11:53:03.981root 11241100x80000000000000003869852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.981{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2be2e9d4f10b2a12021-12-22 11:53:03.981root 11241100x80000000000000003869853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.981{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99548fa660b8ffb22021-12-22 11:53:03.981root 11241100x80000000000000003869854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.981{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a71fa8cbf758a52021-12-22 11:53:03.981root 11241100x80000000000000003869855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.981{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e716483706938b932021-12-22 11:53:03.981root 11241100x80000000000000003869856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.981{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7459c21cb67f6e2021-12-22 11:53:03.981root 11241100x80000000000000003869857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.981{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ab2ac279d50ab72021-12-22 11:53:03.981root 11241100x80000000000000003869858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.981{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9ec250689bd6a52021-12-22 11:53:03.981root 11241100x80000000000000003869859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.981{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b23673ed624a5292021-12-22 11:53:03.981root 11241100x80000000000000003869860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.982{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77c33d502f36e182021-12-22 11:53:03.982root 11241100x80000000000000003869861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.982{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1258aab77d9e95652021-12-22 11:53:03.982root 11241100x80000000000000003869862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.982{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965b81cb61381ba52021-12-22 11:53:03.982root 11241100x80000000000000003869863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.982{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e50d8e733c70432021-12-22 11:53:03.982root 11241100x80000000000000003869864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.982{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8a4125e52110192021-12-22 11:53:03.982root 11241100x80000000000000003869865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.982{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850e5ce87d3ff5ea2021-12-22 11:53:03.982root 11241100x80000000000000003869866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.982{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3462b2e934e61332021-12-22 11:53:03.982root 11241100x80000000000000003869867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.982{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.964355bfe55050602021-12-22 11:53:03.982root 11241100x80000000000000003869868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.982{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220dbca05965d5732021-12-22 11:53:03.982root 11241100x80000000000000003869869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.982{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3e3181038147142021-12-22 11:53:03.982root 11241100x80000000000000003869870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.982{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af1b9844ab758982021-12-22 11:53:03.982root 11241100x80000000000000003869871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.982{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa4041a57f266b92021-12-22 11:53:03.982root 11241100x80000000000000003869872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.983{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9eb5cb80d44e50b2021-12-22 11:53:03.983root 11241100x80000000000000003869873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.983{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314997c9781e1fa12021-12-22 11:53:03.983root 11241100x80000000000000003869874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.983{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fcf00471923da182021-12-22 11:53:03.983root 11241100x80000000000000003869875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.983{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0f909c6eedfe402021-12-22 11:53:03.983root 11241100x80000000000000003869876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.983{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea17b70c733ca59a2021-12-22 11:53:03.983root 11241100x80000000000000003869877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.983{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd17e40c1b312092021-12-22 11:53:03.983root 11241100x80000000000000003869878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.983{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1719824a60f9c5812021-12-22 11:53:03.983root 11241100x80000000000000003869879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.983{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c169b6b4451ce7452021-12-22 11:53:03.983root 11241100x80000000000000003869880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.983{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc71ea361f82a8f2021-12-22 11:53:03.983root 11241100x80000000000000003869881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.983{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d632a646accce58b2021-12-22 11:53:03.983root 11241100x80000000000000003869882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.983{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad1b83e32e7836d2021-12-22 11:53:03.983root 11241100x80000000000000003869883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.983{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14447a5dcc16bbe52021-12-22 11:53:03.983root 11241100x80000000000000003869884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.983{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651de6879aa580042021-12-22 11:53:03.983root 11241100x80000000000000003869885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.983{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc99c4162912f3bc2021-12-22 11:53:03.983root 11241100x80000000000000003869886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.984{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46bf814a8b2da0e42021-12-22 11:53:03.984root 11241100x80000000000000003869887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.984{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461fb99d63eed27f2021-12-22 11:53:03.984root 11241100x80000000000000003869888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.984{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e65db88832653f2021-12-22 11:53:03.984root 11241100x80000000000000003869889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.984{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed46201065305b42021-12-22 11:53:03.984root 11241100x80000000000000003869890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.984{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae2aee54b8d58592021-12-22 11:53:03.984root 11241100x80000000000000003869891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.984{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3665c399d984e7852021-12-22 11:53:03.984root 11241100x80000000000000003869892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.984{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104d338c5b0cbcb42021-12-22 11:53:03.984root 11241100x80000000000000003869893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.984{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f883ca3922a75c2021-12-22 11:53:03.984root 11241100x80000000000000003869894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.984{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744520fefa8aaf252021-12-22 11:53:03.984root 11241100x80000000000000003869895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.984{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955a2154292347cf2021-12-22 11:53:03.984root 11241100x80000000000000003869896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.984{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362fce9f538863b22021-12-22 11:53:03.984root 11241100x80000000000000003869897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.984{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12fa894edbcb5ecb2021-12-22 11:53:03.984root 11241100x80000000000000003869898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.984{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e8c428947bb9732021-12-22 11:53:03.984root 11241100x80000000000000003869899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.985{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f52d10dc8ad844e2021-12-22 11:53:03.985root 11241100x80000000000000003869900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.985{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce30836c9073431f2021-12-22 11:53:03.985root 11241100x80000000000000003869901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.985{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1de225b10a705b12021-12-22 11:53:03.985root 11241100x80000000000000003869902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.985{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309243a9c3b41f972021-12-22 11:53:03.985root 11241100x80000000000000003869903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.985{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e11435ea6c66ae2021-12-22 11:53:03.985root 11241100x80000000000000003869904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.985{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec0123192f499182021-12-22 11:53:03.985root 11241100x80000000000000003869905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.985{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf7aad58b5f1c792021-12-22 11:53:03.985root 11241100x80000000000000003869906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.985{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e2a5857c2d8d842021-12-22 11:53:03.985root 11241100x80000000000000003869907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.985{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cb9ccc074a2a802021-12-22 11:53:03.985root 11241100x80000000000000003869908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.985{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b46d1813a88f8d2021-12-22 11:53:03.985root 11241100x80000000000000003869909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.985{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ca6897142eacd02021-12-22 11:53:03.985root 11241100x80000000000000003869910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.985{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6672b5eaa95d7dad2021-12-22 11:53:03.985root 11241100x80000000000000003869911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.985{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925fcef53134e8252021-12-22 11:53:03.985root 11241100x80000000000000003869912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.986{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c067c69f1e2a8c82021-12-22 11:53:03.986root 11241100x80000000000000003869913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.986{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323fadb6bd65dba02021-12-22 11:53:03.986root 11241100x80000000000000003869914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.986{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0930a6610ca7a67c2021-12-22 11:53:03.986root 11241100x80000000000000003869915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.986{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fae3cccbf0ff79f2021-12-22 11:53:03.986root 11241100x80000000000000003869916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.986{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec5e58af5cc9a262021-12-22 11:53:03.986root 11241100x80000000000000003869917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.986{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff07321de1d19dc52021-12-22 11:53:03.986root 11241100x80000000000000003869918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.986{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3ff1856b5189ea2021-12-22 11:53:03.986root 11241100x80000000000000003869919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.986{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7151c4155778d7cf2021-12-22 11:53:03.986root 11241100x80000000000000003869920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.986{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cc066a3a6943722021-12-22 11:53:03.986root 11241100x80000000000000003869921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.986{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387569e7623437282021-12-22 11:53:03.986root 11241100x80000000000000003869922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.986{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00da713a45fa729c2021-12-22 11:53:03.986root 11241100x80000000000000003869923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.986{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c5edca7a41f7b12021-12-22 11:53:03.986root 11241100x80000000000000003869924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.987{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52046f662d6ba192021-12-22 11:53:03.987root 11241100x80000000000000003869925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.987{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df96d3b679c23002021-12-22 11:53:03.987root 11241100x80000000000000003869926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.987{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59606e0a67feb6632021-12-22 11:53:03.987root 11241100x80000000000000003869927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.987{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000e065df9a9ff5e2021-12-22 11:53:03.987root 11241100x80000000000000003869928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.987{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76892371c92bdfaa2021-12-22 11:53:03.987root 11241100x80000000000000003869929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.987{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c4b07fab04956a2021-12-22 11:53:03.987root 11241100x80000000000000003869930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.987{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a64d8657205938f2021-12-22 11:53:03.987root 11241100x80000000000000003869931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.987{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6a3c1e7c5da8532021-12-22 11:53:03.987root 11241100x80000000000000003869932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.987{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7bd237f576edcf2021-12-22 11:53:03.987root 11241100x80000000000000003869933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.987{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3261583887a53b512021-12-22 11:53:03.987root 11241100x80000000000000003869934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.987{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d093e088ee0132042021-12-22 11:53:03.987root 11241100x80000000000000003869935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.987{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38b552eaebf8ace2021-12-22 11:53:03.987root 11241100x80000000000000003869936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.987{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f64a26664b371732021-12-22 11:53:03.987root 11241100x80000000000000003869937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.987{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c715cb31e4596ab2021-12-22 11:53:03.987root 11241100x80000000000000003869938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.988{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc750963ea941efa2021-12-22 11:53:03.988root 11241100x80000000000000003869939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.988{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785134149e005ee72021-12-22 11:53:03.988root 11241100x80000000000000003869940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.988{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca7017465b8739c2021-12-22 11:53:03.988root 11241100x80000000000000003869941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.988{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883ca057c1e259e72021-12-22 11:53:03.988root 11241100x80000000000000003869942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.988{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693903948342a6752021-12-22 11:53:03.988root 11241100x80000000000000003869943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.988{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d8b5028862dbaa2021-12-22 11:53:03.988root 11241100x80000000000000003869944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.988{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff4d7992be054f02021-12-22 11:53:03.988root 11241100x80000000000000003869945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.988{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8fe9d7c90dc03c32021-12-22 11:53:03.988root 11241100x80000000000000003869946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.988{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566b112079e97f9a2021-12-22 11:53:03.988root 11241100x80000000000000003869947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.988{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227bd078b848d25e2021-12-22 11:53:03.988root 11241100x80000000000000003869948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.988{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b23ef73da4db3e2021-12-22 11:53:03.988root 11241100x80000000000000003869949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.988{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fea94aa474e13a92021-12-22 11:53:03.988root 11241100x80000000000000003869950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.989{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9596003cf39ed52021-12-22 11:53:03.989root 11241100x80000000000000003869951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.989{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0187661a41ee53e32021-12-22 11:53:03.989root 11241100x80000000000000003869952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.989{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851e997db0bc40642021-12-22 11:53:03.989root 11241100x80000000000000003869953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.989{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab6523df7cf58f72021-12-22 11:53:03.989root 11241100x80000000000000003869954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.989{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25bb8023acf566c62021-12-22 11:53:03.989root 11241100x80000000000000003869955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.989{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5470ff64e429a1ea2021-12-22 11:53:03.989root 11241100x80000000000000003869956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.989{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680706518586174e2021-12-22 11:53:03.989root 11241100x80000000000000003869957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.989{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba22ba3a6153f7a2021-12-22 11:53:03.989root 11241100x80000000000000003869958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.989{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1611aa9e0d050e82021-12-22 11:53:03.989root 11241100x80000000000000003869959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.989{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eef589f902027be2021-12-22 11:53:03.989root 11241100x80000000000000003869960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.989{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5fc52e9fa271ad02021-12-22 11:53:03.989root 11241100x80000000000000003869961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.989{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb89ddb1a0653ad12021-12-22 11:53:03.989root 11241100x80000000000000003869962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.989{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b643d37404da622021-12-22 11:53:03.989root 11241100x80000000000000003869963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.990{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd12765e8f3fa5b42021-12-22 11:53:03.990root 11241100x80000000000000003869964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.990{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ac6c9ed2fed49d2021-12-22 11:53:03.990root 11241100x80000000000000003869965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.990{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2875d75f4dd7a3642021-12-22 11:53:03.990root 11241100x80000000000000003869966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.990{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12de075b4060faa62021-12-22 11:53:03.990root 11241100x80000000000000003869967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.990{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8606dcd0f4d22f782021-12-22 11:53:03.990root 11241100x80000000000000003869968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.990{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811fa39c84f7198b2021-12-22 11:53:03.990root 11241100x80000000000000003869969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.990{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9c7721b01564222021-12-22 11:53:03.990root 11241100x80000000000000003869970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.990{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e407b88aa53d5fca2021-12-22 11:53:03.990root 11241100x80000000000000003869971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.990{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1357a588aac1b9022021-12-22 11:53:03.990root 11241100x80000000000000003869972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.990{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11dcc724da991452021-12-22 11:53:03.990root 11241100x80000000000000003869973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.990{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1445f0bc8bc1ccfd2021-12-22 11:53:03.990root 11241100x80000000000000003869974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.991{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320f735be1ae169e2021-12-22 11:53:03.991root 11241100x80000000000000003869975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.991{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a216d1e52102a2c12021-12-22 11:53:03.991root 11241100x80000000000000003869976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.991{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e8e9af1c5b510c2021-12-22 11:53:03.991root 11241100x80000000000000003869977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.991{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2348ebcdc360fd72021-12-22 11:53:03.991root 11241100x80000000000000003869978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.991{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62db165ebc55f9b12021-12-22 11:53:03.991root 11241100x80000000000000003869979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.991{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a75fc0fc2c85a5c2021-12-22 11:53:03.991root 11241100x80000000000000003869980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.991{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a848b84f6b2e8cb2021-12-22 11:53:03.991root 11241100x80000000000000003869981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.991{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4df20a2c6832a432021-12-22 11:53:03.991root 11241100x80000000000000003869982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.991{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e020210f159186f02021-12-22 11:53:03.991root 11241100x80000000000000003869983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.992{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b3edce1c08836d2021-12-22 11:53:03.992root 11241100x80000000000000003869984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.992{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1fb95324cdffeb32021-12-22 11:53:03.992root 11241100x80000000000000003869985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.992{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c755eecca77db3032021-12-22 11:53:03.992root 11241100x80000000000000003869986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.992{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8af25aea9c87ad2021-12-22 11:53:03.992root 11241100x80000000000000003869987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.992{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1adfcc7d7d05735b2021-12-22 11:53:03.992root 11241100x80000000000000003869988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.992{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d954bd5e63ee1242021-12-22 11:53:03.992root 11241100x80000000000000003869989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.992{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f260154a1b8d06192021-12-22 11:53:03.992root 11241100x80000000000000003869990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.992{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1d67a876f148d42021-12-22 11:53:03.992root 11241100x80000000000000003869991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.992{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1b9b6969b07e502021-12-22 11:53:03.992root 11241100x80000000000000003869992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.992{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6f05714f65f10b2021-12-22 11:53:03.992root 11241100x80000000000000003869993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.992{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b6d661097278ed2021-12-22 11:53:03.992root 11241100x80000000000000003869994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.992{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb99051e7f5ddfd2021-12-22 11:53:03.992root 11241100x80000000000000003869995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.993{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4111ba5d098146b2021-12-22 11:53:03.993root 11241100x80000000000000003869996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.993{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5099f691e21ab1c2021-12-22 11:53:03.993root 11241100x80000000000000003869997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:03.993{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190241e9cc13f1802021-12-22 11:53:03.993root 11241100x80000000000000003869998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24f2388fd2b63c22021-12-22 11:53:04.443root 11241100x80000000000000003869999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204d8aa5f5f5b0432021-12-22 11:53:04.443root 11241100x80000000000000003870000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2ef6bca739f4bb2021-12-22 11:53:04.444root 11241100x80000000000000003870001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a768fc81a8deda5e2021-12-22 11:53:04.444root 11241100x80000000000000003870002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6769329faca733d02021-12-22 11:53:04.444root 11241100x80000000000000003870003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ae9a599b1855b72021-12-22 11:53:04.444root 11241100x80000000000000003870004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e7069bb6913a722021-12-22 11:53:04.444root 11241100x80000000000000003870005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527a677b490f2d3e2021-12-22 11:53:04.444root 11241100x80000000000000003870006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2297d772b92072ab2021-12-22 11:53:04.444root 11241100x80000000000000003870007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cbd984e2bb01c972021-12-22 11:53:04.444root 11241100x80000000000000003870008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc06be33c3fa47f2021-12-22 11:53:04.444root 11241100x80000000000000003870009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19667b1e191ab94b2021-12-22 11:53:04.444root 11241100x80000000000000003870010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301fa550810af8312021-12-22 11:53:04.445root 11241100x80000000000000003870011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b0613bd884203c2021-12-22 11:53:04.445root 11241100x80000000000000003870012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e3a55fd70092242021-12-22 11:53:04.445root 11241100x80000000000000003870013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f3b8431d300a172021-12-22 11:53:04.445root 11241100x80000000000000003870014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e415b73b69f3fe72021-12-22 11:53:04.445root 11241100x80000000000000003870015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961cefe52b09a4ab2021-12-22 11:53:04.445root 11241100x80000000000000003870016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11885f584f8138382021-12-22 11:53:04.445root 11241100x80000000000000003870017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ebe966631c9ead2021-12-22 11:53:04.445root 11241100x80000000000000003870018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942eec86bde897032021-12-22 11:53:04.445root 11241100x80000000000000003870019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec714633df614462021-12-22 11:53:04.446root 11241100x80000000000000003870020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d408f4af68ea8e102021-12-22 11:53:04.446root 11241100x80000000000000003870021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6f2e0cafc27fa42021-12-22 11:53:04.446root 11241100x80000000000000003870022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515b5e0972a188fd2021-12-22 11:53:04.446root 11241100x80000000000000003870023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770b103390019fbe2021-12-22 11:53:04.446root 11241100x80000000000000003870024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133b2b6523c6f1182021-12-22 11:53:04.446root 11241100x80000000000000003870025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3bbecdd7182d092021-12-22 11:53:04.446root 11241100x80000000000000003870026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e6045e76b34f522021-12-22 11:53:04.446root 11241100x80000000000000003870027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23749596761556ec2021-12-22 11:53:04.446root 11241100x80000000000000003870028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0de44f53dfb117c2021-12-22 11:53:04.446root 11241100x80000000000000003870029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be9c3a420908fd82021-12-22 11:53:04.446root 11241100x80000000000000003870030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c547d4cc348f7c2021-12-22 11:53:04.448root 11241100x80000000000000003870031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d7b2dbd29173ae2021-12-22 11:53:04.449root 11241100x80000000000000003870032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e210f9849c8eee72021-12-22 11:53:04.449root 11241100x80000000000000003870033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28bc0a90e2cc2f5d2021-12-22 11:53:04.449root 11241100x80000000000000003870034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82622462de83ab4c2021-12-22 11:53:04.449root 11241100x80000000000000003870035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1e54f627719e7e2021-12-22 11:53:04.449root 11241100x80000000000000003870036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248aa8891111552d2021-12-22 11:53:04.449root 11241100x80000000000000003870037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c31f81fdb62bf702021-12-22 11:53:04.449root 11241100x80000000000000003870038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0046d77a67fb7cd72021-12-22 11:53:04.449root 11241100x80000000000000003870039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f755cdfbe88cac342021-12-22 11:53:04.449root 11241100x80000000000000003870040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade36cf8be0f86fd2021-12-22 11:53:04.449root 11241100x80000000000000003870041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fc634fa75ad8632021-12-22 11:53:04.450root 11241100x80000000000000003870042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff9c507be1ad96b2021-12-22 11:53:04.450root 11241100x80000000000000003870043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1965320323064f4e2021-12-22 11:53:04.450root 11241100x80000000000000003870044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebfce7f9cdb332152021-12-22 11:53:04.450root 11241100x80000000000000003870045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cbbb20c120316f82021-12-22 11:53:04.450root 11241100x80000000000000003870046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3bd16661317a6e2021-12-22 11:53:04.450root 11241100x80000000000000003870047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1ddb6c734d2e7c2021-12-22 11:53:04.450root 11241100x80000000000000003870048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51dea1b7f3d1bfea2021-12-22 11:53:04.450root 11241100x80000000000000003870049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e487cff5eb47fc42021-12-22 11:53:04.450root 11241100x80000000000000003870050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fde71979a5256e72021-12-22 11:53:04.451root 11241100x80000000000000003870051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ff3f6f82d35df22021-12-22 11:53:04.451root 11241100x80000000000000003870052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbafbe08d903d892021-12-22 11:53:04.451root 11241100x80000000000000003870053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78cfa3fea7ebc5b92021-12-22 11:53:04.451root 11241100x80000000000000003870054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c990b5ff7b9482b42021-12-22 11:53:04.451root 11241100x80000000000000003870055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5fc68adabc52d32021-12-22 11:53:04.451root 11241100x80000000000000003870056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b48236588604c92021-12-22 11:53:04.451root 11241100x80000000000000003870057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af59c0eb6217f8cc2021-12-22 11:53:04.451root 11241100x80000000000000003870058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a46e08663598e1a2021-12-22 11:53:04.452root 11241100x80000000000000003870059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5617e5c8f969ed62021-12-22 11:53:04.452root 11241100x80000000000000003870060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23fa70c999d1efa2021-12-22 11:53:04.452root 11241100x80000000000000003870061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59dacddcb33319e2021-12-22 11:53:04.452root 11241100x80000000000000003870062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbba232e470cdeb2021-12-22 11:53:04.452root 11241100x80000000000000003870063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6cd6118bdfb15d52021-12-22 11:53:04.452root 11241100x80000000000000003870064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143e4a2687b22f702021-12-22 11:53:04.452root 11241100x80000000000000003870065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9817b53e1f38522021-12-22 11:53:04.452root 11241100x80000000000000003870066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8bc5843139c2b02021-12-22 11:53:04.452root 11241100x80000000000000003870067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6989059b545c422021-12-22 11:53:04.452root 11241100x80000000000000003870068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b428a2f3482f4b2021-12-22 11:53:04.453root 11241100x80000000000000003870069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c926538ebe1f48e2021-12-22 11:53:04.453root 11241100x80000000000000003870070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3c1a26f7d194da2021-12-22 11:53:04.453root 11241100x80000000000000003870071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd53746521cba7852021-12-22 11:53:04.453root 11241100x80000000000000003870072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae868731f6483202021-12-22 11:53:04.453root 11241100x80000000000000003870073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522a68cd43469b3d2021-12-22 11:53:04.453root 11241100x80000000000000003870074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868005f3fe44face2021-12-22 11:53:04.453root 11241100x80000000000000003870075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3d2a068b3a5c102021-12-22 11:53:04.453root 11241100x80000000000000003870076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0b0bfe45b658592021-12-22 11:53:04.453root 11241100x80000000000000003870077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce08ba2ff4845a62021-12-22 11:53:04.453root 11241100x80000000000000003870078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72912e9548f49da02021-12-22 11:53:04.453root 11241100x80000000000000003870079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50de7e9e1c914772021-12-22 11:53:04.454root 11241100x80000000000000003870080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5098572b1aaa44dc2021-12-22 11:53:04.454root 11241100x80000000000000003870081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a6a89b7abae1ef2021-12-22 11:53:04.454root 11241100x80000000000000003870082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b8f6fec0a0c3992021-12-22 11:53:04.454root 11241100x80000000000000003870083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94673e559f09b2cc2021-12-22 11:53:04.454root 11241100x80000000000000003870084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18da4728d9c8dc482021-12-22 11:53:04.454root 11241100x80000000000000003870085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c0ea06b65cafbd2021-12-22 11:53:04.454root 11241100x80000000000000003870086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1e52b60dd32f8e2021-12-22 11:53:04.454root 11241100x80000000000000003870087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6448348beb7ba7392021-12-22 11:53:04.454root 11241100x80000000000000003870088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089f8452a0d4bc0a2021-12-22 11:53:04.454root 11241100x80000000000000003870089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bdbd2f6af33eaef2021-12-22 11:53:04.454root 11241100x80000000000000003870090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b2383d6c2e103f2021-12-22 11:53:04.455root 11241100x80000000000000003870091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198aec6259bc50442021-12-22 11:53:04.455root 11241100x80000000000000003870092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d129da4eb79d0b2021-12-22 11:53:04.455root 11241100x80000000000000003870093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c939d86a5d666f892021-12-22 11:53:04.455root 11241100x80000000000000003870094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e685f519f4ce472021-12-22 11:53:04.455root 11241100x80000000000000003870095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9adf1ab01b1218672021-12-22 11:53:04.455root 11241100x80000000000000003870096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2854343ff8d190402021-12-22 11:53:04.455root 11241100x80000000000000003870097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d920e479065b064e2021-12-22 11:53:04.455root 11241100x80000000000000003870098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe167e531f5435ed2021-12-22 11:53:04.455root 11241100x80000000000000003870099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f86defa65fe7472021-12-22 11:53:04.455root 11241100x80000000000000003870100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ce372abcfd49482021-12-22 11:53:04.455root 11241100x80000000000000003870101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4861e4f9890f1d272021-12-22 11:53:04.455root 11241100x80000000000000003870102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4d31dd417049562021-12-22 11:53:04.455root 11241100x80000000000000003870103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83c175d5e7d0cae2021-12-22 11:53:04.455root 11241100x80000000000000003870104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c11e9bccdccfc3e2021-12-22 11:53:04.456root 11241100x80000000000000003870105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d86908014127ba2021-12-22 11:53:04.456root 11241100x80000000000000003870106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088966c389e9ce912021-12-22 11:53:04.456root 11241100x80000000000000003870107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531393c0cff363ac2021-12-22 11:53:04.456root 11241100x80000000000000003870108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d79ea1d7c1dfea42021-12-22 11:53:04.456root 11241100x80000000000000003870109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1979af3c27bc402021-12-22 11:53:04.456root 11241100x80000000000000003870110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41a166fcde926772021-12-22 11:53:04.456root 11241100x80000000000000003870111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca09df96b44b4c372021-12-22 11:53:04.456root 11241100x80000000000000003870112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094f6317bbe5c7a92021-12-22 11:53:04.456root 11241100x80000000000000003870113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59bb8cad45d74cb82021-12-22 11:53:04.456root 11241100x80000000000000003870114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9ff92036155e952021-12-22 11:53:04.456root 11241100x80000000000000003870115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ceb0a7f981682fb2021-12-22 11:53:04.456root 11241100x80000000000000003870116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9475bfb45fde93f2021-12-22 11:53:04.456root 11241100x80000000000000003870117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4069b8a63d1f222021-12-22 11:53:04.456root 11241100x80000000000000003870118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9e3ac170a7c48f2021-12-22 11:53:04.457root 11241100x80000000000000003870119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3d509c797c5ab12021-12-22 11:53:04.457root 11241100x80000000000000003870120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c59a8e7b1c56c842021-12-22 11:53:04.457root 11241100x80000000000000003870121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6439b3e0a18638772021-12-22 11:53:04.943root 11241100x80000000000000003870122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4737ba71e5338202021-12-22 11:53:04.943root 11241100x80000000000000003870123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bbf603736da83e2021-12-22 11:53:04.943root 11241100x80000000000000003870124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c76430adda7e1572021-12-22 11:53:04.943root 11241100x80000000000000003870125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd768df6c2205882021-12-22 11:53:04.944root 11241100x80000000000000003870126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c945eabbfb686b2021-12-22 11:53:04.944root 11241100x80000000000000003870127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9edbe9607eba89312021-12-22 11:53:04.944root 11241100x80000000000000003870128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f12f4f1b8123342021-12-22 11:53:04.944root 11241100x80000000000000003870129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1555f0635cf0c7f2021-12-22 11:53:04.944root 11241100x80000000000000003870130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c70f5120385a58b2021-12-22 11:53:04.944root 11241100x80000000000000003870131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c8d9a9ef0464732021-12-22 11:53:04.944root 11241100x80000000000000003870132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b354cf15b8235982021-12-22 11:53:04.944root 11241100x80000000000000003870133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9bf0e8d4b6a2d142021-12-22 11:53:04.944root 11241100x80000000000000003870134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769cb8f29ee1d7ce2021-12-22 11:53:04.945root 11241100x80000000000000003870135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4772127ebeb70182021-12-22 11:53:04.945root 11241100x80000000000000003870136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cfa8179f0977cc32021-12-22 11:53:04.945root 11241100x80000000000000003870137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27ad47b6fbf5bc52021-12-22 11:53:04.945root 11241100x80000000000000003870138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82370ace748be6362021-12-22 11:53:04.945root 11241100x80000000000000003870139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d123c9f1cec4392021-12-22 11:53:04.946root 11241100x80000000000000003870140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b1cf108df150662021-12-22 11:53:04.946root 11241100x80000000000000003870141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec946f7c0cfd841b2021-12-22 11:53:04.946root 11241100x80000000000000003870142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb17a37b1a2a21712021-12-22 11:53:04.946root 11241100x80000000000000003870143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef2ab62358405c762021-12-22 11:53:04.946root 11241100x80000000000000003870144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41f379442545f6b2021-12-22 11:53:04.946root 11241100x80000000000000003870145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42860d0e604bf872021-12-22 11:53:04.946root 11241100x80000000000000003870146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601152692b11f3b02021-12-22 11:53:04.946root 11241100x80000000000000003870147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332e00fa9cb21fb82021-12-22 11:53:04.947root 11241100x80000000000000003870148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e0aa8e5aeec3cd2021-12-22 11:53:04.947root 11241100x80000000000000003870149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13154815ffbf592b2021-12-22 11:53:04.947root 11241100x80000000000000003870150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a522bd1deb9f84c2021-12-22 11:53:04.947root 11241100x80000000000000003870151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce606ae8f1f8ba022021-12-22 11:53:04.947root 11241100x80000000000000003870152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18546205ed2413f2021-12-22 11:53:04.947root 11241100x80000000000000003870153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a62a92db3d930d62021-12-22 11:53:04.948root 11241100x80000000000000003870154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c4ba61782ebd4e2021-12-22 11:53:04.948root 11241100x80000000000000003870155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c074b422a8887d32021-12-22 11:53:04.948root 11241100x80000000000000003870156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7086ba528560112021-12-22 11:53:04.948root 11241100x80000000000000003870157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da4c85dfd6af2eec2021-12-22 11:53:04.948root 11241100x80000000000000003870158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e811829eba154e2021-12-22 11:53:04.948root 11241100x80000000000000003870159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58748ac5525bea62021-12-22 11:53:04.948root 11241100x80000000000000003870160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a00dee1009b80a52021-12-22 11:53:04.948root 11241100x80000000000000003870161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f60df7dd10b2b342021-12-22 11:53:04.948root 11241100x80000000000000003870162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ec0b1d1eb183922021-12-22 11:53:04.948root 11241100x80000000000000003870163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e95e1fed41e4482021-12-22 11:53:04.948root 11241100x80000000000000003870164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0306dd7f1f882f42021-12-22 11:53:04.949root 11241100x80000000000000003870165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ffc60f8e2ae75f2021-12-22 11:53:04.949root 11241100x80000000000000003870166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4596af4b2ff02f2021-12-22 11:53:04.949root 11241100x80000000000000003870167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09be1652d917a9782021-12-22 11:53:04.949root 11241100x80000000000000003870168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b2957b08c984ed2021-12-22 11:53:04.949root 11241100x80000000000000003870169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd12b1d1846bd1732021-12-22 11:53:04.949root 11241100x80000000000000003870170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df260ccf39a045352021-12-22 11:53:04.949root 11241100x80000000000000003870171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a800294dc5b20a462021-12-22 11:53:04.949root 11241100x80000000000000003870172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d9b408db6b64de2021-12-22 11:53:04.949root 11241100x80000000000000003870173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302661785acf3cfc2021-12-22 11:53:04.949root 11241100x80000000000000003870174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6559f042646a591f2021-12-22 11:53:04.949root 11241100x80000000000000003870175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e95a58dff3994ed2021-12-22 11:53:04.949root 11241100x80000000000000003870176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a493a7560977c9fc2021-12-22 11:53:04.949root 11241100x80000000000000003870177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b541c458473a73542021-12-22 11:53:04.950root 11241100x80000000000000003870178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2c233963fd1c9a2021-12-22 11:53:04.950root 11241100x80000000000000003870179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d6540790a9b43f2021-12-22 11:53:04.950root 11241100x80000000000000003870180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f962ddfd13252e82021-12-22 11:53:04.950root 11241100x80000000000000003870181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c85c29316208ad92021-12-22 11:53:04.950root 11241100x80000000000000003870182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585763682971155b2021-12-22 11:53:04.950root 11241100x80000000000000003870183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8930d792e17e0af22021-12-22 11:53:04.950root 11241100x80000000000000003870184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c72cbc75b6e6c9b2021-12-22 11:53:04.950root 11241100x80000000000000003870185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9f8c8b1fd2d0442021-12-22 11:53:04.950root 11241100x80000000000000003870186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5f99a6fe96a4e52021-12-22 11:53:04.950root 11241100x80000000000000003870187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c29fcf651753e0c2021-12-22 11:53:04.951root 11241100x80000000000000003870188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182cb97fcfbe0db62021-12-22 11:53:04.951root 11241100x80000000000000003870189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17829ff834fe4b742021-12-22 11:53:04.951root 11241100x80000000000000003870190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593ae877a87ba1ef2021-12-22 11:53:04.951root 11241100x80000000000000003870191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945ab607571d4a422021-12-22 11:53:04.951root 11241100x80000000000000003870192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:04.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13343ef5faedff912021-12-22 11:53:04.951root 11241100x80000000000000003870193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c2a19e0e3f8c932021-12-22 11:53:05.443root 11241100x80000000000000003870194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66e1a681c484c0c2021-12-22 11:53:05.443root 11241100x80000000000000003870195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef0b13930ddcd732021-12-22 11:53:05.443root 11241100x80000000000000003870196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbef921ae659a3752021-12-22 11:53:05.444root 11241100x80000000000000003870197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242cc803180ecf1a2021-12-22 11:53:05.444root 11241100x80000000000000003870198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267672368e92a9922021-12-22 11:53:05.444root 11241100x80000000000000003870199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ec8ed36239f5692021-12-22 11:53:05.444root 11241100x80000000000000003870200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8366fc09c4985a972021-12-22 11:53:05.444root 11241100x80000000000000003870201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f62d4d569d6b2402021-12-22 11:53:05.444root 11241100x80000000000000003870202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532c78d738dea12c2021-12-22 11:53:05.444root 11241100x80000000000000003870203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69890be74e63ad462021-12-22 11:53:05.444root 11241100x80000000000000003870204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17947e6cdfc77f752021-12-22 11:53:05.444root 11241100x80000000000000003870205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097fda2b80d723a22021-12-22 11:53:05.444root 11241100x80000000000000003870206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1388f15f164193542021-12-22 11:53:05.445root 11241100x80000000000000003870207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb25d493816ccac92021-12-22 11:53:05.445root 11241100x80000000000000003870208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d7607c6fd26fa92021-12-22 11:53:05.445root 11241100x80000000000000003870209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d228348d26fd792021-12-22 11:53:05.445root 11241100x80000000000000003870210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3aaa77896cf252e2021-12-22 11:53:05.445root 11241100x80000000000000003870211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418bce86489188072021-12-22 11:53:05.445root 11241100x80000000000000003870212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc25d591795f1e92021-12-22 11:53:05.445root 11241100x80000000000000003870213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4390c50fab2bd62021-12-22 11:53:05.445root 11241100x80000000000000003870214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65687d03a3c355d22021-12-22 11:53:05.445root 11241100x80000000000000003870215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326ca6c4077b395d2021-12-22 11:53:05.445root 11241100x80000000000000003870216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4f79baba99f5b72021-12-22 11:53:05.446root 11241100x80000000000000003870217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510fc41519209d172021-12-22 11:53:05.446root 11241100x80000000000000003870218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8deeada2c9c8ce4a2021-12-22 11:53:05.446root 11241100x80000000000000003870219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30dafb156704e062021-12-22 11:53:05.446root 11241100x80000000000000003870220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a440cb01ae0f9a2021-12-22 11:53:05.446root 11241100x80000000000000003870221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737ec59cde1ca1ba2021-12-22 11:53:05.446root 11241100x80000000000000003870222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c3920a04d7920e2021-12-22 11:53:05.446root 11241100x80000000000000003870223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388e29c8e1cc580c2021-12-22 11:53:05.446root 11241100x80000000000000003870224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52cf3219d79be0402021-12-22 11:53:05.446root 11241100x80000000000000003870225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7afad82bc0e30632021-12-22 11:53:05.446root 11241100x80000000000000003870226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f81593ce3732bff2021-12-22 11:53:05.447root 11241100x80000000000000003870227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8eb09507c5f7f0a2021-12-22 11:53:05.447root 11241100x80000000000000003870228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c0bcadd4275d9a2021-12-22 11:53:05.447root 11241100x80000000000000003870229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca74a34f985518b2021-12-22 11:53:05.447root 11241100x80000000000000003870230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81dc58b296fe711f2021-12-22 11:53:05.447root 11241100x80000000000000003870231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf09eb11a79fd7922021-12-22 11:53:05.447root 11241100x80000000000000003870232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cebcc2045231e3a2021-12-22 11:53:05.447root 11241100x80000000000000003870233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a8290b02826c282021-12-22 11:53:05.447root 11241100x80000000000000003870234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c7e14480493b1962021-12-22 11:53:05.447root 11241100x80000000000000003870235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90eb7f21858d7c5b2021-12-22 11:53:05.447root 11241100x80000000000000003870236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11524fd545913df72021-12-22 11:53:05.447root 11241100x80000000000000003870237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dcd64ac2e0899a02021-12-22 11:53:05.447root 11241100x80000000000000003870238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8bbadeb7ba650fc2021-12-22 11:53:05.448root 11241100x80000000000000003870239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5eb82b0674723f2021-12-22 11:53:05.448root 11241100x80000000000000003870240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c405a42a887637bc2021-12-22 11:53:05.448root 11241100x80000000000000003870241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c7d2379ad2604c2021-12-22 11:53:05.448root 11241100x80000000000000003870242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8779341d5121012021-12-22 11:53:05.448root 11241100x80000000000000003870243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86aa6faf5546d7db2021-12-22 11:53:05.448root 11241100x80000000000000003870244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d13ce5231131b62021-12-22 11:53:05.448root 11241100x80000000000000003870245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0af26981afa566e2021-12-22 11:53:05.448root 11241100x80000000000000003870246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc3934fa939edcd2021-12-22 11:53:05.448root 11241100x80000000000000003870247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79cb071ee3150bb02021-12-22 11:53:05.448root 11241100x80000000000000003870248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161afce830e863922021-12-22 11:53:05.448root 11241100x80000000000000003870249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc54740e68cb53d12021-12-22 11:53:05.448root 11241100x80000000000000003870250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee14baff6a5a62f2021-12-22 11:53:05.448root 11241100x80000000000000003870251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43e39aac25651c22021-12-22 11:53:05.448root 11241100x80000000000000003870252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b7b3f3a04edd5b2021-12-22 11:53:05.448root 11241100x80000000000000003870253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6bc964488fca86c2021-12-22 11:53:05.448root 11241100x80000000000000003870254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94bb1ddc804a4fc72021-12-22 11:53:05.449root 11241100x80000000000000003870255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc85c7014ff8ceac2021-12-22 11:53:05.449root 11241100x80000000000000003870256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8ead7afbf304b02021-12-22 11:53:05.449root 11241100x80000000000000003870257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7632beb2119087d02021-12-22 11:53:05.449root 11241100x80000000000000003870258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2030bb95aabf90872021-12-22 11:53:05.449root 11241100x80000000000000003870259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c5010fb348682a2021-12-22 11:53:05.449root 11241100x80000000000000003870260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be819ba315d6fae72021-12-22 11:53:05.449root 11241100x80000000000000003870261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d79e5c954f91dd2021-12-22 11:53:05.449root 11241100x80000000000000003870262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c0d81e10855e782021-12-22 11:53:05.449root 11241100x80000000000000003870263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6eec89be5afccd2021-12-22 11:53:05.449root 11241100x80000000000000003870264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5b0b74a789f09d2021-12-22 11:53:05.449root 11241100x80000000000000003870265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4632e3ee7bc10422021-12-22 11:53:05.449root 11241100x80000000000000003870266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d7f8fe5449460f2021-12-22 11:53:05.449root 11241100x80000000000000003870267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d12781cd31b37842021-12-22 11:53:05.449root 11241100x80000000000000003870268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0213489046af3fc12021-12-22 11:53:05.449root 11241100x80000000000000003870269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8d79a3eaff61c22021-12-22 11:53:05.449root 11241100x80000000000000003870270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274878a7a20cac8e2021-12-22 11:53:05.450root 11241100x80000000000000003870271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27360df489562d862021-12-22 11:53:05.453root 11241100x80000000000000003870272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d604e731d6bdb62021-12-22 11:53:05.454root 11241100x80000000000000003870273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358c553315fff7a52021-12-22 11:53:05.454root 11241100x80000000000000003870274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0dc4ebb1cced9582021-12-22 11:53:05.454root 11241100x80000000000000003870275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e376d08c33e6ef412021-12-22 11:53:05.454root 11241100x80000000000000003870276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce08a7ab25410ce22021-12-22 11:53:05.454root 11241100x80000000000000003870277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb94f395ff261012021-12-22 11:53:05.454root 11241100x80000000000000003870278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c617c3dfd06a780c2021-12-22 11:53:05.454root 11241100x80000000000000003870279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1a9cdc74f9449b2021-12-22 11:53:05.454root 11241100x80000000000000003870280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4abb45e6477d1682021-12-22 11:53:05.454root 11241100x80000000000000003870281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9062554e1b1dd52021-12-22 11:53:05.454root 11241100x80000000000000003870282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec4620619dafef62021-12-22 11:53:05.454root 11241100x80000000000000003870283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e108279337dafff42021-12-22 11:53:05.454root 11241100x80000000000000003870284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cf5da89db955c62021-12-22 11:53:05.454root 11241100x80000000000000003870285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dcc30e2df7d1a9b2021-12-22 11:53:05.454root 11241100x80000000000000003870286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f6689f37cec0482021-12-22 11:53:05.455root 11241100x80000000000000003870287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc6ff1def0089f62021-12-22 11:53:05.455root 11241100x80000000000000003870288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e3eae30552d9e22021-12-22 11:53:05.455root 11241100x80000000000000003870289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7f4ef2cc6b4d612021-12-22 11:53:05.455root 11241100x80000000000000003870290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7570633dbda43e3d2021-12-22 11:53:05.455root 11241100x80000000000000003870291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93f0cd0dbe5f4282021-12-22 11:53:05.455root 11241100x80000000000000003870292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9208232e4308bc192021-12-22 11:53:05.455root 11241100x80000000000000003870293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143da1957a9ec1c32021-12-22 11:53:05.455root 11241100x80000000000000003870294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402de75ff5efbc1d2021-12-22 11:53:05.455root 11241100x80000000000000003870295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6644f83bc716bc742021-12-22 11:53:05.455root 11241100x80000000000000003870296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26a25eef6bf59f12021-12-22 11:53:05.455root 11241100x80000000000000003870297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a373f04ea11ec322021-12-22 11:53:05.456root 11241100x80000000000000003870298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0426ef3e8a5c262021-12-22 11:53:05.456root 11241100x80000000000000003870299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad946dfb203f2db2021-12-22 11:53:05.456root 11241100x80000000000000003870300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4c65d32dffb8a92021-12-22 11:53:05.456root 11241100x80000000000000003870301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3870d06f2fe8774f2021-12-22 11:53:05.456root 11241100x80000000000000003870302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4cb615467bec252021-12-22 11:53:05.456root 11241100x80000000000000003870303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5d94a284927fd82021-12-22 11:53:05.456root 11241100x80000000000000003870304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec836bcb050bd122021-12-22 11:53:05.456root 11241100x80000000000000003870305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67eff6dd9788e5cf2021-12-22 11:53:05.457root 11241100x80000000000000003870306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae730adf0b26d1b2021-12-22 11:53:05.457root 11241100x80000000000000003870307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09bb5c95eb54e1dc2021-12-22 11:53:05.457root 11241100x80000000000000003870308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be633dd16c403322021-12-22 11:53:05.457root 11241100x80000000000000003870309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04fc9a02e629dd12021-12-22 11:53:05.457root 11241100x80000000000000003870310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc8b125bec1b1ed2021-12-22 11:53:05.457root 11241100x80000000000000003870311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7d5f95ff01c92e2021-12-22 11:53:05.457root 11241100x80000000000000003870312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f21816b2c712c802021-12-22 11:53:05.943root 11241100x80000000000000003870313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3006f58e72edfc062021-12-22 11:53:05.943root 11241100x80000000000000003870314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699fec36336cd48b2021-12-22 11:53:05.943root 11241100x80000000000000003870315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf712d1a140cdd12021-12-22 11:53:05.943root 11241100x80000000000000003870316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b895a582500ac4242021-12-22 11:53:05.943root 11241100x80000000000000003870317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9894f4b8f4146a192021-12-22 11:53:05.944root 11241100x80000000000000003870318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc4e748a623a7822021-12-22 11:53:05.944root 11241100x80000000000000003870319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4eb147d38f0f3af2021-12-22 11:53:05.944root 11241100x80000000000000003870320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37e7e57723f66062021-12-22 11:53:05.944root 11241100x80000000000000003870321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d87cc3ecd16d9022021-12-22 11:53:05.944root 11241100x80000000000000003870322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235b5021139edede2021-12-22 11:53:05.944root 11241100x80000000000000003870323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a918834482d1249e2021-12-22 11:53:05.944root 11241100x80000000000000003870324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0f5633a22b10f12021-12-22 11:53:05.944root 11241100x80000000000000003870325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0018f274f46cd182021-12-22 11:53:05.944root 11241100x80000000000000003870326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb45893b79ed32c2021-12-22 11:53:05.945root 11241100x80000000000000003870327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c0e66cad2dd7e92021-12-22 11:53:05.945root 11241100x80000000000000003870328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad1083a176531b02021-12-22 11:53:05.945root 11241100x80000000000000003870329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bdc039c80a9ba772021-12-22 11:53:05.945root 11241100x80000000000000003870330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24b0869eef8e2a32021-12-22 11:53:05.945root 11241100x80000000000000003870331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d0f692fa0a1f9c2021-12-22 11:53:05.945root 11241100x80000000000000003870332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c9c154022447732021-12-22 11:53:05.946root 11241100x80000000000000003870333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1d992ebb112f3f2021-12-22 11:53:05.946root 11241100x80000000000000003870334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ff5496d31e4e5c2021-12-22 11:53:05.946root 11241100x80000000000000003870335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705febc1d7f67cb12021-12-22 11:53:05.948root 11241100x80000000000000003870336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5b4c66860077d52021-12-22 11:53:05.948root 11241100x80000000000000003870337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc8254054cbf8bd2021-12-22 11:53:05.948root 11241100x80000000000000003870338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde39b3004c8c09c2021-12-22 11:53:05.948root 11241100x80000000000000003870339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c27847ec3a8063c2021-12-22 11:53:05.948root 11241100x80000000000000003870340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc3a38fff2fb5292021-12-22 11:53:05.948root 11241100x80000000000000003870341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f14d993f820ce882021-12-22 11:53:05.948root 11241100x80000000000000003870342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dda580fae2682982021-12-22 11:53:05.948root 11241100x80000000000000003870343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ef1720ee56ab212021-12-22 11:53:05.949root 11241100x80000000000000003870344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b817f0d1ca964472021-12-22 11:53:05.949root 11241100x80000000000000003870345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d1c8c96ce353172021-12-22 11:53:05.949root 11241100x80000000000000003870346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f8a40c7274f7fb2021-12-22 11:53:05.949root 11241100x80000000000000003870347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a01e73ebe87b9f2021-12-22 11:53:05.953root 11241100x80000000000000003870348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c788a2e2597400572021-12-22 11:53:05.953root 11241100x80000000000000003870349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464290c140fdbc4c2021-12-22 11:53:05.954root 11241100x80000000000000003870350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dffc537d7b9f81f2021-12-22 11:53:05.954root 11241100x80000000000000003870351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54efa972db6c0862021-12-22 11:53:05.954root 11241100x80000000000000003870352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c33362600c467c42021-12-22 11:53:05.954root 11241100x80000000000000003870353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833603c7500431892021-12-22 11:53:05.954root 11241100x80000000000000003870354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8428da951edc1a72021-12-22 11:53:05.954root 11241100x80000000000000003870355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396505864385317a2021-12-22 11:53:05.954root 11241100x80000000000000003870356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70bf74a2c87dcb662021-12-22 11:53:05.954root 11241100x80000000000000003870357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6692e4b08d778b92021-12-22 11:53:05.954root 11241100x80000000000000003870358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8b1983c2de4ceb2021-12-22 11:53:05.954root 11241100x80000000000000003870359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fb2299d89c1bd52021-12-22 11:53:05.955root 11241100x80000000000000003870360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987222d8c15a62432021-12-22 11:53:05.955root 11241100x80000000000000003870361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1032f6c1870864922021-12-22 11:53:05.955root 11241100x80000000000000003870362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88beb2e5790e95c62021-12-22 11:53:05.955root 11241100x80000000000000003870363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49cf2ee9f29a83a2021-12-22 11:53:05.955root 11241100x80000000000000003870364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65bc8f0b83125b02021-12-22 11:53:05.955root 11241100x80000000000000003870365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207e69d1e3376d3b2021-12-22 11:53:05.955root 11241100x80000000000000003870366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a19e4cdd77b1162021-12-22 11:53:05.955root 11241100x80000000000000003870367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efbc2aa7f501b122021-12-22 11:53:05.955root 11241100x80000000000000003870368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645aaccd7e4318832021-12-22 11:53:05.955root 11241100x80000000000000003870369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63996071ab7ff0972021-12-22 11:53:05.956root 11241100x80000000000000003870370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1e28defeb445042021-12-22 11:53:05.956root 11241100x80000000000000003870371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff8ffa2fed73c352021-12-22 11:53:05.956root 11241100x80000000000000003870372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e921759e21864e5b2021-12-22 11:53:05.956root 11241100x80000000000000003870373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ecdbc1b6c8842852021-12-22 11:53:05.956root 11241100x80000000000000003870374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a7be96e5fc6b852021-12-22 11:53:05.956root 11241100x80000000000000003870375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e92b399d1a3f2e2021-12-22 11:53:05.956root 11241100x80000000000000003870376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09cdd56b9ec17ba2021-12-22 11:53:05.956root 11241100x80000000000000003870377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8900c7e22e33dd2021-12-22 11:53:05.956root 11241100x80000000000000003870378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08fd31df6af191fb2021-12-22 11:53:05.956root 11241100x80000000000000003870379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db1d2e1f2055dea2021-12-22 11:53:05.956root 11241100x80000000000000003870380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27794c52d1c977082021-12-22 11:53:05.956root 11241100x80000000000000003870381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a16151f7517b2392021-12-22 11:53:05.956root 11241100x80000000000000003870382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3fc78007d6369c2021-12-22 11:53:05.957root 11241100x80000000000000003870383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46961c4cf6c43962021-12-22 11:53:05.957root 11241100x80000000000000003870384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74440f1b9f35fde2021-12-22 11:53:05.957root 11241100x80000000000000003870385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1464710d01a6a8d22021-12-22 11:53:05.957root 11241100x80000000000000003870386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c138b45a83f9362021-12-22 11:53:05.957root 11241100x80000000000000003870387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027f39a5c08d48a92021-12-22 11:53:05.957root 11241100x80000000000000003870388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9485d0c0d5a98e5a2021-12-22 11:53:05.957root 11241100x80000000000000003870389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e831e22fa97291022021-12-22 11:53:05.957root 11241100x80000000000000003870390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f626c93ac17a1e2021-12-22 11:53:05.957root 11241100x80000000000000003870391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94bc07b97e9527902021-12-22 11:53:05.957root 11241100x80000000000000003870392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e59bae5b3607e792021-12-22 11:53:05.958root 11241100x80000000000000003870393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9341aa971dae022021-12-22 11:53:05.958root 11241100x80000000000000003870394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e372e9dca34dff672021-12-22 11:53:05.958root 11241100x80000000000000003870395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c913dd39bad3d2c2021-12-22 11:53:05.958root 11241100x80000000000000003870396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057a198170f6a93b2021-12-22 11:53:05.958root 11241100x80000000000000003870397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56925d7177f4b8ee2021-12-22 11:53:05.958root 11241100x80000000000000003870398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23246b14e819dea72021-12-22 11:53:05.958root 11241100x80000000000000003870399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0d8ebd48654ea82021-12-22 11:53:05.958root 11241100x80000000000000003870400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4198bef80e8470ed2021-12-22 11:53:05.958root 11241100x80000000000000003870401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7181ee80af8ac592021-12-22 11:53:05.958root 11241100x80000000000000003870402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62e750c888425c82021-12-22 11:53:05.958root 11241100x80000000000000003870403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707ac46a57420b872021-12-22 11:53:05.958root 11241100x80000000000000003870404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c16dcd42a5e5d62021-12-22 11:53:05.958root 11241100x80000000000000003870405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ff52f2350c6bd02021-12-22 11:53:05.958root 11241100x80000000000000003870406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4862e2d5c501c32021-12-22 11:53:05.959root 11241100x80000000000000003870407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1eb93a701b9e062021-12-22 11:53:05.959root 11241100x80000000000000003870408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c3b3e812241c162021-12-22 11:53:05.959root 11241100x80000000000000003870409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3d85c42f6ffd7e2021-12-22 11:53:05.959root 11241100x80000000000000003870410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b54924d1f5ec5fa2021-12-22 11:53:05.959root 11241100x80000000000000003870411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe5c31dafe0b01a2021-12-22 11:53:05.959root 11241100x80000000000000003870412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3ba4a1b97af4302021-12-22 11:53:05.959root 11241100x80000000000000003870413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0130cab7429dac72021-12-22 11:53:05.959root 11241100x80000000000000003870414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81e82d40ea803fb2021-12-22 11:53:05.959root 11241100x80000000000000003870415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8552c249d69896082021-12-22 11:53:05.959root 11241100x80000000000000003870416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f75378eb73db692021-12-22 11:53:05.959root 11241100x80000000000000003870417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e9c65ee2f79a812021-12-22 11:53:05.959root 11241100x80000000000000003870418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50da7bdae4d598f12021-12-22 11:53:05.959root 11241100x80000000000000003870419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922538289642f7022021-12-22 11:53:05.960root 11241100x80000000000000003870420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdfa9543d8eecda42021-12-22 11:53:05.960root 11241100x80000000000000003870421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813e4e05c921c1b02021-12-22 11:53:05.960root 11241100x80000000000000003870422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb6b856e93256db2021-12-22 11:53:05.960root 11241100x80000000000000003870423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5d2604ab9b97a82021-12-22 11:53:05.960root 11241100x80000000000000003870424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6be279a592da972021-12-22 11:53:05.960root 11241100x80000000000000003870425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8003bfdb43e2b3d62021-12-22 11:53:05.960root 11241100x80000000000000003870426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3ae29fcf5f83aa2021-12-22 11:53:05.960root 11241100x80000000000000003870427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d00bdae0359af92021-12-22 11:53:05.960root 11241100x80000000000000003870428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7927bea73459fa2021-12-22 11:53:05.960root 11241100x80000000000000003870429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183f96f043660cfe2021-12-22 11:53:05.960root 11241100x80000000000000003870430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f73cef267c29f42021-12-22 11:53:05.960root 11241100x80000000000000003870431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45df57257725fc282021-12-22 11:53:05.960root 11241100x80000000000000003870432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059e5e094a7bb5712021-12-22 11:53:05.960root 11241100x80000000000000003870433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c561c6cf6401a632021-12-22 11:53:05.960root 11241100x80000000000000003870434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b6e8ec508e1c0b2021-12-22 11:53:05.961root 11241100x80000000000000003870435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1405e0fb61a5a7d2021-12-22 11:53:05.961root 11241100x80000000000000003870436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37bcf521c6450d7c2021-12-22 11:53:05.961root 11241100x80000000000000003870437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05948e7d12648a192021-12-22 11:53:05.961root 11241100x80000000000000003870438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814ed2a63033b8d92021-12-22 11:53:05.961root 11241100x80000000000000003870439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09621c2d7ca8522f2021-12-22 11:53:05.961root 11241100x80000000000000003870440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5ff2494374bb252021-12-22 11:53:05.961root 11241100x80000000000000003870441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09daf5aec2ca16502021-12-22 11:53:05.961root 11241100x80000000000000003870442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd661c9cc792b0242021-12-22 11:53:05.961root 11241100x80000000000000003870443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f0d9b714bd06cb2021-12-22 11:53:05.961root 11241100x80000000000000003870444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1498050c4e45d22021-12-22 11:53:05.962root 11241100x80000000000000003870445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c4645ac3da88fb2021-12-22 11:53:05.962root 11241100x80000000000000003870446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da757cba903ebbd2021-12-22 11:53:05.963root 11241100x80000000000000003870447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9895657e9e9820b72021-12-22 11:53:05.963root 11241100x80000000000000003870448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1c740cb55db7b42021-12-22 11:53:05.964root 11241100x80000000000000003870449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c795e0365eb5ec7a2021-12-22 11:53:05.964root 11241100x80000000000000003870450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3da3adb827d26822021-12-22 11:53:05.964root 11241100x80000000000000003870451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8d67526bb537112021-12-22 11:53:05.964root 11241100x80000000000000003870452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5b480cc932e5ca2021-12-22 11:53:05.964root 11241100x80000000000000003870453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8286f6373dabf82021-12-22 11:53:05.964root 11241100x80000000000000003870454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de47e919f912dda2021-12-22 11:53:05.965root 11241100x80000000000000003870455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb2fef3a83d11532021-12-22 11:53:05.965root 11241100x80000000000000003870456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf99719c78428722021-12-22 11:53:05.965root 11241100x80000000000000003870457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f9c2d8b453a7e72021-12-22 11:53:05.965root 11241100x80000000000000003870458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152f4f777cc6abc02021-12-22 11:53:05.965root 11241100x80000000000000003870459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9227e67bf7f0b6c42021-12-22 11:53:05.966root 11241100x80000000000000003870460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0aaadfaf92657f12021-12-22 11:53:05.966root 11241100x80000000000000003870461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e392aab8365a6efe2021-12-22 11:53:05.966root 11241100x80000000000000003870462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add69ffd684d0c6a2021-12-22 11:53:05.966root 11241100x80000000000000003870463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45138af903970fc12021-12-22 11:53:05.966root 11241100x80000000000000003870464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9e5b4e4731673d2021-12-22 11:53:05.966root 11241100x80000000000000003870465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ac1f3f9d8d334d2021-12-22 11:53:05.967root 11241100x80000000000000003870466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694309215b1147052021-12-22 11:53:05.967root 11241100x80000000000000003870467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f6a699b484c1712021-12-22 11:53:05.967root 11241100x80000000000000003870468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01905aa0546c11882021-12-22 11:53:05.967root 11241100x80000000000000003870469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c7c0c09a96e2692021-12-22 11:53:05.967root 11241100x80000000000000003870470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da58eb10d2dbf19e2021-12-22 11:53:05.967root 11241100x80000000000000003870471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:05.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e75a9e040b2bceb2021-12-22 11:53:05.968root 23542300x80000000000000003870472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.144{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000003870473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af9e55eb5ae5e272021-12-22 11:53:06.443root 11241100x80000000000000003870474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087a1ce21a5dd0792021-12-22 11:53:06.443root 11241100x80000000000000003870475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ecd9d6b56c54b52021-12-22 11:53:06.443root 11241100x80000000000000003870476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695af576aa7b29402021-12-22 11:53:06.444root 11241100x80000000000000003870477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410b46c9d082489c2021-12-22 11:53:06.444root 11241100x80000000000000003870478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b276fc4fb84168db2021-12-22 11:53:06.444root 11241100x80000000000000003870479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e70f2db093ce8f32021-12-22 11:53:06.444root 11241100x80000000000000003870480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbeaa2e3a79e29552021-12-22 11:53:06.444root 11241100x80000000000000003870481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a88d4851fb524e2021-12-22 11:53:06.444root 11241100x80000000000000003870482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120d1e17e4b025d72021-12-22 11:53:06.444root 11241100x80000000000000003870483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3ca68238290b792021-12-22 11:53:06.444root 11241100x80000000000000003870484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55038009c94bb3402021-12-22 11:53:06.444root 11241100x80000000000000003870485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76840bdd795af10e2021-12-22 11:53:06.445root 11241100x80000000000000003870486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9af4cbf2d241092021-12-22 11:53:06.445root 11241100x80000000000000003870487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d509e1b619633332021-12-22 11:53:06.445root 11241100x80000000000000003870488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f22b0d50a6a773f2021-12-22 11:53:06.445root 11241100x80000000000000003870489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e19af9ca0ae2d72021-12-22 11:53:06.445root 11241100x80000000000000003870490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6f5297462ad6612021-12-22 11:53:06.445root 11241100x80000000000000003870491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ffc0a954903f5e2021-12-22 11:53:06.445root 11241100x80000000000000003870492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ff2919ca1ed3952021-12-22 11:53:06.445root 11241100x80000000000000003870493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f72c824a574f302021-12-22 11:53:06.445root 11241100x80000000000000003870494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5524547643eb6e2021-12-22 11:53:06.445root 11241100x80000000000000003870495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ca1be27b9e41022021-12-22 11:53:06.445root 11241100x80000000000000003870496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee13752207814562021-12-22 11:53:06.446root 11241100x80000000000000003870497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255bedd611ca27112021-12-22 11:53:06.446root 11241100x80000000000000003870498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ef55a2a59d7a232021-12-22 11:53:06.446root 11241100x80000000000000003870499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32643a9937d825a2021-12-22 11:53:06.446root 11241100x80000000000000003870500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331b80745d9bd0192021-12-22 11:53:06.446root 11241100x80000000000000003870501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f54d54f523f1e82021-12-22 11:53:06.446root 11241100x80000000000000003870502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9afb9bc8f00370612021-12-22 11:53:06.446root 11241100x80000000000000003870503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f214427b7f39e072021-12-22 11:53:06.446root 11241100x80000000000000003870504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933d6e0402000a742021-12-22 11:53:06.447root 11241100x80000000000000003870505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05711ac2e12bc3112021-12-22 11:53:06.447root 11241100x80000000000000003870506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34dfdec73b6b52d62021-12-22 11:53:06.447root 11241100x80000000000000003870507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8018da7217a61f2021-12-22 11:53:06.447root 11241100x80000000000000003870508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14b349aa01e12f92021-12-22 11:53:06.447root 11241100x80000000000000003870509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed0a32f4538746d2021-12-22 11:53:06.447root 11241100x80000000000000003870510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9566a6134b175312021-12-22 11:53:06.447root 11241100x80000000000000003870511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa55ce71246fb1db2021-12-22 11:53:06.447root 11241100x80000000000000003870512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1ba96a2b68068d2021-12-22 11:53:06.447root 11241100x80000000000000003870513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e067eeb75cd0c92021-12-22 11:53:06.448root 11241100x80000000000000003870514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1330a6f35410c32021-12-22 11:53:06.448root 11241100x80000000000000003870515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4948a7190d60614a2021-12-22 11:53:06.448root 11241100x80000000000000003870516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f41e91159744732021-12-22 11:53:06.448root 11241100x80000000000000003870517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9455a698f413f52021-12-22 11:53:06.448root 11241100x80000000000000003870518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4673d15936f7a1eb2021-12-22 11:53:06.448root 11241100x80000000000000003870519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c855c1d862fb222021-12-22 11:53:06.448root 11241100x80000000000000003870520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05c59bb92268fed2021-12-22 11:53:06.448root 11241100x80000000000000003870521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c12ca2842ed39622021-12-22 11:53:06.448root 11241100x80000000000000003870522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b334be13da97eb7b2021-12-22 11:53:06.449root 11241100x80000000000000003870523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c281ebfa494e822021-12-22 11:53:06.449root 11241100x80000000000000003870524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b508377c6fdb532021-12-22 11:53:06.449root 11241100x80000000000000003870525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5ff266dbc1712a2021-12-22 11:53:06.449root 11241100x80000000000000003870526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b01f5295d31e8a2021-12-22 11:53:06.449root 11241100x80000000000000003870527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774b61ff7eed5ad82021-12-22 11:53:06.449root 11241100x80000000000000003870528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711780aaa8880a522021-12-22 11:53:06.449root 11241100x80000000000000003870529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1511070083321ce42021-12-22 11:53:06.450root 11241100x80000000000000003870530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d36a17710f9a8142021-12-22 11:53:06.450root 11241100x80000000000000003870531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13f3b15b885d26f2021-12-22 11:53:06.450root 11241100x80000000000000003870532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf8a1308f4aca082021-12-22 11:53:06.450root 11241100x80000000000000003870533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116b96c58a810f772021-12-22 11:53:06.450root 11241100x80000000000000003870534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d465d1ec917b8d2021-12-22 11:53:06.450root 11241100x80000000000000003870535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e1fa08bf525caa2021-12-22 11:53:06.450root 11241100x80000000000000003870536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4668eed3f1456dd82021-12-22 11:53:06.450root 11241100x80000000000000003870537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182e45a1336fed732021-12-22 11:53:06.450root 11241100x80000000000000003870538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938fdbc7d52be7332021-12-22 11:53:06.450root 11241100x80000000000000003870539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.becc1d5ed64d1f4e2021-12-22 11:53:06.451root 11241100x80000000000000003870540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9aa0ca5d2f78532021-12-22 11:53:06.451root 11241100x80000000000000003870541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fdbcd185e8b2add2021-12-22 11:53:06.451root 11241100x80000000000000003870542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd07424a081a5e32021-12-22 11:53:06.451root 11241100x80000000000000003870543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01274109d31ee622021-12-22 11:53:06.451root 11241100x80000000000000003870544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6b825c40695a472021-12-22 11:53:06.451root 11241100x80000000000000003870545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d85a8698af3ef432021-12-22 11:53:06.451root 11241100x80000000000000003870546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84fc12af7685afbf2021-12-22 11:53:06.451root 11241100x80000000000000003870547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40bbf5ee59582d772021-12-22 11:53:06.451root 11241100x80000000000000003870548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f097ac513289b32021-12-22 11:53:06.451root 11241100x80000000000000003870549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1fe6ee9f3c69fb2021-12-22 11:53:06.452root 11241100x80000000000000003870550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d549df1a8ee84e2021-12-22 11:53:06.452root 11241100x80000000000000003870551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead4b01fffd8efe82021-12-22 11:53:06.452root 11241100x80000000000000003870552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6257e8e7e5e6a33a2021-12-22 11:53:06.452root 11241100x80000000000000003870553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad660cc311930d92021-12-22 11:53:06.452root 11241100x80000000000000003870554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2957ffe278866e2d2021-12-22 11:53:06.452root 11241100x80000000000000003870555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5913965e885a962021-12-22 11:53:06.452root 11241100x80000000000000003870556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f1fae928d24da32021-12-22 11:53:06.452root 11241100x80000000000000003870557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4aa0c9dcb2f9352021-12-22 11:53:06.452root 11241100x80000000000000003870558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1132c9f9dced11c42021-12-22 11:53:06.452root 11241100x80000000000000003870559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f570fff5cc5d4d3e2021-12-22 11:53:06.452root 11241100x80000000000000003870560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748be6d2de1958f42021-12-22 11:53:06.453root 11241100x80000000000000003870561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd1c1d588317fae2021-12-22 11:53:06.453root 11241100x80000000000000003870562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df1415162705c7b2021-12-22 11:53:06.453root 11241100x80000000000000003870563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b47c826d466b372021-12-22 11:53:06.453root 11241100x80000000000000003870564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c8ee123e08afa42021-12-22 11:53:06.453root 11241100x80000000000000003870565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec70bd8ee8310afd2021-12-22 11:53:06.453root 11241100x80000000000000003870566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f02afa58f379eb2021-12-22 11:53:06.453root 11241100x80000000000000003870567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04434faa760e8d482021-12-22 11:53:06.453root 11241100x80000000000000003870568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01750c655451625d2021-12-22 11:53:06.453root 11241100x80000000000000003870569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa08e79a66b2e2d92021-12-22 11:53:06.453root 11241100x80000000000000003870570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa89690fe9e5d602021-12-22 11:53:06.454root 11241100x80000000000000003870571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d831908d0e05accd2021-12-22 11:53:06.454root 11241100x80000000000000003870572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1344a0524d62e2d72021-12-22 11:53:06.454root 11241100x80000000000000003870573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa796291d9c8ff62021-12-22 11:53:06.454root 11241100x80000000000000003870574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4305c02b333b92992021-12-22 11:53:06.454root 11241100x80000000000000003870575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f534847dc765eb362021-12-22 11:53:06.454root 11241100x80000000000000003870576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64ebec5280dc0a72021-12-22 11:53:06.454root 11241100x80000000000000003870577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2286421d691fcf1b2021-12-22 11:53:06.943root 11241100x80000000000000003870578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b886cdd472dbb9d2021-12-22 11:53:06.943root 11241100x80000000000000003870579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fec1397124d4aff2021-12-22 11:53:06.943root 11241100x80000000000000003870580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48323008da1b36d02021-12-22 11:53:06.943root 11241100x80000000000000003870581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1f2d0f3f7965862021-12-22 11:53:06.944root 11241100x80000000000000003870582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc870af755513922021-12-22 11:53:06.944root 11241100x80000000000000003870583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9b9d8c2d4e0d092021-12-22 11:53:06.944root 11241100x80000000000000003870584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2776e1d51749427f2021-12-22 11:53:06.944root 11241100x80000000000000003870585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cb26fc4fe1e50b2021-12-22 11:53:06.944root 11241100x80000000000000003870586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8381452c8c0dab22021-12-22 11:53:06.944root 11241100x80000000000000003870587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4ac72688f89b362021-12-22 11:53:06.944root 11241100x80000000000000003870588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f87a168c79b46532021-12-22 11:53:06.944root 11241100x80000000000000003870589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685ab0974b8a83a52021-12-22 11:53:06.944root 11241100x80000000000000003870590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5132bba8a1c50fe92021-12-22 11:53:06.945root 11241100x80000000000000003870591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f47056616f3c4742021-12-22 11:53:06.945root 11241100x80000000000000003870592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9bfb6e68fea03b72021-12-22 11:53:06.945root 11241100x80000000000000003870593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8ff4ac7e12c2c62021-12-22 11:53:06.945root 11241100x80000000000000003870594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83957f5183f53102021-12-22 11:53:06.945root 11241100x80000000000000003870595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6689024b1f5e7bb82021-12-22 11:53:06.945root 11241100x80000000000000003870596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3613d2e3fd435d32021-12-22 11:53:06.945root 11241100x80000000000000003870597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9c9caef5b176992021-12-22 11:53:06.946root 11241100x80000000000000003870598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aecc00debab3d5b12021-12-22 11:53:06.946root 11241100x80000000000000003870599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af19f3481de5a8a22021-12-22 11:53:06.946root 11241100x80000000000000003870600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93abed72fb13c9f52021-12-22 11:53:06.946root 11241100x80000000000000003870601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9e4b8f3832f5802021-12-22 11:53:06.946root 11241100x80000000000000003870602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48957d2b1dd63b7d2021-12-22 11:53:06.946root 11241100x80000000000000003870603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75723907f7cd701a2021-12-22 11:53:06.947root 11241100x80000000000000003870604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0068f24d98979d6c2021-12-22 11:53:06.947root 11241100x80000000000000003870605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3f926d511cd55a2021-12-22 11:53:06.947root 11241100x80000000000000003870606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946718c9996b54052021-12-22 11:53:06.947root 11241100x80000000000000003870607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a4bc3dd1f7602d2021-12-22 11:53:06.947root 11241100x80000000000000003870608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42093066b3d25e1c2021-12-22 11:53:06.947root 11241100x80000000000000003870609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfcc5439475b45c2021-12-22 11:53:06.947root 11241100x80000000000000003870610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b020b84e86d7452021-12-22 11:53:06.948root 11241100x80000000000000003870611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b99e5f2f5014642021-12-22 11:53:06.948root 11241100x80000000000000003870612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc223517f24ac3912021-12-22 11:53:06.948root 11241100x80000000000000003870613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87433990efa3b1472021-12-22 11:53:06.948root 11241100x80000000000000003870614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45dac07622e33602021-12-22 11:53:06.948root 11241100x80000000000000003870615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e0f276850004792021-12-22 11:53:06.948root 11241100x80000000000000003870616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c61efa89f386db2021-12-22 11:53:06.949root 11241100x80000000000000003870617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2948282e12169972021-12-22 11:53:06.949root 11241100x80000000000000003870618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c26620972d070e22021-12-22 11:53:06.949root 11241100x80000000000000003870619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f58cfd8ad7740a2021-12-22 11:53:06.950root 11241100x80000000000000003870620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c89df033614c78c2021-12-22 11:53:06.950root 11241100x80000000000000003870621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e17b4c1c315ab62021-12-22 11:53:06.950root 11241100x80000000000000003870622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6451d46afdf3b29f2021-12-22 11:53:06.950root 11241100x80000000000000003870623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92c8d4c341cc8ef2021-12-22 11:53:06.950root 11241100x80000000000000003870624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8bd7bab7331b2142021-12-22 11:53:06.950root 11241100x80000000000000003870625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be20468f39b584292021-12-22 11:53:06.951root 11241100x80000000000000003870626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75ccc53a63efb0d2021-12-22 11:53:06.951root 11241100x80000000000000003870627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80dd757a3246c892021-12-22 11:53:06.951root 11241100x80000000000000003870628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b16abd210a577e22021-12-22 11:53:06.951root 11241100x80000000000000003870629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7404546f1a657d382021-12-22 11:53:06.951root 11241100x80000000000000003870630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3823d14804ea2fc32021-12-22 11:53:06.951root 11241100x80000000000000003870631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226d518dab05616f2021-12-22 11:53:06.952root 11241100x80000000000000003870632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6aac0a42072b302021-12-22 11:53:06.952root 11241100x80000000000000003870633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cff0c640091a70d2021-12-22 11:53:06.952root 11241100x80000000000000003870634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4dce45200bedf82021-12-22 11:53:06.952root 11241100x80000000000000003870635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd4c352b98ab1c12021-12-22 11:53:06.952root 11241100x80000000000000003870636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54e3d5b81b32f742021-12-22 11:53:06.952root 11241100x80000000000000003870637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896f279432955b5f2021-12-22 11:53:06.952root 11241100x80000000000000003870638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf393969f9c1d0652021-12-22 11:53:06.952root 11241100x80000000000000003870639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1982556c32548812021-12-22 11:53:06.952root 11241100x80000000000000003870640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5861da38a435865f2021-12-22 11:53:06.952root 11241100x80000000000000003870641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1d4a3f41a3bb992021-12-22 11:53:06.952root 11241100x80000000000000003870642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37edd70e4c8a1202021-12-22 11:53:06.953root 11241100x80000000000000003870643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89c41540c493b532021-12-22 11:53:06.953root 11241100x80000000000000003870644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660202b7bd682dd32021-12-22 11:53:06.953root 11241100x80000000000000003870645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f929b78daf4f2b2021-12-22 11:53:06.953root 11241100x80000000000000003870646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc6f9b86070330d2021-12-22 11:53:06.953root 11241100x80000000000000003870647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c35c1660390e212021-12-22 11:53:06.953root 11241100x80000000000000003870648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd04ccb7fa44d2d2021-12-22 11:53:06.953root 11241100x80000000000000003870649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc3910762d94a3a2021-12-22 11:53:06.953root 11241100x80000000000000003870650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb529b5bdce39c32021-12-22 11:53:06.953root 11241100x80000000000000003870651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da1361f65ad482b2021-12-22 11:53:06.953root 11241100x80000000000000003870652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1619efc5c812c8a2021-12-22 11:53:06.954root 11241100x80000000000000003870653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd16d48c0c684232021-12-22 11:53:06.954root 11241100x80000000000000003870654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4713e51d832d07422021-12-22 11:53:06.955root 11241100x80000000000000003870655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a6616eb9a4e2312021-12-22 11:53:06.955root 11241100x80000000000000003870656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93838a490dcceb372021-12-22 11:53:06.955root 11241100x80000000000000003870657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d494f5516890e42021-12-22 11:53:06.955root 11241100x80000000000000003870658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9669d6d7771d029f2021-12-22 11:53:06.955root 11241100x80000000000000003870659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed4c997543c77082021-12-22 11:53:06.955root 11241100x80000000000000003870660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1fb3e34625ada7b2021-12-22 11:53:06.955root 11241100x80000000000000003870661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ba46087cfb67a02021-12-22 11:53:06.956root 11241100x80000000000000003870662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5146384594f5e74f2021-12-22 11:53:06.956root 11241100x80000000000000003870663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767a0cc10144cedd2021-12-22 11:53:06.956root 11241100x80000000000000003870664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6731d64c6be3b1bf2021-12-22 11:53:06.956root 11241100x80000000000000003870665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5432bbf3884ebe32021-12-22 11:53:06.956root 11241100x80000000000000003870666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4d875d98cba0792021-12-22 11:53:06.956root 11241100x80000000000000003870667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1068d5b6e8f58a352021-12-22 11:53:06.956root 11241100x80000000000000003870668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b567377229e0f8b2021-12-22 11:53:06.958root 11241100x80000000000000003870669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b15703c34f5dba2021-12-22 11:53:06.958root 11241100x80000000000000003870670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b9ae9e046f9ad82021-12-22 11:53:06.958root 11241100x80000000000000003870671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147d4cba1c4df4572021-12-22 11:53:06.958root 11241100x80000000000000003870672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4e9557b379a0292021-12-22 11:53:06.958root 11241100x80000000000000003870673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d4b499facfc0fe2021-12-22 11:53:06.958root 11241100x80000000000000003870674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e32fef4c8170622021-12-22 11:53:06.958root 11241100x80000000000000003870675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9752e26cf228626c2021-12-22 11:53:06.958root 11241100x80000000000000003870676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a665d8749e1d7b2a2021-12-22 11:53:06.958root 11241100x80000000000000003870677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fae4146265548642021-12-22 11:53:06.958root 11241100x80000000000000003870678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0e1ff7bcbee2272021-12-22 11:53:06.959root 11241100x80000000000000003870679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6914b7372b89dd2021-12-22 11:53:06.959root 11241100x80000000000000003870680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a32e25a6b15f2e52021-12-22 11:53:06.959root 11241100x80000000000000003870681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e9dd241bec86f02021-12-22 11:53:06.959root 11241100x80000000000000003870682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44debec4f2a6dcb02021-12-22 11:53:06.959root 11241100x80000000000000003870683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66f4dbcfe377fcf2021-12-22 11:53:06.959root 11241100x80000000000000003870684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8de15fdf3c1b99f2021-12-22 11:53:06.959root 11241100x80000000000000003870685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:06.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb6b10f1c90f4fa2021-12-22 11:53:06.959root 354300x80000000000000003870748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:23.163{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55600-false10.0.1.12-8000- 11241100x80000000000000003870749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:23.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713a0e6545371c672021-12-22 11:53:23.442root 11241100x80000000000000003870750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:23.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29e7ff13e7235852021-12-22 11:53:23.942root 11241100x80000000000000003870751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:24.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9beef47e7c631d092021-12-22 11:53:24.442root 11241100x80000000000000003870752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:24.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a88619287ef7ee2021-12-22 11:53:24.942root 11241100x80000000000000003870753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:25.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debbed0374dc12722021-12-22 11:53:25.442root 11241100x80000000000000003870754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:25.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33db356079eea1682021-12-22 11:53:25.942root 11241100x80000000000000003870755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bdb7ab8336d53c2021-12-22 11:53:26.443root 11241100x80000000000000003870756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:26.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768f967338b3edab2021-12-22 11:53:26.942root 11241100x80000000000000003870757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:27.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc38d3337e3bffe2021-12-22 11:53:27.442root 11241100x80000000000000003870758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:27.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66bf26c0216754ae2021-12-22 11:53:27.942root 11241100x80000000000000003870759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:28.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa6492bc7c638b22021-12-22 11:53:28.442root 11241100x80000000000000003870760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:28.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f9450b8ea4d8eb2021-12-22 11:53:28.942root 354300x80000000000000003870761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:29.117{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55602-false10.0.1.12-8000- 11241100x80000000000000003870762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:29.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c87ff3ce966339a2021-12-22 11:53:29.442root 11241100x80000000000000003870763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ee5b35b0e595362021-12-22 11:53:29.443root 11241100x80000000000000003870764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:29.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123b15a32aefff2b2021-12-22 11:53:29.942root 11241100x80000000000000003870765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:29.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471855e48b8da71e2021-12-22 11:53:29.942root 11241100x80000000000000003870766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:30.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cae02282c82eae52021-12-22 11:53:30.442root 11241100x80000000000000003870767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872d8bf377324d5d2021-12-22 11:53:30.443root 11241100x80000000000000003870768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:30.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c134e21279e289d12021-12-22 11:53:30.942root 11241100x80000000000000003870769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:30.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7e4a9b6c70f6932021-12-22 11:53:30.942root 11241100x80000000000000003870770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:31.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8cb09916b8e17c2021-12-22 11:53:31.442root 11241100x80000000000000003870771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f086a38d13787c12021-12-22 11:53:31.443root 11241100x80000000000000003870772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:31.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4168435f0cfe74e2021-12-22 11:53:31.942root 11241100x80000000000000003870773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb546a521db1a542021-12-22 11:53:31.943root 11241100x80000000000000003870774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:32.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a6cfcbefe7765d2021-12-22 11:53:32.442root 11241100x80000000000000003870775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:32.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39976ceb33c9bd3a2021-12-22 11:53:32.442root 11241100x80000000000000003870776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:32.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a293d84ca252ffa2021-12-22 11:53:32.942root 11241100x80000000000000003870777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:32.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789762c79ce681da2021-12-22 11:53:32.942root 11241100x80000000000000003870778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:33.141{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-22 11:53:33.141root 11241100x80000000000000003870779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:33.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d76b72fa38355d72021-12-22 11:53:33.442root 11241100x80000000000000003870780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8662fbe5f008d4b2021-12-22 11:53:33.443root 11241100x80000000000000003870781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd0930ba96049822021-12-22 11:53:33.443root 534500x80000000000000003870782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:33.651{00000000-0000-0000-0000-000000000000}19033<unknown process>root 11241100x80000000000000003870783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:33.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e11ce31cdf945cd2021-12-22 11:53:33.942root 11241100x80000000000000003870784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbcc66873e6223eb2021-12-22 11:53:33.943root 11241100x80000000000000003870785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a2f0ca943938882021-12-22 11:53:33.943root 11241100x80000000000000003870786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632d50324ad2e50b2021-12-22 11:53:33.943root 354300x80000000000000003870787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:33.999{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-42668-false10.0.1.12-8089- 11241100x80000000000000003870788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823cdf39869d8f792021-12-22 11:53:34.443root 11241100x80000000000000003870789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00643bc4b8ad026d2021-12-22 11:53:34.443root 11241100x80000000000000003870790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cee9fb3f694394e2021-12-22 11:53:34.443root 11241100x80000000000000003870791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ea5e1b79ab63ae2021-12-22 11:53:34.443root 11241100x80000000000000003870792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adaba905051a766b2021-12-22 11:53:34.443root 11241100x80000000000000003870793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:34.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c0b67008df111a2021-12-22 11:53:34.942root 11241100x80000000000000003870794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4721b681288e17332021-12-22 11:53:34.943root 11241100x80000000000000003870795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8f6b879a89e3ed2021-12-22 11:53:34.943root 11241100x80000000000000003870796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79bfb2667c8db2892021-12-22 11:53:34.943root 11241100x80000000000000003870797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84369f2830c44652021-12-22 11:53:34.943root 354300x80000000000000003870798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:35.072{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55606-false10.0.1.12-8000- 11241100x80000000000000003870799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c49a230e916504d2021-12-22 11:53:35.443root 11241100x80000000000000003870800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479ac73cdba104232021-12-22 11:53:35.443root 11241100x80000000000000003870801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7eb1eedcf638962021-12-22 11:53:35.443root 11241100x80000000000000003870802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620d5083b82b71b02021-12-22 11:53:35.443root 11241100x80000000000000003870803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500ea8e85d2420fd2021-12-22 11:53:35.443root 11241100x80000000000000003870804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7aedf52f87f9172021-12-22 11:53:35.443root 11241100x80000000000000003870805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d841a3e44a46e32021-12-22 11:53:35.943root 11241100x80000000000000003870806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7212d86e8cbff9f42021-12-22 11:53:35.943root 11241100x80000000000000003870807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54eae0893682998c2021-12-22 11:53:35.943root 11241100x80000000000000003870808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7a4e38293c629f2021-12-22 11:53:35.943root 11241100x80000000000000003870809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d439c3ee96bb9c2021-12-22 11:53:35.943root 11241100x80000000000000003870810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074eb94ffcc320082021-12-22 11:53:35.943root 23542300x80000000000000003870811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:36.143{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000003870812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62d9777907cc0222021-12-22 11:53:36.443root 11241100x80000000000000003870813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27aba4beec7267a32021-12-22 11:53:36.443root 11241100x80000000000000003870814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a698143e020fd7422021-12-22 11:53:36.443root 11241100x80000000000000003870815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c06d800aa82e462021-12-22 11:53:36.443root 11241100x80000000000000003870816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2359d299cf35d72021-12-22 11:53:36.443root 11241100x80000000000000003870817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8c4ce0db609df02021-12-22 11:53:36.443root 11241100x80000000000000003870818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26cc8dc98d761ef2021-12-22 11:53:36.443root 11241100x80000000000000003870819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6adcea86ee5a5e2021-12-22 11:53:36.943root 11241100x80000000000000003870820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435e8145dba428bb2021-12-22 11:53:36.943root 11241100x80000000000000003870821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1559634b95e1e1a52021-12-22 11:53:36.943root 11241100x80000000000000003870822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad0bf99eb210a8d2021-12-22 11:53:36.943root 11241100x80000000000000003870823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b423492c08436ae22021-12-22 11:53:36.943root 11241100x80000000000000003870824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a301db612cbb9e2021-12-22 11:53:36.943root 11241100x80000000000000003870825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46fa4faae56ff3fd2021-12-22 11:53:36.943root 11241100x80000000000000003870826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c98a30361d9af52021-12-22 11:53:37.443root 11241100x80000000000000003870827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b8bba10e4e2c822021-12-22 11:53:37.443root 11241100x80000000000000003870828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3893aadfc7d42cf2021-12-22 11:53:37.443root 11241100x80000000000000003870829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc9fe6cb77b18c92021-12-22 11:53:37.443root 11241100x80000000000000003870830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10527e95034881fb2021-12-22 11:53:37.443root 11241100x80000000000000003870831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d22b6453901ef12021-12-22 11:53:37.443root 11241100x80000000000000003870832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc68bdc84c504502021-12-22 11:53:37.444root 154100x80000000000000003870833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:37.698{ec2b6afe-11c1-61c3-6854-01cdfa550000}19154/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 11241100x80000000000000003870834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afae1daecfea78792021-12-22 11:53:37.699root 11241100x80000000000000003870835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f332a74c2ca9fb2021-12-22 11:53:37.699root 11241100x80000000000000003870836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:37.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136711ceace9341c2021-12-22 11:53:37.700root 11241100x80000000000000003870837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:37.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a78340ac7078f42021-12-22 11:53:37.700root 11241100x80000000000000003870838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:37.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1c32b551ece6ce2021-12-22 11:53:37.700root 11241100x80000000000000003870839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:37.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077e658215e8232a2021-12-22 11:53:37.700root 11241100x80000000000000003870840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:37.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368eec8558434cec2021-12-22 11:53:37.700root 11241100x80000000000000003870841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:37.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f520fa75a1a8d52021-12-22 11:53:37.700root 534500x80000000000000003870842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:37.709{ec2b6afe-11c1-61c3-6854-01cdfa550000}19154/bin/psroot 11241100x80000000000000003870843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af891e372fd3169d2021-12-22 11:53:38.193root 11241100x80000000000000003870844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cb6a7725bb672e2021-12-22 11:53:38.193root 11241100x80000000000000003870845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e0509827f313ca2021-12-22 11:53:38.193root 11241100x80000000000000003870846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295138b0d6f1b4fc2021-12-22 11:53:38.193root 11241100x80000000000000003870847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1f976076c28a822021-12-22 11:53:38.193root 11241100x80000000000000003870848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e97fc78ef59c242021-12-22 11:53:38.193root 11241100x80000000000000003870849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640319b98ed5df2a2021-12-22 11:53:38.193root 11241100x80000000000000003870850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3786ad395052ec3e2021-12-22 11:53:38.193root 11241100x80000000000000003870851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5765b2feea77bc082021-12-22 11:53:38.194root 11241100x80000000000000003870852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7241eed3b0e5102021-12-22 11:53:38.693root 11241100x80000000000000003870853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870dc9d64e6918a32021-12-22 11:53:38.693root 11241100x80000000000000003870854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2076f916593e50672021-12-22 11:53:38.693root 11241100x80000000000000003870855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117905d7c58ef3f02021-12-22 11:53:38.693root 11241100x80000000000000003870856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafb3e3bfc6eeec82021-12-22 11:53:38.693root 11241100x80000000000000003870857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf2a33439c4d86f2021-12-22 11:53:38.693root 11241100x80000000000000003870858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5fcf951a4a367732021-12-22 11:53:38.693root 11241100x80000000000000003870859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0053e132b59c9c7b2021-12-22 11:53:38.694root 11241100x80000000000000003870860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198cc235d8dcaae12021-12-22 11:53:38.694root 11241100x80000000000000003870861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e9ee4ba9b864c12021-12-22 11:53:39.193root 11241100x80000000000000003870862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb24a71f32ff6bd62021-12-22 11:53:39.193root 11241100x80000000000000003870863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ce89f651fbcbe62021-12-22 11:53:39.193root 11241100x80000000000000003870864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2fc06a4b8392be2021-12-22 11:53:39.193root 11241100x80000000000000003870865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0d8089e3bb04372021-12-22 11:53:39.193root 11241100x80000000000000003870866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00bafaeacec3f5262021-12-22 11:53:39.193root 11241100x80000000000000003870867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5e7a703527c4592021-12-22 11:53:39.193root 11241100x80000000000000003870868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f29e212a6fba992021-12-22 11:53:39.193root 11241100x80000000000000003870869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e96065d7a83ced12021-12-22 11:53:39.193root 11241100x80000000000000003870870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b159137902c6ed2021-12-22 11:53:39.693root 11241100x80000000000000003870871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c87e2b6b0c765e2021-12-22 11:53:39.693root 11241100x80000000000000003870872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b8db46f987ee0e2021-12-22 11:53:39.693root 11241100x80000000000000003870873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9636288d7e1f80372021-12-22 11:53:39.693root 11241100x80000000000000003870874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb18703772644e8b2021-12-22 11:53:39.693root 11241100x80000000000000003870875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a935d16a051ed02021-12-22 11:53:39.693root 11241100x80000000000000003870876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df08b65868889692021-12-22 11:53:39.693root 11241100x80000000000000003870877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c53e73f432349a2021-12-22 11:53:39.693root 11241100x80000000000000003870878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327e5736e72858062021-12-22 11:53:39.693root 354300x80000000000000003870879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:40.075{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55608-false10.0.1.12-8000- 11241100x80000000000000003870880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:40.075{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a971931fb9290ec2021-12-22 11:53:40.075root 11241100x80000000000000003870881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:40.075{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e3392933e38a5f2021-12-22 11:53:40.075root 11241100x80000000000000003870882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:40.076{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03396fc88b4d206e2021-12-22 11:53:40.076root 11241100x80000000000000003870883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:40.076{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899263c635fe22e42021-12-22 11:53:40.076root 11241100x80000000000000003870884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:40.076{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf65f9f5ccccc6012021-12-22 11:53:40.076root 11241100x80000000000000003870885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:40.076{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f49548aa1658932021-12-22 11:53:40.076root 11241100x80000000000000003870886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:40.077{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e68a381bd66cddd2021-12-22 11:53:40.077root 11241100x80000000000000003870887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:40.077{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378c4e5392d5b7272021-12-22 11:53:40.077root 11241100x80000000000000003870888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:40.077{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe06af4330ed58e2021-12-22 11:53:40.077root 11241100x80000000000000003870889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:40.077{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd020a02093692332021-12-22 11:53:40.077root 11241100x80000000000000003870890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:40.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd96b15b5a5186402021-12-22 11:53:40.078root 11241100x80000000000000003870891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194aa61ec37997432021-12-22 11:53:40.443root 11241100x80000000000000003870892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec571cb1dc06e4552021-12-22 11:53:40.443root 11241100x80000000000000003870893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ef5d30646e7d6a2021-12-22 11:53:40.443root 11241100x80000000000000003870894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d856e01f98fbc502021-12-22 11:53:40.444root 11241100x80000000000000003870895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883ff65a2461b10e2021-12-22 11:53:40.444root 11241100x80000000000000003870896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39dca281a9e2e9ca2021-12-22 11:53:40.444root 11241100x80000000000000003870897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192dc9b2319467232021-12-22 11:53:40.444root 11241100x80000000000000003870898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a127c79069f9a42021-12-22 11:53:40.444root 11241100x80000000000000003870899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419e2001657e6fc22021-12-22 11:53:40.444root 11241100x80000000000000003870900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29bc0505d45e8b592021-12-22 11:53:40.444root 11241100x80000000000000003870901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee2204f580e822a2021-12-22 11:53:40.943root 11241100x80000000000000003870902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd782a6e1e3914f2021-12-22 11:53:40.943root 11241100x80000000000000003870903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab63187d245c72a2021-12-22 11:53:40.943root 11241100x80000000000000003870904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fd27855eb5466b2021-12-22 11:53:40.943root 11241100x80000000000000003870905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76a6eb9304478072021-12-22 11:53:40.943root 11241100x80000000000000003870906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06894e347e4923462021-12-22 11:53:40.943root 11241100x80000000000000003870907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e718298a74debf2021-12-22 11:53:40.944root 11241100x80000000000000003870908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de274f51848aeaa12021-12-22 11:53:40.944root 11241100x80000000000000003870909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f947286b8e6bea32021-12-22 11:53:40.944root 11241100x80000000000000003870910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3c5459db221aa72021-12-22 11:53:40.944root 11241100x80000000000000003870911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee4a32dcb7ead152021-12-22 11:53:41.443root 11241100x80000000000000003870912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b127b5a1cfd3b89f2021-12-22 11:53:41.443root 11241100x80000000000000003870913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c153632907ca8c2021-12-22 11:53:41.443root 11241100x80000000000000003870914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b175a94b001119192021-12-22 11:53:41.443root 11241100x80000000000000003870915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4187240375e1bc2021-12-22 11:53:41.443root 11241100x80000000000000003870916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16fbc8f278afdb792021-12-22 11:53:41.443root 11241100x80000000000000003870917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfa9e86f84994d22021-12-22 11:53:41.444root 11241100x80000000000000003870918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07a3dae74d3e79d2021-12-22 11:53:41.444root 11241100x80000000000000003870919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92567513f48b91f22021-12-22 11:53:41.444root 11241100x80000000000000003870920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2f800f82a9fc262021-12-22 11:53:41.444root 11241100x80000000000000003870921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941180f7210f550e2021-12-22 11:53:41.943root 11241100x80000000000000003870922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ecef1061847fb32021-12-22 11:53:41.943root 11241100x80000000000000003870923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b07dd8e735fce92021-12-22 11:53:41.943root 11241100x80000000000000003870924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e106304ddfbf267f2021-12-22 11:53:41.943root 11241100x80000000000000003870925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6189c8f1a17db5cf2021-12-22 11:53:41.943root 11241100x80000000000000003870926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8bc6a3793f27b0f2021-12-22 11:53:41.943root 11241100x80000000000000003870927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d662a12e6b8693b52021-12-22 11:53:41.943root 11241100x80000000000000003870928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6136c4a5e61315ee2021-12-22 11:53:41.944root 11241100x80000000000000003870929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b75b9b6719c5c32021-12-22 11:53:41.944root 11241100x80000000000000003870930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e574dccfbd09884d2021-12-22 11:53:41.944root 11241100x80000000000000003870931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64dab2e4023fd00d2021-12-22 11:53:42.443root 11241100x80000000000000003870932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5290a9cf95f0a482021-12-22 11:53:42.443root 11241100x80000000000000003870933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0134fdbb096dd74c2021-12-22 11:53:42.443root 11241100x80000000000000003870934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86077765817c27762021-12-22 11:53:42.443root 11241100x80000000000000003870935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0d409afb0dbcdd2021-12-22 11:53:42.444root 11241100x80000000000000003870936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d0732a3f992cd42021-12-22 11:53:42.444root 11241100x80000000000000003870937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f83b57fc057c8cc2021-12-22 11:53:42.444root 11241100x80000000000000003870938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b6e42c919aa7f02021-12-22 11:53:42.444root 11241100x80000000000000003870939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb6c5ac671c34c42021-12-22 11:53:42.444root 11241100x80000000000000003870940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0140198449c8da6e2021-12-22 11:53:42.444root 11241100x80000000000000003870941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795e9707783678c12021-12-22 11:53:42.943root 11241100x80000000000000003870942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7acdf3d2b926cffd2021-12-22 11:53:42.943root 11241100x80000000000000003870943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a3b101a9aeb7192021-12-22 11:53:42.943root 11241100x80000000000000003870944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7f6718c178d43a2021-12-22 11:53:42.943root 11241100x80000000000000003870945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1c067f74ac19422021-12-22 11:53:42.943root 11241100x80000000000000003870946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd2266932a26f902021-12-22 11:53:42.943root 11241100x80000000000000003870947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa8c15f7cba41d02021-12-22 11:53:42.943root 11241100x80000000000000003870948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34c73b7b1ec34c82021-12-22 11:53:42.943root 11241100x80000000000000003870949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d14c046a7275c62021-12-22 11:53:42.944root 11241100x80000000000000003870950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2024e8be0065f3222021-12-22 11:53:42.944root 11241100x80000000000000003870951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c9039eaabed4462021-12-22 11:53:43.443root 11241100x80000000000000003870952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1286e6641cd031c2021-12-22 11:53:43.443root 11241100x80000000000000003870953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2db3e35f888bd72021-12-22 11:53:43.443root 11241100x80000000000000003870954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c625020254c3cf612021-12-22 11:53:43.443root 11241100x80000000000000003870955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42967d675a493b782021-12-22 11:53:43.444root 11241100x80000000000000003870956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b519eb75ea3641e82021-12-22 11:53:43.444root 11241100x80000000000000003870957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef2e6108b8e435b32021-12-22 11:53:43.444root 11241100x80000000000000003870958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4fda5b57d0d5f82021-12-22 11:53:43.444root 11241100x80000000000000003870959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf4a9e8f76128de2021-12-22 11:53:43.444root 11241100x80000000000000003870960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de04cbc54569be22021-12-22 11:53:43.444root 11241100x80000000000000003870961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d7a11814373f5e2021-12-22 11:53:43.943root 11241100x80000000000000003870962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c840eda45941ee552021-12-22 11:53:43.943root 11241100x80000000000000003870963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaaf6c8cce3bc5452021-12-22 11:53:43.943root 11241100x80000000000000003870964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5baf85da6a6c362021-12-22 11:53:43.943root 11241100x80000000000000003870965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc6043dd1a2e0b52021-12-22 11:53:43.943root 11241100x80000000000000003870966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b465d6d9b807ca132021-12-22 11:53:43.943root 11241100x80000000000000003870967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b9caec7794a0962021-12-22 11:53:43.943root 11241100x80000000000000003870968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4461ddb52b93c02021-12-22 11:53:43.943root 11241100x80000000000000003870969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8479828c1b1934332021-12-22 11:53:43.944root 11241100x80000000000000003870970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84841aa49cfed54b2021-12-22 11:53:43.944root 11241100x80000000000000003870971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1d8ceb742bc02f2021-12-22 11:53:44.443root 11241100x80000000000000003870972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765f0760f1d6f65a2021-12-22 11:53:44.443root 11241100x80000000000000003870973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7924a094d9f586ba2021-12-22 11:53:44.443root 11241100x80000000000000003870974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb60d1e5299eecf2021-12-22 11:53:44.443root 11241100x80000000000000003870975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad275bb6656a7a62021-12-22 11:53:44.443root 11241100x80000000000000003870976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d745aa5a2fc886992021-12-22 11:53:44.443root 11241100x80000000000000003870977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e84fed0100578f2021-12-22 11:53:44.443root 11241100x80000000000000003870978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a471687ade10ead02021-12-22 11:53:44.443root 11241100x80000000000000003870979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c3523d92498c612021-12-22 11:53:44.444root 11241100x80000000000000003870980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c637bc27b738560f2021-12-22 11:53:44.444root 11241100x80000000000000003870981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae2dfacf917d5f12021-12-22 11:53:44.943root 11241100x80000000000000003870982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694b7079acffffb02021-12-22 11:53:44.943root 11241100x80000000000000003870983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75ceb02a1ed77342021-12-22 11:53:44.943root 11241100x80000000000000003870984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1594d85fe914c42021-12-22 11:53:44.943root 11241100x80000000000000003870985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d091a34349500e7b2021-12-22 11:53:44.943root 11241100x80000000000000003870986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12cccc16a48433d12021-12-22 11:53:44.943root 11241100x80000000000000003870987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7591ca00a709512021-12-22 11:53:44.943root 11241100x80000000000000003870988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e932751419de0e22021-12-22 11:53:44.943root 11241100x80000000000000003870989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee524f33f909a56f2021-12-22 11:53:44.944root 11241100x80000000000000003870990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3950bbc995b3442021-12-22 11:53:44.944root 354300x80000000000000003870991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:45.114{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55610-false10.0.1.12-8000- 11241100x80000000000000003870992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb10ba7f8d6eeb342021-12-22 11:53:45.443root 11241100x80000000000000003870993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5a982708f4b2262021-12-22 11:53:45.443root 11241100x80000000000000003870994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a6ec76db7087cb2021-12-22 11:53:45.444root 11241100x80000000000000003870995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a19bd51fd95dea2021-12-22 11:53:45.444root 11241100x80000000000000003870996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f4b2e52ae472d62021-12-22 11:53:45.444root 11241100x80000000000000003870997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7ecda5f0114d7f2021-12-22 11:53:45.444root 11241100x80000000000000003870998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50ce03fa771466e2021-12-22 11:53:45.445root 11241100x80000000000000003870999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011a1dce575ffdb72021-12-22 11:53:45.445root 11241100x80000000000000003871000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6462c54c9a4c5a2021-12-22 11:53:45.445root 11241100x80000000000000003871001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7625c0a8e70225f92021-12-22 11:53:45.445root 11241100x80000000000000003871002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd802fb7391db11f2021-12-22 11:53:45.446root 11241100x80000000000000003871003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a419d8f8bb87f9462021-12-22 11:53:45.943root 11241100x80000000000000003871004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe051dd438be0952021-12-22 11:53:45.943root 11241100x80000000000000003871005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c83a233dd1fd922021-12-22 11:53:45.943root 11241100x80000000000000003871006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4039545abf516a8b2021-12-22 11:53:45.944root 11241100x80000000000000003871007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5a8ce36e17d1762021-12-22 11:53:45.944root 11241100x80000000000000003871008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff98710078160c322021-12-22 11:53:45.944root 11241100x80000000000000003871009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df87433dfec3e0bd2021-12-22 11:53:45.944root 11241100x80000000000000003871010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f061a8d6d8a02b632021-12-22 11:53:45.944root 11241100x80000000000000003871011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f3aae655f9da392021-12-22 11:53:45.944root 11241100x80000000000000003871012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbdbf6959e143292021-12-22 11:53:45.945root 11241100x80000000000000003871013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c4741eceb1d62a2021-12-22 11:53:45.945root 11241100x80000000000000003871014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88356c16a6c589c2021-12-22 11:53:46.443root 11241100x80000000000000003871015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b004fe376f5cb6002021-12-22 11:53:46.443root 11241100x80000000000000003871016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef1a52930420cc22021-12-22 11:53:46.443root 11241100x80000000000000003871017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8dc2f6a56ac80112021-12-22 11:53:46.443root 11241100x80000000000000003871018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec47dd14130e84b2021-12-22 11:53:46.443root 11241100x80000000000000003871019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645d0d915198103e2021-12-22 11:53:46.443root 11241100x80000000000000003871020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdda043be0043f72021-12-22 11:53:46.444root 11241100x80000000000000003871021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff6cb3407a56ccb2021-12-22 11:53:46.444root 11241100x80000000000000003871022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ed29e1893dd6642021-12-22 11:53:46.444root 11241100x80000000000000003871023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320aca054d0149c02021-12-22 11:53:46.444root 11241100x80000000000000003871024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f882d6d6084d1742021-12-22 11:53:46.444root 11241100x80000000000000003871025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b31a0c7717107d2021-12-22 11:53:46.943root 11241100x80000000000000003871026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f562c7065a15ec2021-12-22 11:53:46.943root 11241100x80000000000000003871027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fecec4fb0ddc9fb42021-12-22 11:53:46.943root 11241100x80000000000000003871028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075ef707634ef0882021-12-22 11:53:46.943root 11241100x80000000000000003871029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc12949a2a2ba5f2021-12-22 11:53:46.943root 11241100x80000000000000003871030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf41b5e01addde42021-12-22 11:53:46.943root 11241100x80000000000000003871031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dcd4510a23a06c42021-12-22 11:53:46.943root 11241100x80000000000000003871032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdaedee1e2b62002021-12-22 11:53:46.944root 11241100x80000000000000003871033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c007180edd93b6172021-12-22 11:53:46.944root 11241100x80000000000000003871034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fa1c406b363a732021-12-22 11:53:46.944root 11241100x80000000000000003871035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb424ca280af4afe2021-12-22 11:53:46.944root 11241100x80000000000000003871036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ddbbe99838847282021-12-22 11:53:47.443root 11241100x80000000000000003871037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f316cdb840a3fbdd2021-12-22 11:53:47.443root 11241100x80000000000000003871038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caed5dba54e336762021-12-22 11:53:47.443root 11241100x80000000000000003871039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dad0772cbe1951a2021-12-22 11:53:47.443root 11241100x80000000000000003871040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d354bea699d9aa922021-12-22 11:53:47.443root 11241100x80000000000000003871041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704a2512b500f22c2021-12-22 11:53:47.443root 11241100x80000000000000003871042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f227e1faab40af52021-12-22 11:53:47.443root 11241100x80000000000000003871043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4667e557ae9dc8642021-12-22 11:53:47.443root 11241100x80000000000000003871044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55034b9eae60e0c82021-12-22 11:53:47.444root 11241100x80000000000000003871045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44dd3878d28934662021-12-22 11:53:47.444root 11241100x80000000000000003871046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ce05570b6ecd1f2021-12-22 11:53:47.444root 11241100x80000000000000003871047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a786177fa867fbcb2021-12-22 11:53:47.943root 11241100x80000000000000003871048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42c2aac727ee1142021-12-22 11:53:47.943root 11241100x80000000000000003871049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3683894475f0126b2021-12-22 11:53:47.943root 11241100x80000000000000003871050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8edf8add41fb762021-12-22 11:53:47.943root 11241100x80000000000000003871051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10811a01f7cc763c2021-12-22 11:53:47.943root 11241100x80000000000000003871052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da6d7fc597d90e72021-12-22 11:53:47.943root 11241100x80000000000000003871053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7adb217a5d982f542021-12-22 11:53:47.943root 11241100x80000000000000003871054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4abe16e21e0e00b2021-12-22 11:53:47.944root 11241100x80000000000000003871055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3d8c75484af36f2021-12-22 11:53:47.944root 11241100x80000000000000003871056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb022d34a0114362021-12-22 11:53:47.944root 11241100x80000000000000003871057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe97aa726d39c962021-12-22 11:53:47.944root 11241100x80000000000000003871058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876bd4a053caa6292021-12-22 11:53:48.443root 11241100x80000000000000003871059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa1c8660fa017192021-12-22 11:53:48.443root 11241100x80000000000000003871060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cba5b7d56f6db232021-12-22 11:53:48.444root 11241100x80000000000000003871061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdfb117d955c9fc22021-12-22 11:53:48.444root 11241100x80000000000000003871062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1b48222b0a0b372021-12-22 11:53:48.444root 11241100x80000000000000003871063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce021bc5c93523a2021-12-22 11:53:48.444root 11241100x80000000000000003871064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32bd1c75153fd0282021-12-22 11:53:48.445root 11241100x80000000000000003871065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34dd4784fac5de062021-12-22 11:53:48.445root 11241100x80000000000000003871066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b519f421f335d5b52021-12-22 11:53:48.445root 11241100x80000000000000003871067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1636517e7653e33f2021-12-22 11:53:48.445root 11241100x80000000000000003871068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21cb4e61129cc26a2021-12-22 11:53:48.446root 11241100x80000000000000003871069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612fe88e29c208982021-12-22 11:53:48.943root 11241100x80000000000000003871070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60cc7c1634bb5a2c2021-12-22 11:53:48.943root 11241100x80000000000000003871071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2493674b2ba41832021-12-22 11:53:48.943root 11241100x80000000000000003871072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2a6ccc7cd841c12021-12-22 11:53:48.944root 11241100x80000000000000003871073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb702c4a7153bfe32021-12-22 11:53:48.944root 11241100x80000000000000003871074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b170328fbba81a732021-12-22 11:53:48.944root 11241100x80000000000000003871075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7e062f69dc75a12021-12-22 11:53:48.944root 11241100x80000000000000003871076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7635372293aae1f2021-12-22 11:53:48.944root 11241100x80000000000000003871077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5797eb5fa23141a2021-12-22 11:53:48.944root 11241100x80000000000000003871078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c737428fa3e57c72021-12-22 11:53:48.944root 11241100x80000000000000003871079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2761e0398b06b52021-12-22 11:53:48.944root 11241100x80000000000000003871080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4d06b4a029ea442021-12-22 11:53:49.443root 11241100x80000000000000003871081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf618d10ff122ac42021-12-22 11:53:49.443root 11241100x80000000000000003871082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c3a9ff91ff4b112021-12-22 11:53:49.443root 11241100x80000000000000003871083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5622dffecec90a822021-12-22 11:53:49.443root 11241100x80000000000000003871084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3400f8ea596aa0cf2021-12-22 11:53:49.443root 11241100x80000000000000003871085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b76ca090469c6d02021-12-22 11:53:49.443root 11241100x80000000000000003871086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e37eee5ee921af2021-12-22 11:53:49.444root 11241100x80000000000000003871087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34c0376cef27ab12021-12-22 11:53:49.444root 11241100x80000000000000003871088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81b8e180d6153122021-12-22 11:53:49.444root 11241100x80000000000000003871089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f4e9b2b8bed1332021-12-22 11:53:49.444root 11241100x80000000000000003871090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e859849947c89492021-12-22 11:53:49.444root 11241100x80000000000000003871091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0793855a0fd3af2021-12-22 11:53:49.943root 11241100x80000000000000003871092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478b67abf3ec9de52021-12-22 11:53:49.943root 11241100x80000000000000003871093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac5a370aeeb5f142021-12-22 11:53:49.943root 11241100x80000000000000003871094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc14429d2efd70bc2021-12-22 11:53:49.943root 11241100x80000000000000003871095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4acde6a8058884602021-12-22 11:53:49.943root 11241100x80000000000000003871096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f370c3561d59f98c2021-12-22 11:53:49.943root 11241100x80000000000000003871097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051e6da6d124d0862021-12-22 11:53:49.943root 11241100x80000000000000003871098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8c2f9eee2640fc2021-12-22 11:53:49.943root 11241100x80000000000000003871099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4799a8996bad52f32021-12-22 11:53:49.944root 11241100x80000000000000003871100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8610a305ecfce7872021-12-22 11:53:49.944root 11241100x80000000000000003871101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8c9437ec00e02b2021-12-22 11:53:49.944root 354300x80000000000000003871102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:50.229{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55612-false10.0.1.12-8000- 11241100x80000000000000003871103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:50.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b753cd604a610062021-12-22 11:53:50.230root 11241100x80000000000000003871104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:50.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f2d2448e5d19702021-12-22 11:53:50.230root 11241100x80000000000000003871105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:50.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e61f5a767fcceef2021-12-22 11:53:50.230root 11241100x80000000000000003871106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:50.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a7ad6ff40591112021-12-22 11:53:50.230root 11241100x80000000000000003871107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:50.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a52859c6bcd72a2021-12-22 11:53:50.230root 11241100x80000000000000003871108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:50.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9e9a1768ab62802021-12-22 11:53:50.230root 11241100x80000000000000003871109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:50.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a21f7bebb27a3ba2021-12-22 11:53:50.230root 11241100x80000000000000003871110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:50.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a02ad023fab0b972021-12-22 11:53:50.230root 11241100x80000000000000003871111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:50.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a56b4cca550a6e22021-12-22 11:53:50.230root 11241100x80000000000000003871112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:50.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6049e6ed7e785e7c2021-12-22 11:53:50.230root 11241100x80000000000000003871113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:50.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3894c02c36ce5f2021-12-22 11:53:50.231root 11241100x80000000000000003871114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:50.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d72bd9fe56557bc2021-12-22 11:53:50.231root 11241100x80000000000000003871115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229ceaa4f625a3af2021-12-22 11:53:50.693root 11241100x80000000000000003871116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f1d4ad65ee3bad2021-12-22 11:53:50.693root 11241100x80000000000000003871117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a7190221f3226a2021-12-22 11:53:50.693root 11241100x80000000000000003871118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb53c2a649d4c182021-12-22 11:53:50.693root 11241100x80000000000000003871119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba7031be90d372b2021-12-22 11:53:50.693root 11241100x80000000000000003871120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a8ea1c7558564892021-12-22 11:53:50.693root 11241100x80000000000000003871121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f62cc7430307b0c2021-12-22 11:53:50.693root 11241100x80000000000000003871122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9758ce841702cb212021-12-22 11:53:50.694root 11241100x80000000000000003871123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46be64525da094dd2021-12-22 11:53:50.694root 11241100x80000000000000003871124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79aba4d598310fcd2021-12-22 11:53:50.694root 11241100x80000000000000003871125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4a1878559612b22021-12-22 11:53:50.694root 11241100x80000000000000003871126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a27e8478e2c204f2021-12-22 11:53:50.694root 11241100x80000000000000003871127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fa17a32c2adc502021-12-22 11:53:51.193root 11241100x80000000000000003871128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd95bd6f55a4b9f2021-12-22 11:53:51.193root 11241100x80000000000000003871129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f936e0e48586ac2021-12-22 11:53:51.193root 11241100x80000000000000003871130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6bce8ae0cd41da2021-12-22 11:53:51.193root 11241100x80000000000000003871131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656f38ec9c3660b02021-12-22 11:53:51.193root 11241100x80000000000000003871132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2103bbfeac4d11b2021-12-22 11:53:51.193root 11241100x80000000000000003871133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af29bdb4e90f22532021-12-22 11:53:51.193root 11241100x80000000000000003871134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b199c9e15fdff822021-12-22 11:53:51.194root 11241100x80000000000000003871135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ab72f2f8ffcb622021-12-22 11:53:51.194root 11241100x80000000000000003871136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08c628ed7cd85622021-12-22 11:53:51.194root 11241100x80000000000000003871137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa418d5d0bd80fb2021-12-22 11:53:51.194root 11241100x80000000000000003871138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a30d58973c0f472021-12-22 11:53:51.194root 11241100x80000000000000003871139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08008093e0492c12021-12-22 11:53:51.693root 11241100x80000000000000003871140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7134a31a5c7d9f2021-12-22 11:53:51.693root 11241100x80000000000000003871141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ba744ddc3eada92021-12-22 11:53:51.693root 11241100x80000000000000003871142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f341bdaec6782702021-12-22 11:53:51.693root 11241100x80000000000000003871143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4533fe0ec2fc6a952021-12-22 11:53:51.693root 11241100x80000000000000003871144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e86ede74e6b4402021-12-22 11:53:51.693root 11241100x80000000000000003871145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24892769e80053e22021-12-22 11:53:51.693root 11241100x80000000000000003871146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a03c0f4c03b03292021-12-22 11:53:51.693root 11241100x80000000000000003871147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fae793d9b401a22021-12-22 11:53:51.693root 11241100x80000000000000003871148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600123cc671241882021-12-22 11:53:51.694root 11241100x80000000000000003871149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705507ed92a0c10e2021-12-22 11:53:51.694root 11241100x80000000000000003871150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa1c4492e698eab2021-12-22 11:53:51.694root 11241100x80000000000000003871151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9ff85f5fe2262d2021-12-22 11:53:52.193root 11241100x80000000000000003871152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d1a7924a34cc5a2021-12-22 11:53:52.193root 11241100x80000000000000003871153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a820862ff50b8ec32021-12-22 11:53:52.193root 11241100x80000000000000003871154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15300ce2562e60d2021-12-22 11:53:52.193root 11241100x80000000000000003871155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f27581bc9bc44c52021-12-22 11:53:52.193root 11241100x80000000000000003871156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b555953d7010e9362021-12-22 11:53:52.193root 11241100x80000000000000003871157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6b5ff9613b14a52021-12-22 11:53:52.193root 11241100x80000000000000003871158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce9e648ff7b89472021-12-22 11:53:52.193root 11241100x80000000000000003871159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea50b5dcb4b29ae62021-12-22 11:53:52.193root 11241100x80000000000000003871160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c699c8fff4ba7f2021-12-22 11:53:52.193root 11241100x80000000000000003871161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9973ae6eae3ed87e2021-12-22 11:53:52.194root 11241100x80000000000000003871162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9434c12c12be9d22021-12-22 11:53:52.194root 11241100x80000000000000003871163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6110a995a07f54db2021-12-22 11:53:52.693root 11241100x80000000000000003871164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865993ff920286ec2021-12-22 11:53:52.693root 11241100x80000000000000003871165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafb6ed38be263432021-12-22 11:53:52.693root 11241100x80000000000000003871166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf19560ecd10a4b82021-12-22 11:53:52.693root 11241100x80000000000000003871167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bbb728c7c258b72021-12-22 11:53:52.693root 11241100x80000000000000003871168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef70c747a8fb2b52021-12-22 11:53:52.693root 11241100x80000000000000003871169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62200f236c0a96f32021-12-22 11:53:52.693root 11241100x80000000000000003871170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511d85fcb6504d672021-12-22 11:53:52.694root 11241100x80000000000000003871171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713f34c7f0eb528d2021-12-22 11:53:52.694root 11241100x80000000000000003871172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5d8b83d1aa02ba2021-12-22 11:53:52.694root 11241100x80000000000000003871173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de624b6bc480fa342021-12-22 11:53:52.694root 11241100x80000000000000003871174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809122d239a100702021-12-22 11:53:52.694root 11241100x80000000000000003871175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a647d5b1e1cf049f2021-12-22 11:53:53.193root 11241100x80000000000000003871176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64f56743a3eaa102021-12-22 11:53:53.193root 11241100x80000000000000003871177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0759e1f56b2424d2021-12-22 11:53:53.193root 11241100x80000000000000003871178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c897f2a0f4f886b22021-12-22 11:53:53.193root 11241100x80000000000000003871179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7989c7d1ca041e02021-12-22 11:53:53.193root 11241100x80000000000000003871180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26764bf09a8451ad2021-12-22 11:53:53.193root 11241100x80000000000000003871181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52da53219ec4a782021-12-22 11:53:53.193root 11241100x80000000000000003871182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6740cb42f195e1db2021-12-22 11:53:53.193root 11241100x80000000000000003871183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59da529468ddab042021-12-22 11:53:53.194root 11241100x80000000000000003871184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ca896cdbcba83c2021-12-22 11:53:53.194root 11241100x80000000000000003871185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4f8ebc48ea7c362021-12-22 11:53:53.194root 11241100x80000000000000003871186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cd3f13643dd8752021-12-22 11:53:53.194root 11241100x80000000000000003871187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafb5bcf9d451cd12021-12-22 11:53:53.693root 11241100x80000000000000003871188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a07ddc072f4fbc2021-12-22 11:53:53.693root 11241100x80000000000000003871189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8367deaf138c4f872021-12-22 11:53:53.693root 11241100x80000000000000003871190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659e529d2a85fe132021-12-22 11:53:53.693root 11241100x80000000000000003871191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2e9745eada6ebd2021-12-22 11:53:53.693root 11241100x80000000000000003871192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af4fe8720ec336d2021-12-22 11:53:53.693root 11241100x80000000000000003871193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa4147b93c5b5e92021-12-22 11:53:53.693root 11241100x80000000000000003871194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8bcf1422684e4f2021-12-22 11:53:53.693root 11241100x80000000000000003871195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58bdf678e7c16cd62021-12-22 11:53:53.694root 11241100x80000000000000003871196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d23bcb1fa681b52021-12-22 11:53:53.694root 11241100x80000000000000003871197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1735b3dda04e26512021-12-22 11:53:53.694root 11241100x80000000000000003871198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64417c1ffd5a8262021-12-22 11:53:53.694root 11241100x80000000000000003871199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ea8275c737efec2021-12-22 11:53:54.193root 11241100x80000000000000003871200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1cf07c291079bf2021-12-22 11:53:54.193root 11241100x80000000000000003871201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b59008cc6038692021-12-22 11:53:54.193root 11241100x80000000000000003871202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed37c8de6af496b2021-12-22 11:53:54.193root 11241100x80000000000000003871203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a668fd26dc9fada92021-12-22 11:53:54.193root 11241100x80000000000000003871204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f271ad1dfbd9fb42021-12-22 11:53:54.193root 11241100x80000000000000003871205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34036d52fede44e02021-12-22 11:53:54.193root 11241100x80000000000000003871206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d328718c160ec6662021-12-22 11:53:54.193root 11241100x80000000000000003871207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69f705601ccca1b2021-12-22 11:53:54.194root 11241100x80000000000000003871208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269c5b1784ceabed2021-12-22 11:53:54.194root 11241100x80000000000000003871209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d27c39a051d17d22021-12-22 11:53:54.194root 11241100x80000000000000003871210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b118c01a2c72fe5d2021-12-22 11:53:54.194root 11241100x80000000000000003871211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b75bb20c9e14af2021-12-22 11:53:54.693root 11241100x80000000000000003871212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9825057bbb8b8552021-12-22 11:53:54.693root 11241100x80000000000000003871213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4419f1dbd397ee0c2021-12-22 11:53:54.693root 11241100x80000000000000003871214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bedbdb59c43572c2021-12-22 11:53:54.693root 11241100x80000000000000003871215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e60d55769143422021-12-22 11:53:54.693root 11241100x80000000000000003871216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953bec3022a74f292021-12-22 11:53:54.693root 11241100x80000000000000003871217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d7fe50168c80fc2021-12-22 11:53:54.693root 11241100x80000000000000003871218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9efe600b1d9db1892021-12-22 11:53:54.693root 11241100x80000000000000003871219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ecc2a618a0da7782021-12-22 11:53:54.693root 11241100x80000000000000003871220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6acbdcf947066a2021-12-22 11:53:54.693root 11241100x80000000000000003871221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5727a3ec95020222021-12-22 11:53:54.694root 11241100x80000000000000003871222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b375ebbb91f83cc62021-12-22 11:53:54.694root 11241100x80000000000000003871223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:55.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69189199427cbae52021-12-22 11:53:55.193root 11241100x80000000000000003871224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:55.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a423b5e73b0b07ef2021-12-22 11:53:55.193root 11241100x80000000000000003871225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:55.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c943c523956915b32021-12-22 11:53:55.193root 11241100x80000000000000003871226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:55.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de30933e35793f42021-12-22 11:53:55.193root 11241100x80000000000000003871227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:55.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9514d3e8803d642021-12-22 11:53:55.193root 11241100x80000000000000003871228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:55.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec3fe1cfb8afdb92021-12-22 11:53:55.193root 11241100x80000000000000003871229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:55.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512842a9a40ebe582021-12-22 11:53:55.193root 11241100x80000000000000003871230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a09089d4a1093282021-12-22 11:53:55.194root 11241100x80000000000000003871231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed3348be33167d22021-12-22 11:53:55.194root 11241100x80000000000000003871232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd791bda1a81a522021-12-22 11:53:55.194root 11241100x80000000000000003871233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310c878414a7b17e2021-12-22 11:53:55.194root 11241100x80000000000000003871234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ce51393d146b762021-12-22 11:53:55.194root 11241100x80000000000000003871235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c2d3f3e1b592d32021-12-22 11:53:55.693root 11241100x80000000000000003871236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a36e07ab2cb3e02021-12-22 11:53:55.693root 11241100x80000000000000003871237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db7d70f590575a92021-12-22 11:53:55.693root 11241100x80000000000000003871238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897167301a1323d32021-12-22 11:53:55.693root 11241100x80000000000000003871239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8c01737a4845722021-12-22 11:53:55.693root 11241100x80000000000000003871240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227e0dbb7230d57c2021-12-22 11:53:55.693root 11241100x80000000000000003871241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f9d0eb021d61512021-12-22 11:53:55.693root 11241100x80000000000000003871242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721602ac5e461bca2021-12-22 11:53:55.693root 11241100x80000000000000003871243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e17591efe083f0d2021-12-22 11:53:55.694root 11241100x80000000000000003871244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9e99159dbf26152021-12-22 11:53:55.694root 11241100x80000000000000003871245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaeeefec13bf5be92021-12-22 11:53:55.694root 11241100x80000000000000003871246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa2b5537911d30a2021-12-22 11:53:55.694root 354300x80000000000000003871247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.171{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55614-false10.0.1.12-8000- 11241100x80000000000000003871248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.172{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b05983b641e5ba2021-12-22 11:53:56.172root 11241100x80000000000000003871249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.172{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0141825f422dd662021-12-22 11:53:56.172root 11241100x80000000000000003871250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.172{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9b9270252a7ab62021-12-22 11:53:56.172root 11241100x80000000000000003871251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.172{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3868f92680a9cd2021-12-22 11:53:56.172root 11241100x80000000000000003871252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.172{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc1b51ec7fc88cf2021-12-22 11:53:56.172root 11241100x80000000000000003871253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.173{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a488c5e5620cf42021-12-22 11:53:56.173root 11241100x80000000000000003871254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.173{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c3766a3cdb88832021-12-22 11:53:56.173root 11241100x80000000000000003871255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.173{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f2b77f4b9c77652021-12-22 11:53:56.173root 11241100x80000000000000003871256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.173{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48f573d503987ee2021-12-22 11:53:56.173root 11241100x80000000000000003871257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.173{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5b85b9897c4d4a2021-12-22 11:53:56.173root 11241100x80000000000000003871258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.173{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5377b9ae2eb9dc4f2021-12-22 11:53:56.173root 11241100x80000000000000003871259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.173{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b949fbf637d75592021-12-22 11:53:56.173root 11241100x80000000000000003871260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.174{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5bace803cd244782021-12-22 11:53:56.174root 11241100x80000000000000003871261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.174{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aeb8f7de009944c2021-12-22 11:53:56.174root 11241100x80000000000000003871262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d5a72892c23f2e2021-12-22 11:53:56.443root 11241100x80000000000000003871263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea668d874b6319bc2021-12-22 11:53:56.444root 11241100x80000000000000003871264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab7878254d25dd12021-12-22 11:53:56.444root 11241100x80000000000000003871265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc80adfc7adb27b32021-12-22 11:53:56.444root 11241100x80000000000000003871266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228e879c4ab81c672021-12-22 11:53:56.444root 11241100x80000000000000003871267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ac0ea3f96e55402021-12-22 11:53:56.444root 11241100x80000000000000003871268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b131006b9f48efd12021-12-22 11:53:56.444root 11241100x80000000000000003871269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a0567beddcbb7e2021-12-22 11:53:56.444root 11241100x80000000000000003871270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e894295575720b2021-12-22 11:53:56.444root 11241100x80000000000000003871271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32518394a8539282021-12-22 11:53:56.444root 11241100x80000000000000003871272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a5a4b6368fa14d2021-12-22 11:53:56.444root 11241100x80000000000000003871273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7196fb2b25be1be22021-12-22 11:53:56.444root 11241100x80000000000000003871274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6871a5d943e692202021-12-22 11:53:56.444root 11241100x80000000000000003871275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4a4d0b0220b3722021-12-22 11:53:56.943root 11241100x80000000000000003871276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf181d4840e10732021-12-22 11:53:56.943root 11241100x80000000000000003871277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e45ec1ac5807ece2021-12-22 11:53:56.943root 11241100x80000000000000003871278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550777189060ddf52021-12-22 11:53:56.943root 11241100x80000000000000003871279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b67b2fcc88ddd82021-12-22 11:53:56.943root 11241100x80000000000000003871280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4a1015f1dc51bd2021-12-22 11:53:56.943root 11241100x80000000000000003871281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3977d24448f02ce2021-12-22 11:53:56.943root 11241100x80000000000000003871282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d714999f2184aae2021-12-22 11:53:56.943root 11241100x80000000000000003871283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e36372c71793982021-12-22 11:53:56.944root 11241100x80000000000000003871284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b326758adaadc60b2021-12-22 11:53:56.944root 11241100x80000000000000003871285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb787a9b4c75b44d2021-12-22 11:53:56.944root 11241100x80000000000000003871286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d107bd6a64202122021-12-22 11:53:56.944root 11241100x80000000000000003871287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb2b105f5bcc7052021-12-22 11:53:56.944root 11241100x80000000000000003871288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fce97f72cbf537e2021-12-22 11:53:57.443root 11241100x80000000000000003871289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69d680e874c9e992021-12-22 11:53:57.443root 11241100x80000000000000003871290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c41abe1226bedb2021-12-22 11:53:57.443root 11241100x80000000000000003871291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5567ae47572181e92021-12-22 11:53:57.443root 11241100x80000000000000003871292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91aa93fde9d6bc772021-12-22 11:53:57.444root 11241100x80000000000000003871293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903f076451d65bbe2021-12-22 11:53:57.444root 11241100x80000000000000003871294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73cc9af03a2f10f62021-12-22 11:53:57.444root 11241100x80000000000000003871295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce235739908895c2021-12-22 11:53:57.444root 11241100x80000000000000003871296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f737e62aaf1f3e82021-12-22 11:53:57.444root 11241100x80000000000000003871297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2d055215415a522021-12-22 11:53:57.444root 11241100x80000000000000003871298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408004fbca316a6c2021-12-22 11:53:57.444root 11241100x80000000000000003871299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2ea115a36450b82021-12-22 11:53:57.444root 11241100x80000000000000003871300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1eac40bfc2a748d2021-12-22 11:53:57.445root 11241100x80000000000000003871301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726e7c685608c1272021-12-22 11:53:57.943root 11241100x80000000000000003871302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02c2e25ecb009c22021-12-22 11:53:57.943root 11241100x80000000000000003871303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be072788fa097e332021-12-22 11:53:57.943root 11241100x80000000000000003871304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e14f5c47078a8272021-12-22 11:53:57.943root 11241100x80000000000000003871305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77391cb925a447132021-12-22 11:53:57.943root 11241100x80000000000000003871306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7766a1e91bb8fc582021-12-22 11:53:57.943root 11241100x80000000000000003871307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b72b2ac2c136fe2021-12-22 11:53:57.944root 11241100x80000000000000003871308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8853fbfa7c2d9ffd2021-12-22 11:53:57.944root 11241100x80000000000000003871309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3564c2c5e2dd67da2021-12-22 11:53:57.944root 11241100x80000000000000003871310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d06185e9ef8ae02021-12-22 11:53:57.944root 11241100x80000000000000003871311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a5cb796dfb2cfc2021-12-22 11:53:57.944root 11241100x80000000000000003871312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8f2e9466b80d412021-12-22 11:53:57.944root 11241100x80000000000000003871313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b63415b00fb900e2021-12-22 11:53:57.944root 11241100x80000000000000003871314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352e0cf6a007b92d2021-12-22 11:53:58.443root 11241100x80000000000000003871315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1196db949e6ccc922021-12-22 11:53:58.443root 11241100x80000000000000003871316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852dc704637a46d62021-12-22 11:53:58.443root 11241100x80000000000000003871317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189271ebe1bb50782021-12-22 11:53:58.443root 11241100x80000000000000003871318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b49220fa260ce142021-12-22 11:53:58.443root 11241100x80000000000000003871319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7064d5da25036532021-12-22 11:53:58.444root 11241100x80000000000000003871320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48530be5d847c83e2021-12-22 11:53:58.444root 11241100x80000000000000003871321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7cdb97100d647972021-12-22 11:53:58.444root 11241100x80000000000000003871322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7b0ebb025dc8442021-12-22 11:53:58.444root 11241100x80000000000000003871323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5fed083e41a48252021-12-22 11:53:58.444root 11241100x80000000000000003871324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f79be6b0d8930792021-12-22 11:53:58.444root 11241100x80000000000000003871325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9722e33759154262021-12-22 11:53:58.444root 11241100x80000000000000003871326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d87be5d08a91bb42021-12-22 11:53:58.444root 11241100x80000000000000003871327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531cc0521308396d2021-12-22 11:53:58.943root 11241100x80000000000000003871328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424e9331146368842021-12-22 11:53:58.943root 11241100x80000000000000003871329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c608f9e71ad1f802021-12-22 11:53:58.943root 11241100x80000000000000003871330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e56e44d1c19e6e72021-12-22 11:53:58.943root 11241100x80000000000000003871331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c028942d05451a2d2021-12-22 11:53:58.943root 11241100x80000000000000003871332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7e1021278843e02021-12-22 11:53:58.943root 11241100x80000000000000003871333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8750223a418d67612021-12-22 11:53:58.943root 11241100x80000000000000003871334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb5b550c63528572021-12-22 11:53:58.944root 11241100x80000000000000003871335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324f7ee7db65f17a2021-12-22 11:53:58.944root 11241100x80000000000000003871336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7d99da33ad92f82021-12-22 11:53:58.944root 11241100x80000000000000003871337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d735a00a49147062021-12-22 11:53:58.944root 11241100x80000000000000003871338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1d8abef84292962021-12-22 11:53:58.944root 11241100x80000000000000003871339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412cca5955ac93f82021-12-22 11:53:58.944root 11241100x80000000000000003871340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110e4efae531b3402021-12-22 11:53:59.443root 11241100x80000000000000003871341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b759976bc2c3832021-12-22 11:53:59.443root 11241100x80000000000000003871342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972777f38db0834a2021-12-22 11:53:59.443root 11241100x80000000000000003871343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cd3366a21498402021-12-22 11:53:59.443root 11241100x80000000000000003871344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6b103b388e7d592021-12-22 11:53:59.443root 11241100x80000000000000003871345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91b6d69a4bb965d2021-12-22 11:53:59.443root 11241100x80000000000000003871346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8a61740a79a22f2021-12-22 11:53:59.443root 11241100x80000000000000003871347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363b2613a15888bd2021-12-22 11:53:59.444root 11241100x80000000000000003871348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72fa06863d31525d2021-12-22 11:53:59.444root 11241100x80000000000000003871349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7f34825588d6b22021-12-22 11:53:59.444root 11241100x80000000000000003871350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d09b1e353ebd942021-12-22 11:53:59.444root 11241100x80000000000000003871351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d664aa949ebf24f12021-12-22 11:53:59.444root 11241100x80000000000000003871352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c54d8a558a024ff2021-12-22 11:53:59.444root 11241100x80000000000000003871353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5c365cde83a7692021-12-22 11:53:59.943root 11241100x80000000000000003871354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b3afc6c2a288a92021-12-22 11:53:59.943root 11241100x80000000000000003871355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b8460b5816def62021-12-22 11:53:59.943root 11241100x80000000000000003871356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2889ee25e53bbd6e2021-12-22 11:53:59.943root 11241100x80000000000000003871357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f57c5abad8d4e82021-12-22 11:53:59.943root 11241100x80000000000000003871358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a002ff8b938b8d62021-12-22 11:53:59.943root 11241100x80000000000000003871359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37545feea1b5d7792021-12-22 11:53:59.944root 11241100x80000000000000003871360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e02af631dd3fd82021-12-22 11:53:59.944root 11241100x80000000000000003871361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2874f12855320e9c2021-12-22 11:53:59.944root 11241100x80000000000000003871362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3604b0152c70ba2021-12-22 11:53:59.944root 11241100x80000000000000003871363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79967a45efe1d9a52021-12-22 11:53:59.944root 11241100x80000000000000003871364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67bc260589b154822021-12-22 11:53:59.944root 11241100x80000000000000003871365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:53:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc941d4ca90e7232021-12-22 11:53:59.944root 11241100x80000000000000003871366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c29ba91fd43e322021-12-22 11:54:00.443root 11241100x80000000000000003871367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50aac1a60969d6e72021-12-22 11:54:00.443root 11241100x80000000000000003871368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a201e54264d30b1d2021-12-22 11:54:00.443root 11241100x80000000000000003871369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb9ccdc2889769c2021-12-22 11:54:00.443root 11241100x80000000000000003871370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245ac9ee337f72002021-12-22 11:54:00.443root 11241100x80000000000000003871371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7413955574c6f8062021-12-22 11:54:00.443root 11241100x80000000000000003871372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6e98b5ca6b267b2021-12-22 11:54:00.443root 11241100x80000000000000003871373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e4f01e90881adf2021-12-22 11:54:00.444root 11241100x80000000000000003871374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016419013773a3a02021-12-22 11:54:00.444root 11241100x80000000000000003871375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8777c24440b2afa2021-12-22 11:54:00.444root 11241100x80000000000000003871376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0397968e9548e4112021-12-22 11:54:00.444root 11241100x80000000000000003871377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73483c046e665d062021-12-22 11:54:00.444root 11241100x80000000000000003871378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420a3ce44ae140542021-12-22 11:54:00.444root 11241100x80000000000000003871379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764dafafa66ddf4f2021-12-22 11:54:00.943root 11241100x80000000000000003871380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590b16c4f28c8e982021-12-22 11:54:00.943root 11241100x80000000000000003871381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a69e03ceae2c2c2021-12-22 11:54:00.943root 11241100x80000000000000003871382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6df82f063ff52262021-12-22 11:54:00.943root 11241100x80000000000000003871383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0ea1471d54463b2021-12-22 11:54:00.943root 11241100x80000000000000003871384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84affccd185347ab2021-12-22 11:54:00.943root 11241100x80000000000000003871385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0dcfa592cf8d9572021-12-22 11:54:00.943root 11241100x80000000000000003871386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c346582d7c3dda2b2021-12-22 11:54:00.944root 11241100x80000000000000003871387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d258cdbd1eeb082021-12-22 11:54:00.944root 11241100x80000000000000003871388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c01422ac9df9ac2021-12-22 11:54:00.944root 11241100x80000000000000003871389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80bcd619ba88ad1c2021-12-22 11:54:00.944root 11241100x80000000000000003871390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c2ff410113b0acf2021-12-22 11:54:00.944root 11241100x80000000000000003871391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206cf27c2adbe5992021-12-22 11:54:00.944root 354300x80000000000000003871392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:01.209{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55616-false10.0.1.12-8000- 11241100x80000000000000003871393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:01.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a750ed82168e2d2021-12-22 11:54:01.210root 11241100x80000000000000003871394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:01.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e749848843104c2021-12-22 11:54:01.210root 11241100x80000000000000003871395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:01.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff16e9fca7dc672b2021-12-22 11:54:01.210root 11241100x80000000000000003871396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:01.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a576f969624492742021-12-22 11:54:01.210root 11241100x80000000000000003871397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:01.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5692ecacc1b6a032021-12-22 11:54:01.211root 11241100x80000000000000003871398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:01.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63cfebfdc30723b2021-12-22 11:54:01.211root 11241100x80000000000000003871399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:01.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f9b3382337f4ba2021-12-22 11:54:01.211root 11241100x80000000000000003871400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:01.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48154603f2c231472021-12-22 11:54:01.211root 11241100x80000000000000003871401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:01.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2164d49722668d392021-12-22 11:54:01.211root 11241100x80000000000000003871402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:01.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee0b775d39f84252021-12-22 11:54:01.211root 11241100x80000000000000003871403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:01.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77a59bbb97add682021-12-22 11:54:01.211root 11241100x80000000000000003871404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:01.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88681257cce389e02021-12-22 11:54:01.211root 11241100x80000000000000003871405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:01.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ba70412402ef732021-12-22 11:54:01.211root 11241100x80000000000000003871406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:01.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3332e563bcc684d2021-12-22 11:54:01.211root 11241100x80000000000000003871407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:01.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e5672416e355682021-12-22 11:54:01.212root 11241100x80000000000000003871408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf9a7c8071bb1c32021-12-22 11:54:01.693root 11241100x80000000000000003871409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6cd9aa7353cf842021-12-22 11:54:01.693root 11241100x80000000000000003871410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c0fc59f5ff40d82021-12-22 11:54:01.693root 11241100x80000000000000003871411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864dfee02c35f85e2021-12-22 11:54:01.693root 11241100x80000000000000003871412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015fb1ce4de82aaf2021-12-22 11:54:01.693root 11241100x80000000000000003871413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240cd6366d49179b2021-12-22 11:54:01.693root 11241100x80000000000000003871414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fccee4a5dc6ef4a92021-12-22 11:54:01.693root 11241100x80000000000000003871415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b98c9c850ce38b12021-12-22 11:54:01.694root 11241100x80000000000000003871416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab418e0a3798d2e2021-12-22 11:54:01.694root 11241100x80000000000000003871417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3559b96627f3dde62021-12-22 11:54:01.694root 11241100x80000000000000003871418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ffc983972f19ea2021-12-22 11:54:01.694root 11241100x80000000000000003871419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95aad54f76d2c872021-12-22 11:54:01.694root 11241100x80000000000000003871420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2bda814407b8662021-12-22 11:54:01.694root 11241100x80000000000000003871421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3633cd6f2ded5c2021-12-22 11:54:01.695root 11241100x80000000000000003871422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632a4ea6ffa1a6dc2021-12-22 11:54:02.193root 11241100x80000000000000003871423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f927ff4785b7292a2021-12-22 11:54:02.193root 11241100x80000000000000003871424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d42fed209e49e522021-12-22 11:54:02.193root 11241100x80000000000000003871425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba706664b4c7f582021-12-22 11:54:02.194root 11241100x80000000000000003871426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae497a8c5b3fc2fa2021-12-22 11:54:02.194root 11241100x80000000000000003871427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c47b67dbe9efd4f2021-12-22 11:54:02.194root 11241100x80000000000000003871428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99047c2167f9729f2021-12-22 11:54:02.195root 11241100x80000000000000003871429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35d8dd9ef6128052021-12-22 11:54:02.195root 11241100x80000000000000003871430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41cf64da6a9f68c52021-12-22 11:54:02.195root 11241100x80000000000000003871431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7d16c09328d7c32021-12-22 11:54:02.195root 11241100x80000000000000003871432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4aa7ecb09a5917c2021-12-22 11:54:02.196root 11241100x80000000000000003871433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbed4cbe9d31423a2021-12-22 11:54:02.197root 11241100x80000000000000003871434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b52ba28cfaedc0a2021-12-22 11:54:02.197root 11241100x80000000000000003871435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c370d89ea4d601602021-12-22 11:54:02.198root 11241100x80000000000000003871436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d427fc6946789d2021-12-22 11:54:02.693root 11241100x80000000000000003871437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a5a7d69bd7e40a2021-12-22 11:54:02.693root 11241100x80000000000000003871438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f670f8c5d7fa4e12021-12-22 11:54:02.693root 11241100x80000000000000003871439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83571fa910ee397a2021-12-22 11:54:02.693root 11241100x80000000000000003871440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd041a681fd330d2021-12-22 11:54:02.693root 11241100x80000000000000003871441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d524fdc8ce5a4b2021-12-22 11:54:02.693root 11241100x80000000000000003871442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38083c689ed718ad2021-12-22 11:54:02.693root 11241100x80000000000000003871443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3427c8865d11d12021-12-22 11:54:02.694root 11241100x80000000000000003871444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a597ffc024a68e202021-12-22 11:54:02.694root 11241100x80000000000000003871445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241652b26c4ed0752021-12-22 11:54:02.694root 11241100x80000000000000003871446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f54c5f14d20f872021-12-22 11:54:02.694root 11241100x80000000000000003871447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2981c15624f67372021-12-22 11:54:02.694root 11241100x80000000000000003871448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3ae71404f139092021-12-22 11:54:02.694root 11241100x80000000000000003871449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b7611cdf11493f2021-12-22 11:54:02.694root 11241100x80000000000000003871450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.140{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-22 11:54:03.140root 11241100x80000000000000003871451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121a9f1574014ed92021-12-22 11:54:03.141root 11241100x80000000000000003871452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df91f186af12c56e2021-12-22 11:54:03.141root 11241100x80000000000000003871453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4676625cfbe5710a2021-12-22 11:54:03.142root 11241100x80000000000000003871454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697f893cab7ae1a52021-12-22 11:54:03.142root 11241100x80000000000000003871455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d97675f47a5ac5e2021-12-22 11:54:03.142root 11241100x80000000000000003871456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945fa3489ea6f5782021-12-22 11:54:03.142root 11241100x80000000000000003871457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ddd2059cedbd1982021-12-22 11:54:03.142root 11241100x80000000000000003871458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d9bc1ed32d28512021-12-22 11:54:03.143root 11241100x80000000000000003871459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf15b42d30ab3162021-12-22 11:54:03.143root 11241100x80000000000000003871460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0014f7264cdfd602021-12-22 11:54:03.143root 11241100x80000000000000003871461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8199c14311db052021-12-22 11:54:03.143root 11241100x80000000000000003871462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe05c22fac033ce92021-12-22 11:54:03.143root 11241100x80000000000000003871463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962035cc91a869c82021-12-22 11:54:03.144root 11241100x80000000000000003871464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d43132b8d9f8182021-12-22 11:54:03.144root 11241100x80000000000000003871465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54d949cbd8864b82021-12-22 11:54:03.144root 11241100x80000000000000003871466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7badef7074f2f52021-12-22 11:54:03.443root 11241100x80000000000000003871467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a064d84611829c2021-12-22 11:54:03.443root 11241100x80000000000000003871468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25562f76ca2b0fd32021-12-22 11:54:03.443root 11241100x80000000000000003871469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a53bd8a56d0fc62021-12-22 11:54:03.443root 11241100x80000000000000003871470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7541092a770ab532021-12-22 11:54:03.443root 11241100x80000000000000003871471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a3b08bf5da0a712021-12-22 11:54:03.443root 11241100x80000000000000003871472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3cb0fe700fd70f2021-12-22 11:54:03.443root 11241100x80000000000000003871473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45af6512b022d62f2021-12-22 11:54:03.443root 11241100x80000000000000003871474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd596bfa811cdf702021-12-22 11:54:03.444root 11241100x80000000000000003871475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0c63d3550580dc2021-12-22 11:54:03.444root 11241100x80000000000000003871476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d531588390449032021-12-22 11:54:03.444root 11241100x80000000000000003871477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69ac0950c40272e2021-12-22 11:54:03.444root 11241100x80000000000000003871478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5edfb412df26c922021-12-22 11:54:03.444root 11241100x80000000000000003871479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788b1a5a11e923882021-12-22 11:54:03.444root 11241100x80000000000000003871480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8583079a28947052021-12-22 11:54:03.444root 11241100x80000000000000003871481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a4084ebdb73ef92021-12-22 11:54:03.943root 11241100x80000000000000003871482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15cf233cb38258ff2021-12-22 11:54:03.943root 11241100x80000000000000003871483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a0bbebbcd93d422021-12-22 11:54:03.943root 11241100x80000000000000003871484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc0bf06600d26ca2021-12-22 11:54:03.943root 11241100x80000000000000003871485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e0ba52609949062021-12-22 11:54:03.943root 11241100x80000000000000003871486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb33e03d130f30e2021-12-22 11:54:03.943root 11241100x80000000000000003871487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da84a40cf493fff12021-12-22 11:54:03.943root 11241100x80000000000000003871488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de64461411192bc2021-12-22 11:54:03.944root 11241100x80000000000000003871489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c880b31e984e8c952021-12-22 11:54:03.944root 11241100x80000000000000003871490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3aa11b0ad85a6a42021-12-22 11:54:03.944root 11241100x80000000000000003871491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee86c8ef26aa4902021-12-22 11:54:03.944root 11241100x80000000000000003871492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5178952eaf22d86a2021-12-22 11:54:03.944root 11241100x80000000000000003871493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc8cb75c698f52d2021-12-22 11:54:03.944root 11241100x80000000000000003871494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5186ff66bde1013e2021-12-22 11:54:03.944root 11241100x80000000000000003871495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa2bbd49091f6f22021-12-22 11:54:03.944root 11241100x80000000000000003871496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a37cde2c8430d02021-12-22 11:54:04.443root 11241100x80000000000000003871497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c52b4e3ba321882021-12-22 11:54:04.443root 11241100x80000000000000003871498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7889a682bd9d8ae2021-12-22 11:54:04.443root 11241100x80000000000000003871499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6916c900a81d9862021-12-22 11:54:04.443root 11241100x80000000000000003871500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647d500eb1dd15612021-12-22 11:54:04.443root 11241100x80000000000000003871501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f0afad3f90eedb2021-12-22 11:54:04.443root 11241100x80000000000000003871502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94ba658122074012021-12-22 11:54:04.443root 11241100x80000000000000003871503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6810cadb96e515f2021-12-22 11:54:04.444root 11241100x80000000000000003871504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d068ef076097efed2021-12-22 11:54:04.444root 11241100x80000000000000003871505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f111b8595ace2302021-12-22 11:54:04.444root 11241100x80000000000000003871506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fedf1ae9cb8d30cd2021-12-22 11:54:04.444root 11241100x80000000000000003871507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c43ced163c3241b2021-12-22 11:54:04.444root 11241100x80000000000000003871508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cae8e092109374d2021-12-22 11:54:04.444root 11241100x80000000000000003871509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c079ea06ee1cd882021-12-22 11:54:04.444root 11241100x80000000000000003871510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add7b9aaab018a322021-12-22 11:54:04.444root 11241100x80000000000000003871511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3d8cf8bc50f5c12021-12-22 11:54:04.943root 11241100x80000000000000003871512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9597cea9046ca17e2021-12-22 11:54:04.943root 11241100x80000000000000003871513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe2946d8bd80a882021-12-22 11:54:04.943root 11241100x80000000000000003871514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27d49019e0000702021-12-22 11:54:04.943root 11241100x80000000000000003871515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d799945d95f634e2021-12-22 11:54:04.944root 11241100x80000000000000003871516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089851d8dc6d0d902021-12-22 11:54:04.944root 11241100x80000000000000003871517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae3897db87a6b2d2021-12-22 11:54:04.944root 11241100x80000000000000003871518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb58b1d33543a682021-12-22 11:54:04.944root 11241100x80000000000000003871519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c08bcefc9e43112021-12-22 11:54:04.944root 11241100x80000000000000003871520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20fd14ddb451cb6b2021-12-22 11:54:04.944root 11241100x80000000000000003871521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707903adf1d365072021-12-22 11:54:04.944root 11241100x80000000000000003871522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b37a000ec4968032021-12-22 11:54:04.944root 11241100x80000000000000003871523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0668c8f89f77b42021-12-22 11:54:04.944root 11241100x80000000000000003871524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a45967cd0b53f502021-12-22 11:54:04.944root 11241100x80000000000000003871525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24de43f070adb9992021-12-22 11:54:04.944root 11241100x80000000000000003871526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51d6120526be0272021-12-22 11:54:05.445root 11241100x80000000000000003871527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13e84a16efdc9e42021-12-22 11:54:05.445root 11241100x80000000000000003871528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa817286172e0842021-12-22 11:54:05.445root 11241100x80000000000000003871529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c37ceab717cf4c22021-12-22 11:54:05.445root 11241100x80000000000000003871530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1251cfbc1c8e7582021-12-22 11:54:05.445root 11241100x80000000000000003871531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0af50703a44f8f52021-12-22 11:54:05.445root 11241100x80000000000000003871532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4106b13f9d6d7e832021-12-22 11:54:05.445root 11241100x80000000000000003871533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb3c301c8db96892021-12-22 11:54:05.445root 11241100x80000000000000003871534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.defb42dab1747f7c2021-12-22 11:54:05.445root 11241100x80000000000000003871535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132149ad304963352021-12-22 11:54:05.445root 11241100x80000000000000003871536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5fe290e83be5a972021-12-22 11:54:05.446root 11241100x80000000000000003871537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6402ed2cd8ad0cb02021-12-22 11:54:05.446root 11241100x80000000000000003871538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4de411d239c64ea2021-12-22 11:54:05.446root 11241100x80000000000000003871539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c43f64fa68f332b2021-12-22 11:54:05.446root 11241100x80000000000000003871540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53349e3aabb9be22021-12-22 11:54:05.446root 11241100x80000000000000003871541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cef90dfd2888fd62021-12-22 11:54:05.943root 11241100x80000000000000003871542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f32097ef1bbfce2021-12-22 11:54:05.943root 11241100x80000000000000003871543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879705111524e7742021-12-22 11:54:05.943root 11241100x80000000000000003871544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e84774f60d926952021-12-22 11:54:05.943root 11241100x80000000000000003871545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b801dd020fcc9b2021-12-22 11:54:05.943root 11241100x80000000000000003871546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc24500e0e15f032021-12-22 11:54:05.943root 11241100x80000000000000003871547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60e52646ae455f22021-12-22 11:54:05.944root 11241100x80000000000000003871548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff9da7c9b4743e72021-12-22 11:54:05.944root 11241100x80000000000000003871549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff61626cdb7aaad2021-12-22 11:54:05.944root 11241100x80000000000000003871550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cedff7e294a65b52021-12-22 11:54:05.944root 11241100x80000000000000003871551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88bbf1a8aa852d312021-12-22 11:54:05.944root 11241100x80000000000000003871552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4153c4b7304a312021-12-22 11:54:05.944root 11241100x80000000000000003871553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e89810d757896e12021-12-22 11:54:05.944root 11241100x80000000000000003871554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adbade6e73deb2302021-12-22 11:54:05.944root 11241100x80000000000000003871555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9b34c14edce54a2021-12-22 11:54:05.944root 23542300x80000000000000003871556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.027{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000003871557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.246{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55618-false10.0.1.12-8000- 11241100x80000000000000003871558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67396ecbcc5a2df2021-12-22 11:54:06.246root 11241100x80000000000000003871559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b9b20919ae9c902021-12-22 11:54:06.246root 11241100x80000000000000003871560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f81d2b9f3335832021-12-22 11:54:06.247root 11241100x80000000000000003871561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537b776ab4fe3d592021-12-22 11:54:06.247root 11241100x80000000000000003871562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad45905a16f165c2021-12-22 11:54:06.247root 11241100x80000000000000003871563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ca4c7e7e37e85f2021-12-22 11:54:06.247root 11241100x80000000000000003871564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ea46aab490841b2021-12-22 11:54:06.247root 11241100x80000000000000003871565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67dc6dc08d6e19492021-12-22 11:54:06.247root 11241100x80000000000000003871566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6da1184620418a2021-12-22 11:54:06.247root 11241100x80000000000000003871567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc96805e9fc9e6282021-12-22 11:54:06.247root 11241100x80000000000000003871568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d406602f8f930c2021-12-22 11:54:06.247root 11241100x80000000000000003871569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ef1bd516030e452021-12-22 11:54:06.248root 11241100x80000000000000003871570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38dd8fa29841f8c2021-12-22 11:54:06.248root 11241100x80000000000000003871571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ed28a01f186fb62021-12-22 11:54:06.248root 11241100x80000000000000003871572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3384732f09e5122a2021-12-22 11:54:06.248root 11241100x80000000000000003871573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a078f991d30cfb12021-12-22 11:54:06.248root 11241100x80000000000000003871574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cbd7850c381aa3a2021-12-22 11:54:06.249root 11241100x80000000000000003871575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8813e263b9146d0b2021-12-22 11:54:06.249root 11241100x80000000000000003871576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e6f5b469d721fb2021-12-22 11:54:06.249root 11241100x80000000000000003871577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf041425c6af1a2a2021-12-22 11:54:06.249root 11241100x80000000000000003871578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1036dd3bc1f56e92021-12-22 11:54:06.249root 11241100x80000000000000003871579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a659543fed7cf22021-12-22 11:54:06.249root 11241100x80000000000000003871580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c0b885f78ab6ec2021-12-22 11:54:06.249root 11241100x80000000000000003871581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf0c7d54715c6522021-12-22 11:54:06.249root 11241100x80000000000000003871582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abc07c98e47fe712021-12-22 11:54:06.249root 11241100x80000000000000003871583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59d085bf3b4fbfc2021-12-22 11:54:06.249root 11241100x80000000000000003871584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d368affdbb4eebe62021-12-22 11:54:06.249root 11241100x80000000000000003871585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9da7aba79b70d6a2021-12-22 11:54:06.692root 11241100x80000000000000003871586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6ebd38d9bccecc2021-12-22 11:54:06.693root 11241100x80000000000000003871587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9029d04bce649b6d2021-12-22 11:54:06.693root 11241100x80000000000000003871588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87eab742f7db337e2021-12-22 11:54:06.693root 11241100x80000000000000003871589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9076f9ca545e26a52021-12-22 11:54:06.693root 11241100x80000000000000003871590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee444f2084c2d2b2021-12-22 11:54:06.693root 11241100x80000000000000003871591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea49b412956afa2a2021-12-22 11:54:06.693root 11241100x80000000000000003871592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49be6cd4681ae302021-12-22 11:54:06.693root 11241100x80000000000000003871593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9628ae56d7c98432021-12-22 11:54:06.693root 11241100x80000000000000003871594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb14c683b2377ebc2021-12-22 11:54:06.693root 11241100x80000000000000003871595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb673fab24685ba2021-12-22 11:54:06.693root 11241100x80000000000000003871596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019bac2c4a53fef72021-12-22 11:54:06.693root 11241100x80000000000000003871597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2201f0c52da4d2992021-12-22 11:54:06.693root 11241100x80000000000000003871598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb40209a12c39bf2021-12-22 11:54:06.693root 11241100x80000000000000003871599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4d40bf88f5919a2021-12-22 11:54:06.693root 11241100x80000000000000003871600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e90c2eb5b5bc2d22021-12-22 11:54:06.693root 11241100x80000000000000003871601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec059ec5f84819c62021-12-22 11:54:06.694root 11241100x80000000000000003871602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f659fac475a95c42021-12-22 11:54:07.193root 11241100x80000000000000003871603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cba60ed390db9e2021-12-22 11:54:07.193root 11241100x80000000000000003871604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912fa3866ff24aa82021-12-22 11:54:07.193root 11241100x80000000000000003871605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07628e3f30c39ac02021-12-22 11:54:07.193root 11241100x80000000000000003871606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84384f660477a61b2021-12-22 11:54:07.193root 11241100x80000000000000003871607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e522bb8e5de987e2021-12-22 11:54:07.193root 11241100x80000000000000003871608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d323c59127aa6e2021-12-22 11:54:07.194root 11241100x80000000000000003871609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d0941eca485c7f2021-12-22 11:54:07.194root 11241100x80000000000000003871610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37effa97863c25dc2021-12-22 11:54:07.194root 11241100x80000000000000003871611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2170b567b484f1232021-12-22 11:54:07.194root 11241100x80000000000000003871612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618a8934d7230a912021-12-22 11:54:07.194root 11241100x80000000000000003871613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d5bda4c53726b62021-12-22 11:54:07.194root 11241100x80000000000000003871614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2493f0574776b92021-12-22 11:54:07.194root 11241100x80000000000000003871615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff4829d623bc5ed2021-12-22 11:54:07.194root 11241100x80000000000000003871616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f117497883d5a862021-12-22 11:54:07.195root 11241100x80000000000000003871617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfe04e7d15100462021-12-22 11:54:07.195root 11241100x80000000000000003871618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0135274cf77adf62021-12-22 11:54:07.195root 11241100x80000000000000003871619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36f5dc0e65c8dc82021-12-22 11:54:07.693root 11241100x80000000000000003871620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a59e6fc1f1fe192021-12-22 11:54:07.693root 11241100x80000000000000003871621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4179cb3fb8f926f2021-12-22 11:54:07.693root 11241100x80000000000000003871622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db0bfdf221eee122021-12-22 11:54:07.693root 11241100x80000000000000003871623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810c558e0d00f24b2021-12-22 11:54:07.693root 11241100x80000000000000003871624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e4e588d907cb792021-12-22 11:54:07.693root 11241100x80000000000000003871625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ee46f45603606b2021-12-22 11:54:07.693root 11241100x80000000000000003871626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba8f3fdbe1d73752021-12-22 11:54:07.693root 11241100x80000000000000003871627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4dc60386ec1bd82021-12-22 11:54:07.693root 11241100x80000000000000003871628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad06f5f9e933e962021-12-22 11:54:07.693root 11241100x80000000000000003871629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff48a8edffb00b982021-12-22 11:54:07.693root 11241100x80000000000000003871630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba39a8b7225908462021-12-22 11:54:07.693root 11241100x80000000000000003871631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eba05657166dc9f2021-12-22 11:54:07.694root 11241100x80000000000000003871632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554240a39114374a2021-12-22 11:54:07.694root 11241100x80000000000000003871633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3787cd1d7a5f0f782021-12-22 11:54:07.694root 11241100x80000000000000003871634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b28bb6b7ff268272021-12-22 11:54:07.694root 11241100x80000000000000003871635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99a3fd9db569b402021-12-22 11:54:07.694root 11241100x80000000000000003871636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0584f42406a5942021-12-22 11:54:08.193root 11241100x80000000000000003871637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1c2936d016a1d02021-12-22 11:54:08.193root 11241100x80000000000000003871638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a86ffbc3624f462021-12-22 11:54:08.193root 11241100x80000000000000003871639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9479fc020fbce032021-12-22 11:54:08.193root 11241100x80000000000000003871640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57beff0ff1448cc72021-12-22 11:54:08.193root 11241100x80000000000000003871641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2476f13366ba79a42021-12-22 11:54:08.194root 11241100x80000000000000003871642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0214b31d301f2d2021-12-22 11:54:08.194root 11241100x80000000000000003871643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71ffc1db42065232021-12-22 11:54:08.194root 11241100x80000000000000003871644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3c3e095685bce12021-12-22 11:54:08.194root 11241100x80000000000000003871645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f129aea36eda57c2021-12-22 11:54:08.194root 11241100x80000000000000003871646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba41c8eea76592f2021-12-22 11:54:08.194root 11241100x80000000000000003871647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867e6c19cfa7e9232021-12-22 11:54:08.194root 11241100x80000000000000003871648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3def18870db1a39e2021-12-22 11:54:08.194root 11241100x80000000000000003871649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8518a0599fc031db2021-12-22 11:54:08.194root 11241100x80000000000000003871650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172f186c0b78428c2021-12-22 11:54:08.194root 11241100x80000000000000003871651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e26bda14a69751e2021-12-22 11:54:08.195root 11241100x80000000000000003871652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da33d971668c86b12021-12-22 11:54:08.195root 11241100x80000000000000003871653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68602c441941a2802021-12-22 11:54:08.693root 11241100x80000000000000003871654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6744f7801a942fd92021-12-22 11:54:08.693root 11241100x80000000000000003871655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4bd3a14d4aa1b92021-12-22 11:54:08.693root 11241100x80000000000000003871656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7518e554dccd12ca2021-12-22 11:54:08.693root 11241100x80000000000000003871657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9be6cc6935dcf0b2021-12-22 11:54:08.693root 11241100x80000000000000003871658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71eaed6ac613bc22021-12-22 11:54:08.693root 11241100x80000000000000003871659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ed38223171e5f12021-12-22 11:54:08.693root 11241100x80000000000000003871660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90448382abb80e792021-12-22 11:54:08.693root 11241100x80000000000000003871661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab67c34c3c22d102021-12-22 11:54:08.693root 11241100x80000000000000003871662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78fb47229c13825d2021-12-22 11:54:08.693root 11241100x80000000000000003871663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4ceb79f2d9ced92021-12-22 11:54:08.693root 11241100x80000000000000003871664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcbd1119d3119ea92021-12-22 11:54:08.694root 11241100x80000000000000003871665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821048deb159a80d2021-12-22 11:54:08.694root 11241100x80000000000000003871666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceaeeec9ab5819942021-12-22 11:54:08.694root 11241100x80000000000000003871667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769b6817e87d45592021-12-22 11:54:08.694root 11241100x80000000000000003871668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff29a8f8707dcfb2021-12-22 11:54:08.694root 11241100x80000000000000003871669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f5b2e9b223a2c92021-12-22 11:54:08.694root 11241100x80000000000000003871670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab003b9f92b300572021-12-22 11:54:09.193root 11241100x80000000000000003871671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ecaa9dc61321e62021-12-22 11:54:09.193root 11241100x80000000000000003871672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046356f14aee656e2021-12-22 11:54:09.193root 11241100x80000000000000003871673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f4b6db085818f62021-12-22 11:54:09.193root 11241100x80000000000000003871674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa44ab362c7f7492021-12-22 11:54:09.194root 11241100x80000000000000003871675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5a9e8f9640e40b2021-12-22 11:54:09.194root 11241100x80000000000000003871676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5212e589f969def42021-12-22 11:54:09.194root 11241100x80000000000000003871677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1281905d84c316f12021-12-22 11:54:09.194root 11241100x80000000000000003871678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18abfe7114e287b22021-12-22 11:54:09.194root 11241100x80000000000000003871679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3ebd1287fe37de2021-12-22 11:54:09.194root 11241100x80000000000000003871680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292bd2db8750776a2021-12-22 11:54:09.194root 11241100x80000000000000003871681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84466f6cd1fe69862021-12-22 11:54:09.194root 11241100x80000000000000003871682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e019ea09433f262021-12-22 11:54:09.194root 11241100x80000000000000003871683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1e0c3db7c904f12021-12-22 11:54:09.195root 11241100x80000000000000003871684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f462714eca8120f2021-12-22 11:54:09.195root 11241100x80000000000000003871685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd20732a78abca1b2021-12-22 11:54:09.195root 11241100x80000000000000003871686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83898d964e27aba52021-12-22 11:54:09.195root 11241100x80000000000000003871687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b683c02c1c6236bc2021-12-22 11:54:09.693root 11241100x80000000000000003871688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d97f05ba4047e02021-12-22 11:54:09.693root 11241100x80000000000000003871689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc27727db64bbcde2021-12-22 11:54:09.693root 11241100x80000000000000003871690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ce7186da5fbfd22021-12-22 11:54:09.693root 11241100x80000000000000003871691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45fecc94a1ebcb2b2021-12-22 11:54:09.693root 11241100x80000000000000003871692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2c735e9f868cf42021-12-22 11:54:09.693root 11241100x80000000000000003871693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69cf220577832fc32021-12-22 11:54:09.693root 11241100x80000000000000003871694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42bdfcf22d87d32b2021-12-22 11:54:09.694root 11241100x80000000000000003871695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6bfc400cdf36fb72021-12-22 11:54:09.694root 11241100x80000000000000003871696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef0cba0c4536a962021-12-22 11:54:09.694root 11241100x80000000000000003871697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc20219fbcdaf18f2021-12-22 11:54:09.694root 11241100x80000000000000003871698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8f80cd762b74192021-12-22 11:54:09.694root 11241100x80000000000000003871699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8977d5a679a2ff2021-12-22 11:54:09.694root 11241100x80000000000000003871700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26497f5c8a6bdbd32021-12-22 11:54:09.694root 11241100x80000000000000003871701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed9ff1d761df5442021-12-22 11:54:09.695root 11241100x80000000000000003871702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abccf364ab8cccf2021-12-22 11:54:09.695root 11241100x80000000000000003871703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62c5fc9a5654c9b2021-12-22 11:54:09.695root 11241100x80000000000000003871704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feaca2da7187239c2021-12-22 11:54:10.193root 11241100x80000000000000003871705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363aca51671e493c2021-12-22 11:54:10.193root 11241100x80000000000000003871706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c810960a69c3fde92021-12-22 11:54:10.193root 11241100x80000000000000003871707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff49d197b9b939f2021-12-22 11:54:10.193root 11241100x80000000000000003871708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670fedfca8c2ef5b2021-12-22 11:54:10.193root 11241100x80000000000000003871709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c02278e5186e002021-12-22 11:54:10.194root 11241100x80000000000000003871710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3caffdea10e561932021-12-22 11:54:10.194root 11241100x80000000000000003871711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2413c6ec7be6884d2021-12-22 11:54:10.194root 11241100x80000000000000003871712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f93851b207017f2021-12-22 11:54:10.194root 11241100x80000000000000003871713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea28f761fd61c9c42021-12-22 11:54:10.194root 11241100x80000000000000003871714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab6e6dc4b27050e2021-12-22 11:54:10.194root 11241100x80000000000000003871715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23dc1918479c5a9a2021-12-22 11:54:10.194root 11241100x80000000000000003871716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef67d94e862e58c32021-12-22 11:54:10.194root 11241100x80000000000000003871717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c269f7c0ba2ad912021-12-22 11:54:10.194root 11241100x80000000000000003871718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363732cf2745d2cc2021-12-22 11:54:10.194root 11241100x80000000000000003871719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc8da141548de102021-12-22 11:54:10.195root 11241100x80000000000000003871720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52aeb7cf542f30412021-12-22 11:54:10.195root 11241100x80000000000000003871721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57215d720b914d7d2021-12-22 11:54:10.693root 11241100x80000000000000003871722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58e4c32f53484d72021-12-22 11:54:10.693root 11241100x80000000000000003871723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ea70566e8b54e42021-12-22 11:54:10.693root 11241100x80000000000000003871724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de50829c27930d182021-12-22 11:54:10.694root 11241100x80000000000000003871725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96cd3b473b8080a72021-12-22 11:54:10.694root 11241100x80000000000000003871726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9627ddc87e3906a62021-12-22 11:54:10.694root 11241100x80000000000000003871727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de08f0e781bdc92a2021-12-22 11:54:10.694root 11241100x80000000000000003871728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b533e1fd70c6f62021-12-22 11:54:10.694root 11241100x80000000000000003871729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af056c209b3512182021-12-22 11:54:10.694root 11241100x80000000000000003871730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f310789d66d98b2021-12-22 11:54:10.694root 11241100x80000000000000003871731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a59c33f266802e2021-12-22 11:54:10.694root 11241100x80000000000000003871732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca49b30a2c0539d2021-12-22 11:54:10.694root 11241100x80000000000000003871733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e22eb56531e3352021-12-22 11:54:10.694root 11241100x80000000000000003871734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a97dcada042566a2021-12-22 11:54:10.694root 11241100x80000000000000003871735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42e0289c58078362021-12-22 11:54:10.694root 11241100x80000000000000003871736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433ecf48aa253ea52021-12-22 11:54:10.694root 11241100x80000000000000003871737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:54:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91aeb1e1b7247e72021-12-22 11:54:10.694root